Computer Chrime - Current Practices, Problems and Proposed SoHARDWARE NETWORKING LINUX SOFTWAREIt Tech Technology

It Tech Technology

COMPUTER HARDWARE NETWORKING

Breaking

Home Top Ad

Post Top Ad

Tuesday, August 18, 2015

Computer Chrime - Current Practices, Problems and Proposed So


                                   









 Computer Crime:

  Current Practices, Problems and Proposed Solutions

          Second Draft   Brian J. Peretti

               It would have been surprising if there had been satisfactory
          road traffic legislation before  the invention of the  wheel, but
          it would also have been surprising  if the law on the passage  of
          laden  donkeys  proved  entirely  satisfactory  when  applied  to
          vehicles.1


          I.  Introduction
               Within   recent   years,   computer  crime   has   become  a
          preoccupation with law  enforcement officials.  In  California, a
          group of  West German  hackers2 using  phone lines  and satellite
          hookups, gained  unauthorized access into  civilian and  military
          computers and  stole sensitive documents  that were  sold to  the
          Soviet  Union.3    A  young  New York  programmer  broke  into  a
          Washington computer to  run a program that he could  not run from
          his personal  computer.4  After  Southeastern Bell Stated  that a
          document  published in an  electronic publication5 was  valued at
          more than $75,000 the publisher was arrested and brought to trial
          before the discovery that  the document could be publicly  bought
          from the company  for $12.6  The Chaos Computer  Club, a Hamburg,
          Germany,  club,  went   into  government  computers   and  access
          information and gave it to reporters.7  In May,  1988, the United
          States government launched Operation Sun Devil, which lead to the
          seizure  of  23,000   computer  disks  and  40  computers.8    In
          addition,  poor police  performance9  has  also  been  blamed  on
          computers.
               Since  its  creation,  the computer  has  become  increasing
          important in society.10   The law, as  in the past, has  not been
          able   to  evolve   as   quickly   as   the   rapidly   expanding
          technology.11  This  lack of movement on the  part of governments
          shows a lack  of understanding with the area.  The need to create
          a  comprehensive  regulation   or  code  of  ethics   has  become
          increasing necessary.
               Due   to  the   nature  of   computer   systems  and   their
          transnational   connections   through   telephone   lines12,   an
          individual  state's action will only stop the problems associated
          with computer crime if many  states join together.  The patchwork
          of  legislation that  exists  covers  only a  small  part of  the
          problem.  To  adequately address computer crime,  greater efforts
          must   be  made  within  the  computer  community  to  discourage
          unauthorized computer access, countries must strengthen and
             co-ordinated  their computer related  laws, as well  as proper
          enforcement mechanism created, computer program copyright laws be
          enhanced  and computer systems  should be created  to allow those
          who wish to  explore computer systems which will  not disrupt the
          users of computer systems.
               This paper will first set out a definition of computer crime
          and  why laws  or regulation  by the  computer community  must be
          created.   Section  II will  then discuss  the United  States law
          concerning  computer crime and  why it needs  to be strengthened.
          Section  III will  discuss the  proposed  Israeli computer  crime
          bill, Britain's  Computer Misuse  Act and  Ghana's proposed  law.
          Section IV will  discuss what can be done by  both the government
          and  computer  owners  and  users  to  make  computer  crime less
          possible.


          II.  Computer crime

               The definition of what constitutes a computer crime has been
          the  subject of  much controversy.    A computer  crime has  been
          defined as  "any  illegal act  for  which knowledge  of  computer
          technology  is  used  to  commit  an  offense."13    The  typical
          computer criminal has  been described as between 15  and 45 years
          old, usually male, no previous contact with law enforcement, goes
          after both government and business, bright, motivated, fears loss
          of status  in computer community  and views his acts  as games.14
          For the  purposes of  this article, this  will be  the definition
          used because of its broad reach.

               Estimates regarding how much is lost to computer  crime very
          widely15.   In  the only  authoritative  study, the  loss due  to
          computer crime  was given  at $555,000,000,  930 personnel  years
          lost  and 153 computer  time years lost.16   The  amount of total
          incidents for  1988 was 485  resulting in 31 prosecutions17.   In
          1987,  there were 335  incidents with 8  prosecutions.18 Security
          spent   on  prevention  of   computer  crime  is   becoming  more
          commonplace19.

               The   most  publicized   danger  to  computer   systems  are
          viruses20  and worms.    A virus  is a  code segment  which, when
          executed,  replicates  itself   and  infects  another  program.21
          These  viruses may  be created  anywhere in  the world22  and may
          attack anything.23   A virus may be transmitted  through a trojan
          horse24  program.  A  worm exists as  a program in  its own right
          and  may spread over  a network via  electronic mail25.   A virus
          attacks a program while  a worm attacks the computer's  operating
          system.26      The  most  notorious  computer  worm  brought  the
          Internet computer network to a halt.27

               Computer  virus attacks  may  be overrated.28    It is  said
          that the  biggest threat  to computing includes  "not backing  up
          your  data, not  learning the  ins and  outs of  your application
          programs,  not  putting  enough  memory  in  your  computer,  not
          organizing your  hard  disk, [and]  not upgrading  to the  latest
          version of  your applications.29   These  computer programs  have
          been compared  to the AIDS virus.30   One author has  stated that
          the  viruses are used  to both increase the  amount of profits of
          computer program producers and anti-virus computer programs.31

               Computer  viruses may  also  be  used  to  benefit  computer
          systems,  by either  detecting  flaws  in  security  measures  or
          detecting other  viruses.32   Virus are  very dangerous,  though.
          The effects of a virus called Datacrime, activated on October 13,
          1989, brought  down 35,000  personal computers  within the  Swiss
          government and several companies in Holland.33

               With the opening up of  Eastern Europe, the virus problem is
          expected to  increase.34  In  Bulgaria, a country which  does not
          have any laws  against computer  viruses, one  new virus  appears
          week.35   Computer  viruses  are created  in  countries like  the
          Soviet Union  as a way to punish  computer pirates because of the
          lack of copyright laws.36

               Perhaps  the most dangerous  threat to information contained
          in a  computer is  the "leakage" of  radiation from  the computer
          monitors.37   With inexpensive  equipment38 a  person can  "read"
          the information  off the computer  screen and then  replicate the
          information  from the screen in a readable manner.39
               The threat of attack on a computer system can also come from
          a  hacker.   A  hacker  is  a  person  who breaks  into,  whether
          maliciously  or not, computers  or computer systems.40   A hacker
          can, if the system is not adequately secured, cause havoc  in the
          computer  by either  deleting  or altering  programs  or data  or
          planting  logic  bombs  or  viruses  in  the  computer  system.41
          Threats  from hackers  to plant  viruses  have been  made in  the
          past.42  The  threat from computer hackers, as  with viruses, has
          been said to be overrated.43
               The issues surrounding computers still have not been decided
          by those within  the computer community.  Whether  or not persons
          should  be   allowed   to   access   computer   systems   without
          authorization  is still a subject  of debate within the computing
          community.    A West  German  Computing  Club, called  The  Chaos
          Computing Club, holds the belief that it is not improper to enter
          any system  which they can  gain access to  and to "look"  around
          inside of  the  system as  much as  they wish.44    They do  not,
          however,  condone destroying or  altering any of  the information
          within  the  system.45      On the  other  side,  represented  by
          Clifford Stoll, when individuals break into computer systems they
          disrupt the trust  that the computer system is  based on.46  This
          breach of trust  not only makes operating the  system tougher for
          the manager in control  of the system, but also will decrease the
          amount  of  use  of  the  system  so  less  information  will  be
          transferred within the system.47
               There is also conflicting views as to whether the authors of
          computer  viruses should  be punished.    Marc Rotenberg48  holds
          the  belief  that  a  virus  should be  granted  first  amendment
          protection  in some  instances.49   In  response to  the Internet
          worm, there were 21 editorials that stated that the attack showed
          the  need for  more security  in  computers while  there were  10
          letters  to  editors  that  stated that  the  creator  should  be
          applauded rather  then punished.50   They argue  that this  was a
          good way to  raise consciousness concerning computer  security.51
          Alan Solomon, a consultant who specializes in virus detection and
          eradication,   believes   that   viruses   are,   at   most,   an
          inconvenience.52

          III.United States Computer Legislation

               The  United  States  government53  and  most  states54  have
          computer crime laws.   In 1979, only six states had  such laws.55
          Almost every  computer  crime will,  in addition  to violating  a
          state and/or  federal law,  can  also be  prosecuted under  other
          laws.56

               A.   Computer Fraud and Abuse Act.
               Congress originally  enacted the  Counterfeit Access  Device
          and  Computer Fraud and  Abuse Act57   to address  the problem of
          computer crime.  Understanding that the scope of the original law
          was  too narrow,58  in 1986  Congress enacted  amendments  to the
          Computer Fraud  and Misuse  Act of 1984.59   The  Act essentially
          lists  acts that if  done with a  computer are illegal.   The Act
          also  makes individuals  culpable  for  attempting  to  commit  a
          computer crime.60
               In order to commit any  of the crimes mentioned in  the act,
          the actor must  have acted either "intentionally"  or "knowingly"
          when committing  the act.   The law  addresses national  security
          issues  by making a  crime of anyone  using a  computer to obtain
          information and  giving the  information to  foreign countries.61
          The penalty  for this crime  or its attempt  is 10 years  for the
          first offense62  and 20  years for subsequent  offenses63.   If a
          person   intentionally   accesses  a   computer   either  without
          authorization or in excess  of his authorization and obtains  and
          acquires information in  a financial record of  an institution or
          information contained in  a financial record of  an individual64,
          the person  will  have  committed  a misdemeanor  for  the  first
          offense65 and  a  felony for  subsequent  offenses66.   A  person
          intentionally   accessing    a   government    computer   without
          authorization  which  affects  the   government's  use  of   that
          computer67  will have  committed  a  misdemeanor  for  the  first
          offense68 and  a felony  for the second  offense.69   Accessing a
          computer with  knowledge and  intent to  defraud  and without  or
          exceeding authority is a crime  if the person obtains anything of
          value  other  than  use  is  a felony70.    Accessing  a  federal
          interest computer  without  authorization  and  either  modifying
          medical records or causing $1,000  or more worth of damage within
          a one year  period71 is  punishable with  up to 5  years for  the
          first offense72 and 10 years for any subsequent offense.73
               The Act  also criminalizes  trafficking in  passwords.74   A
          person  who knowingly  and with intent  to defraud  traffics75 in
          passwords or similar  information may be sentenced for  up to one
          year  for the first offense76  and up to  10 years for subsequent
          offenses77 if the  computer is used by  or for the  Government of
          the   United   States78   or   affects   interstate  or   foreign
          commerce.79

               B.   Criticisms
               It is  important to note  that this statute only  applies to
          "Federal interest computers"  as defined by  this section.80   If
          a computer is  not this type of  computer, then any of  the above
          mentioned crimes  will not  be prosecutable  under this  section.
          Congress  intentionally  made the  scope  of the  law  narrow.81
          This  section  has  been criticized  as  not  inclusive enough.82
          Individual and  corporate computers  which do not  fall into  the
          restrictive  definition83 may not  receive the protection  of the
          statute.
               The  problem  of  computer  viruses  are  not  addressed  by
          Act.84  The act  does not punish  those who add information  into
          a computer, even though this may do more harm then just accessing
          information.   The Congress has  attempted to address  this issue
          under two bills85, but neither one has been enacted.
               Unauthorized access where there is no theft or damage to the
          system  is  not  covered.86    For example,  a  person  access  a
          computer  system and looks  at information contained  therein, he
          has not committed a punishable crime under the Act.87
               Questions have also been brought  up concerning many of  the
          undefined terms  within the Act.88  Terms  such as "intentionally
          access" and "affects interstate commerce" are among the terms not

          defined.89   The  need to  clarify  these terms  is important  so
          that an individual will know what action will constitute a crime.


          IV.  Legislation From Around The World
               A.   Israel Proposed Computer Law
               In March 1987, the Israeli Ministry of Justice distributed a
          draft of  a comprehensive  computer bill.90   This bill  covers a
          wide range of  areas concerning computers91.  The  Act first sets
          out  a  list  of  proposed  definitions  for  computer,  program,
          software,  information,  thing and  act.   Each  of  these, while
          short, are concise and attempt  to give a brief but comprehensive
          definition.92
               Chapter 2 sets  out a list of offenses  which, if committed,
          are punishable.93   A authorized  person commits an act  upon any
          computer and knows that the  act will prevent or cause disruption
          of   the   proper   operation   is   subject   to   seven   years
          imprisonment.94   A  person who,  without  authority, commits  an
          act  which precludes  a person  from using  a computer  system or
          deprives a person  of using that  system is  punishable by up  to
          seven years  imprisonment.95  If  a person  prepares or  delivers
          or  operates  software  knowing that  the  software  will produce
          faulty results  and "having  reasonable grounds  to assume",  the
          person  is punishable  for up  to seven  years.96   The  Act also
          addresses those who supply, deliver  or  operates a computer with
          faulty data.97
               Section 5 applies to those who use a computer to  attempt to
          obtain  some "thing"98  or  with  intent  prevents  another  from
          obtaining some "thing".99   A  person who  prevents another  from
          obtaining  a  "thing"  by  the   use  of  software  may  also  be
          punished.100  A  person who deprives a  person of an object  that
          contains  software, data or  information and obtaining  a benefit
          for himself.101   All of  these crimes contain a  prison sentence
          of five years.
               A professional who relies on computer outputs that they know
          which  are false  is also  subject to  punishment.102   The crime
          carries a sentence of five years.103
               This chapter does not apply to  all computers, software data
          or  information.104   It  only applies  to those  computers, data
          or information which  are used, designated to  be used by  or for
          (1) the state  or a corporation that is supplying  service to the
          public105  or   (2)  "business,  industry,   agriculture,  health
          services, or for scientific purposes."106
               Perhaps the most novel provision of this proposed law is the
          section governing the reporting of  the offenses.  Any person who
          is  in  charge  of another  and  has  reason to  believe  that an
          individual has committed an offense under the Act, he must report
          this to police  as soon as possible.107   If the person  does not
          do so, he may be imprisoned for up to one year.
               B.   Analysis
               The Israeli computer  crime bill is more  comprehensive then
          the America bill.  By creating a law which will apply not only to
          government computers, but  also to those of  "business, industry,
          agriculture, health  services  or  for  scientific  purposes,"108
          the  law  essentially  covers all  computers  in  the country.109
          By creating such broad coverage, the law will be able to make the
          users of computers in Israel  more secure in their knowledge that
          their systems are safe.                 B.   Analysis
               The Israeli computer  crime bill is more  comprehensive then
          the America bill.  By creating a law which will apply not only to
          government computers, but  also to those of  "business, industry,
          agriculture,  health  services  or  for scientific  purposes,"110
          the  law  essentially  covers all  computers  in  the country.111
          By creating such broad coverage, the law will be able to make the
          users of computers in Israel  more secure in their knowledge that
          their systems are safe.
               The  most controversial provision in the act is the proposal
          requiring  that individuals that may  know of computer crime must
          report the  crime or  face fines themself.   As  Levenfeld points
          out112,  this  will  mean  that  employers  will have  to  impose
          internal  spy rings  to be  able  to tract  down the  "reasonable
          suspicions" that  individuals have  concerning illegal  activity.
          Shalgi, however, believes  that this is a good  provision in that
          it will allow  computer crime to  come more  to the forefront  so
          that the crime can be more easily combatted.113
               This provision is necessary for the government to understand
          exactly how  large of a problem  computer crime is.   At present,
          statistics on computer  crime are difficult to  determine because
          of the  lack of reporting.114   By  making all persons  who would
          be responsible for  computer security, i.e.  all persons who  use
          computer systems, the  problem will be brought into  the open and
          can be addressed.
               The  proposed law  also sets  out  a defense  for those  who
          violate the  law.  Under   11, if a  person who violates  the law
          makes another know that he did disrupt or alter the data, he will
          not be convicted of the crime. This will allow  those who perform
          such acts to avoid  the punishment of  the law.  Individuals  who
          wish to destroy or alter  such information will have an incentive
          to bring forth their mischievous acts so that when brought before
          the  court they  could say  that  they took  precautions so  that
          individuals would  not rely on  the information.   This provision
          will encourage those who do  such activity to come  forth without
          fear of conviction.
               The ability  of a  court to  not impose  a  punishment on  a
          person  is contained  in section  12.115   This allows  the court
          to abstain from  punishment if the offense  is not grave and  was
          not committed with  malice.  This section, in  effect, will allow
          those who commit computer crime to be able to forgo punishment if
          their acts  were not serious.   This will be  beneficial to those
          who  are  hackers in  the  original  sense  of the  word,116  yet
          still allow for punishment of those individuals who enter systems
          to do harm to it.
               The law  also creates  standards for how  a computer  may be
          seized.  Neither  a computer, nor any  part of it, may  be seized
          without a  court order.117   Although  this seems  to  be a  good
          provision in  its effects  on individual  rights118, the  section
          is not focused  enough.  The  law does not  address the issue  of
          whether  a floppy,  as  opposed to  a  hard disk,  is  part of  a
          computer.  The hard disk  is located inside of a  computer, while
          floppy  disks may be removed from the  computer.  This law should
          address this issue by stating that the floppy disk is also a part
          of a computer in its definitions.119
               This section also does not address what standard may be used
          for the  court order.   Must the officer  only have a  reasonable
          suspicion or  probable cause to  seize the computer?   By stating
          explicitly  in the  statute that the  officer must  have probable
          cause to seize the  computer, an overzealous police officer  will
          not be able to as easily seize the computer.

               C.   The Great Britain Computer Misuse Act
               In response  to computer  program concerning  AIDS that  was
          distributed to doctors in Great Britain and Europe that contained
          a  virus,120  Michael   Colvin,  a  British  MP   introduced  the
          Computer  Misuse  Bill.121   On  August  29, 1990,  the  Computer
          Misuse  Act122  came  into  effect.123    It was  estimated  that
          the losses to  British industry and  government were one  billion
          pounds.124     This  Act   is  designed  to   not  to   create  a
          confidential information  right, but  to rather  protect computer
          system integrity125.
               Prior to enactment,  the English Law Commission  studied the
          problem and laws  regarding computer crime. It stated  that there
          should be three new offenses  to deal with computer misuse:   (1)
          Unauthorized access  to a  computer, (2)  Hacking with  intent to
          commit  a serious crime,  and (3)  Intentional destruction  of or
          alteration  to  computer  programs  or  data.126    The  Computer
          Misuse Act states that  unauthorized access occurs if the  person
          is unauthorized to access the computer, he causes the computer to
          perform any function with intent to  gain access to a program  or
          data  in the  computer and  he knows  that this  is the  case.127
          He does not have to be directed to any particular program or data
          in the computer  he attempted to get on or the data or program he
          wishes to  access.128   If a  person commits  unauthorized access
          with   the  intent  to  commit129  or  help  another  offense,130
          the  person can  be sentenced  on summary  conviction, up  to six
          months  in  prison  and  a   fine,131    or  if  convicted  after
          indictment,  to imprisonment  of  up  to five  years,  a fine  or
          both.132
               If a  person modifies  computer material,133  the person  is
          subject  to  a  fine of  up  to  5 years,  an  unlimited  fine or
          both.134   The  person must  knowingly modify  a  program without
          authorization and must have done so with the intent to impair the
          operation of the computer, to prevent or hinder access, or impair
          the  operation  of  the  program  or  resulting  data.135     The
          modification does  not have to  be permanent.136   A modification
          may be done by  either altering, erasing or adding onto a program
          or data.   By stating  modification broadly, the act  attempts to
          combat  the  placing  of  viruses,   worms  and  logic  bombs  on
          computers.137
               The Act  also  extends  the scope  of  jurisdiction.138    A
          person does  not have  to actually  be in  Great  Britain at  the
          commission  of  the crime.    The  crime  itself must  have  some
          relation   to   Great    Britain.139      The   link    must   be
          "significant".140

               D.   Analysis
               As opposed to  the other statutes,  the Computer Misuse  Act
          does not  attempt to define computer.   This was done  because of
          the fear that any definition given for a  computer may become out
          of date  in a  short period  of time.141   Program  and data  are
          also not defined within the Act.
               Great  Britain's courts are granted large jurisdiction.  The
          act allows for anyone who attempt to commit a crime under the act
          to be punished in  Great Britain.  The act, although  setting out
          that  the  link  must  be significant,142  does  not  attempt  to
          define this word.   By this omission, the  Great Britain's courts
          can expand this  to any act that occurs in a foreign country that
          uses  a British computer  for even a  short period of  time.  The
          defining of the word would  clear up some misconceptions that may
          result from the act.
               Of interest  to note, the Act would  not punish a person who
          distributes disks  tat contain  viruses  on them.   Although  the
          drafter of the  bill said that this was his goal, the law ignores
          this possibility.  An amendment should  be added to the law which
          will punish those who damage data even  if they do not access the
          system.

               E.   Ghana
               In response to the belief  that their existing laws were not
          adequate,  a draft  law  was  proposed by  the  Ghana Law  Reform
          Commission.143   The  bill is  rather  simple as  opposed to  the
          other laws.   It has definitions  for access, computer,  computer
          network,  computer program  and  data.144    To  commit  computer
          related  fraud, the  person must  have an  intent to  defraud and
          either alters, damages destroys data or program stored in or used
          by the computer or obtains information to his own advantage or to
          the  disadvantage  of another  or  uses  a  computer commits  and
          offense.145    The  Act  Also  sets  out  alternatives  for  some
          sections that  may be adopted.   The alternative states  that any
          person  who obtains  access to  a  computer program  or data  and
          attempts to erase  or alter  the program or  data with intent  to
          help his  own interests or damage other person's interest commits
          a crime.146
               Damaging computer data occurs  if any person, by  any means,
          without  authority, willfully  does  damage  to  data  commits  a
          crime.147    The crime  of  unauthorized  use  of a  computer  is
          simply  defined as anyone who knowingly without authority commits
          an  offence.148   Similarly, unauthorized  access  is anyone  who
          knowingly gains access  to a computer, network or  any part there
          of, without authority to  do so.149   The Ghana law also  creates
          a crime for the  knowingly and dishonestly introduction of  false
          data  and the  omission to  introduce, record  or store  data.150
          An  authorized  person  who  willfully  or  intentionally  allows
          information to get  into the hands of an  unauthorized person and
          that person uses the information  to his advantage also commits a
          crime.151
               The penalties  for the  crimes are similar  to those  of the
          Great Britain  law.152  On  summary convictions, a jail  term may
          be given of  up to  two years  or the statutory  maximum fine  or
          both.153   On  conviction  on  indictment, a  prison  term of  no
          more  then  ten  years  or an  unlimited  fine,  or  both may  be
          given.154
               The  jurisdiction that the Ghana courts  have in accord with
          this  jurisdiction is as  large as their  British counterpart.155
          The courts can hear  any case if the accused person  was in Ghana
          at the time  of the act.156   Also,  if the program  or data  was
          stored in or  used with a computer  or computer network  in Ghana
          the person may be tried under the law.157

               F.   Analysis
               The Ghana proposed Computer Crime  Law is in accord with the
          United States, Great  Britain and the proposed Israeli  laws.  By
          setting  out  definitions  for  the  various  terms  used in  the
          law158,  the law  clearly defines  which acts  may be  subject to
          prosecution  under the  law.   Although  simple, the  definitions
          attempt to capture  within the law's grasp  the various different
          acts which could be done with a computer that should be outlawed.
               The most  original section  of  the act  concerns the  newly
          created  crime  of   omission  to  introduce,  record   or  store
          data.159   This  section, however,  will end  up punishing  those
          who work in corporations that are at the lowest level skill-wise.
          The government should, if the  law is enacted, force companies to
          give each employee a sufficient  amount of training on a computer
          so that the  person will be  able to act  in accordance with  the
          law.   The act does provide a safeguard by making the mens rea of
          the crime "negligently or dishonestly"160
               The act also sets out  a crime for an individual who  allows
          information  to get  into the  hands of  another.161   As opposed
          to the other laws, this  section specifically address the problem
          of  where  an  authorized  individual  gives  information  to  an
          outsider.  By  specifically regulating this behavior,  anyone who
          wishes to act according will know that the act is illegal.
               The   crime   of    computer-related   fraud   is    defined
          broadly.162    This  law  effectively makes  any  type  of  fraud
          committed either with a computer or information within a computer
          a crime.   The law  adequately addresses the problems  that might
          occur with a computer in fraud.  A broad definition, however, may
          still let some act seem as though they are not covered  since the
          act is not specific in the area of what constitutes a crime.
               Most significantly,  the act does  not state which  types of
          computers are covered  by the act.163   By not giving a  limit on
          which computers are  covered, the act extends its jurisdiction to
          all  "computer"164  and  "computer  network"165 in  the  country.
          If the  definition of  computer changes, due  in part  to advance
          technology, the law may have to change this section.

          V.   Proposed Solutions
               Computer Crime laws  have come a long way  in addressing the
          problem  of  computer  crime.166   The  ability  to regulate  the
          activity will  decrease the amount  of crime  that is  committed.
          Those who use the computers of the world, however, must  not rely
          totally   on  there   respective  governments   to   combat  this
          problem.167
               The best way to combat computer crime is to not let it occur
          at  all.   Many  computer  systems  have  not been  given  enough
          security by  their system  managers.168  It  is possible  to have

          a totally  secure computer system169,  but it is  impractical and
          slows the  free flow  of information.170   By creating  laws that
          will  protect  the  integrity  of  computer  systems  while  also
          allowing for the ability of our best and brightest to develop and
          learn about computer systems will the nation be able to  keep our
          technological lead in the world.
               In order to combat the problem of unauthorized access, users
          of computer systems must be taught to respect each others privacy
          within the various  systems.  Creating an standard  of ethics for
          those who are  users of computers will  be the best way  since it
          will hold the users to standards that must be met.  Although some
          organizations have attempted to promogate standards regarding the
          ethical   use  of  computer   systems171  no  one   standard  has
          emerged.   Proposed rules  of ethics should  balance the  need of
          individuals to  be able to  learn and discover about  the various
          types of  computer systems, while  at the same time  allowing for
          those  who use those systems  to be secure  in the knowledge that
          the information stored  on the computer will not be read by those
          other then person who should have access to it.
               If  computer crime  laws are  enacted,  industries that  use
          computers should not use the new laws as a  replacement for using
          adequate  security  measures.172    Individuals  or  corporations
          that use computer  have several ways  to protect themselves  from
          unauthorized access.  If the computer can be accessed by a modem,
          the computer  can have a  dial back  feature placed on  the phone
          line so that one a  computer is accessed, the computer will  then
          call back to make sure that the call  is coming from a line which
          is  supposed  to access  the  computer.173    The proper  use  of
          passwords174 are also  an effective  way to  address the  problem
          of unauthorized access. A recent study  has shown that out of 100
          passwords  files, approximately 30 percent were guessed by either
          using the  account name  or a  variation of  it.175    A  program
          has recently been developed that will not allow a user to  select
          an  obvious password.176   Encryption  programs,  similar to  the
          program used on Unix operating system, can scramble a password in
          a non reversible  manner so that if the  encrypted password falls
          into the hands of an individual who is not supposed to access the
          system, the  person will  not  be able  to get  into the  system.
          These systems can also be used so that if a hacker does  get into
          a   computer  system  and   attempts  to  get   information,  the
          information will not be readable.177
               A    problem  that must  be  address  is  the  lack of  laws
          concerning copyright protection of  computer programs in  foreign
          countries.    The  Pakistan Brain178  was  written  to discourage
          copying of a program without authorization.  By creating pirating
          penalties a reason  for the creation of computer  viruses will be
          removed and less viruses will be created.179
               Many in the field argue that computer programs should not be
          copyrighted.180    Copyright protection  should  not  be afforded
          to   computer   programs   since  they   are   only  mathematical
          equations.181   Copyright  protection  should  be  given  to  the
          maker  of  a computer  programmer  only  for  a short  period  of
          time.182
               A novel concept which will both satisfy the computer hackers
          quest  for  knowledge  through  examining  computer  systems  and
          protect the integrity of computer systems is to create a computer
          systems for  the use  of hackers alone.183   This  computer would
          not be connected  to other computer systems, but  can be accessed
          through  a modem.184   If  created,  accounts would  be given  to
          all  interested computer  enthusiasts.  Those  participating will
          not  be  prosecuted  for  exploring  unauthorized  areas  of  the
          system.185     Since   other  computer   systems   will  not   be
          accessible through  this system, any activity on this system will
          not endanger  the information on  other systems.186   By allowing
          this to be done, a major problem will be solved, the inability to
          afford to  buy a mainframe system,  while a person  will still be
          able to learn about different types of systems.
               If any  laws are to  be made, they should  make "knowing"187
          or  "intentionally"188   unauthorized access  into  a computer  a
          crime.   By making  the intent of  the crime be  knowing, it will
          allow those who accidently connect to a computer system that they
          think is theirs but is not to be excused from punishment.
               The law must also be done in a way that will allow it to  be
          enforced  across  national  boundaries.   A  computer  hacker can
          access  computers from across the world  without ever leaving his
          home  country.189   If these  laws  can only  be enforced  within
          the home country, then a person can, in theory, go into a country
          of whose computers that  he would never want to access and access
          into other computers without fear of punishment.190
               An international  convention should  be convened  to address
          this problem.  Since the  problem is of international concern and
          the crimes do occur across  the boarders of countries, by setting
          standards by the international  community concerning the  conduct
          of computer users, the hodgepodge  of computer crime laws will be
          eradicated in favor  of a common international standard.   As the
          boundaries in Western  Europe disappear in anticipation  of 1992,
          international access is sure to accelerate.
               Colleges,  Universities  and  high  schools  must  institute
          programs  designed to address  proper computer use.191   Although
          not all  computer users are  not trained in school,  teaching the
          ethical use of computers will  allow users to understand the need
          for security  on systems.   These programs  will also  show users
          that  computer  crime  is  dangerous  to  society.192    Problems
          concerning computer  crime  should be  publicized  so as  not  to
          mystify the crime.193
               The  United  States  and other  countries  must  create more
          Computer  Emergency Response Teams  (CERT).   These teams  are to
          coordinate   community   responses   to   emergency   situations,
          coordinate responsibility for fixing hole in computer systems and
          serve  as a  focal  point  for  discussions  concerning  computer
          systems.194    These  groups regularly  post  notices  concerning
          computer  viruses or  other  dangers  in  the  Internet  computer
          system.  The scope of these groups should be expanded so they may
          be  a  focal point  of the  needs  and desires  of those  who use
          computers.  If  they are used to gather information as a clearing
          house  type  operation,  the  spread  of  information  concerning
          computer  systems  and problems  with  the systems  will  be more
          adequately addressed.

          IV.  Conclusion
               Computer crime is a growing problem.  With the advent of the
          computer and a more computer literate public, crimes committed by
          computers will  increase.   To effectively  address the  problem,
          laws  must be  created to  outlaw activity  which is  designed to
          further illegitimate  ends.  These  laws have moved in  the right
          direction concerning what should be  outlaws so as to balance the
          needs of computer users against those of the computer owners.  To
          enforce these  laws, governments must realize that the problem of
          computer crime is not only of local concern.
               Educational programs and standards of ethics must be created
          from within the computer users community.  Corporations which use
          computers  must educate their  employees to reduce  the fear that
          one  might  have  when  addressing  a  computer  security  issue.
          Copyright laws must  be strengthened in countries  that either do
          not have  or have weak copyright laws so  that the need to create
          viruses to protect an individual's or corporation's work will  no
          longer be necessary.
               To  satisfy users  curiosity  with  computers, a  non-secure
          computer system should be created.   This system will allow those
          who wish  to explore a  system in order to  understand the system
          may.    Those   individuals  can  do  so  without   the  fear  of
          prosecution.
               Only by directly addressing the causes of computer crime and
          drafting standards and  laws to address the unique  area will the
          problem of computer crime be adequately addressed.  Light must be
          shined on  the area so individuals will  realize that fear of the
          machines  is not justified.   Only by  doing so may  we enter the
          21st century realizing the full potential of computers.

                                      Appendix A
          Ghana Computer Crime Law (Proposed)
          Computer Crime Law
          Computer Crime Law
          In  pursuance   of  the  Provisional   National  Defense  Council
          (Establishment) Proclamation 1981, this Law is hereby made:
          1.   Any person who, with intent to defraud,
               (a)  alters, damages, destroys or otherwise manipulates data
          or program stored in or used in connection with a computer, or
               (b)  obtains  by any means, information stored in a computer
          and uses it to his advantage or to another  person's advantage to
          the disadvantage of any other person, or
               (c)  uses a computer
          commits an offense.
          Charge:   Computer-related fraud.
          ALTERNATIVE:
               (1)  A  person commits  an offense  if  that person  obtains
                    access to a computer program or data, whether stored in
                    or used in connection with a  computer or to a part  of
                    such program  or data to  erase or otherwise  alter the
                    program or data with the intention-
                    1.   (a)  of procuring  an  advantage  for  himself  or
                         another person: or
                         (b)  of damaging another person's interests.

          2.   Any  person who, by  any means, without  authority, wilfully
               destroys, damages,  injures, alters  or renders  ineffective
               data stored in or used in connection with a computer commits
               an offense.
          Charge:   Damaging Computer data.

          3.   Any person who, without authority, knowingly uses a computer
               commits and offense.
          Charge:   Unauthorized use of a computer.

          4.   Any person who, without authority, knowingly gains access to
               a computer, computer network, or any part thereof commits an
               offense.
          Charge:   Unauthorized access to a computer.

          5.   Any  person  who,   knowingly  and  dishonestly  introduces,
               records  or  stores, or  causes  to be  recorded,  stored or
               introduced into a computer or computer network by any means,
               false or misleading information as data commits an offense.
          Charge:   Insertion of false information as data.

          ALTERNATIVE:
               (5)  A person commits an offense if, not having authority to
                    obtain  access to a  computer program or  data, whether
                    stored in or used in  connection with a computer, or to
                    a  part  of such  program  or  data,  he  obtains  such
                    unauthorized  access   and  damages   another  person's
                    interests by recklessly adding to, erasing or otherwise
                    altering the program or the data.
          6.   Any person under  a contractual or other  duty to introduce,
               record or store authorised data into a computer network, who
               negligently  or dishonestly  fails to  introduce, record  or
               store, commits an offense.
          Charge:   Omission to introduce, record or store data.

          ALTERNATIVE
               (6)  Any  person  under  a  contractual  or  other  duty  to
                    introduce,  record or  store data  into  a computer  or
                    computer network  who negligently or  dishonestly fails
                    to introduce, record or store, commits an offense.

          7.   Any  authorised person who willfully or intentionally allows
               information  from a  computer to  get into  the hands  of an
               unauthorised  person   who  uses  such  information  to  his
               advantage commits an offense.
          Charge:   Allowing unauthorised person to use computer data.

          8.   A  person guilty  of  an  offense under  this  Law shall  be
               liable:-
               (a)  on summary conviction,  to imprisonment for a  term not
                    exceeding  two years  or to  a  fine not  exceeding the
                    statutory maximum or both; or
               (b)  on conviction on indictment, to imprisonment for a term
                    not  exceeding ten years  or to  an unlimited  fine, or
                    both.

          9.   A  court in  Ghana  shall  have  jurisdiction  to  entertain
               proceedings for  an offense under  this Law, if at  the time
               the offense was committed:-
               (a)  the accused was in Ghana; or
               (b)  the program  or  the  data in  relation  to  which  the
                    offence  was committed  was stored  in or  used with  a
                                                           or  used with
                    computer or computer network in Ghana.
                                computer network in Ghana.

          10.  In this Law, unless the context otherwise requires:-
               "access"  includes  to  log unto,  instruct,  store  data or
               programs  in, retrieve data  or programs from,  or otherwise
               communicate  with a  computer, or  gain  access to  (whether
               directly or with the aid of any device) any data or program.
               "computer"   includes  any   device  which  is   capable  of
               performing logical,  arithmetical, classifactory,  mnemonic,
               storage  or  other  like  functions  by  means  of  optical,
               electronic or magnetic signals.
               "Computer network"  includes the  interconnection of  two or
               more computers, whether geographically separated or in close
               proximity or  the interconnection  of communication  systems
               with a computer through terminals, whether remote or local.
               "Computer program" includes  an instruction or statement  or
               series  of instructions or  statements capable of  causing a
               computer to indicate, perform, or achieve any function.
               "data"  includes  a  representation   in  any  form  whether
               tangible or intangible that is capable of being stored in or
               retrieved by a computer.

                                       ENDNOTES
                                       ENDNOTES
          1.   Financial Times Limited (London) April, 1990.

          2.   See, infra, endnote 36 and accompanying text.
                    infra

          3.   Stoll, The Cuckoo's Egg (1990).  [hereinafter Stoll].
                      The Cuckoo's Egg

          4.   Lyons, 13 Are  Charged in Theft of Data  from Computers, New


          York Times, August 17, 1990, B2, col. 3.

          5.   Although   there  is  no   set  definition  of   a  computer


          publication,  it is created  and published solely  on a computer.


          Peretti,  Computer Publications  and the  First Amendment  (1990)


          (available  at Princeton  University FTP  site  and The  American


          University Journal of International Law and Policy Office).

          6.   Dorothy  Denning,  The   United  States  v.   Craig  Neidorf


          (available  at The American  University Journal  of International


          Law and Policy office).

          7.   Schares,  A  German  Hackers'  Club that  Promotes  Creative


          Chaos, Business Week, Aug. 1, 1988, 71.

          8.   Barlow, Crime and  Puzzlement: In advance of the  Law on the


          Electronic Frontier, Whole Earth Review, Sept. 22, 1990, 44.

          9.   Kopetman, Computer  Gave Them  Bum Rap,  Los Angeles  Times,
                                                        Los Angeles  Times


          Jan. 10, 1991, at B1, col. 2.

          10.  See, J. Thomas McEwen, Dedicated Computer Crime Units (19--)
               See,



          (stating how  important computers  have become  to society).   In


          1978 there were 5,000 desktop computers in the United States.  S.


          Rep. No.  432, 99th  Cong., 2d Sess.  2, reprinted in,  1986 U.S.
                                                   reprinted in


          Code Cong. &  Admin. News 2479, 2479.   By 1986, this  number had


          increased to about 5 million.  Id.
                                         Id.

          11.  See, S. 2476, Floor Statement by Senator Patrick Leahy.

          12.   See,  Stoll  at  ___ (stating  that  all countries,  except


          Albania, are connected via computer systems).

          13.   McEwen, Dedicated Computer  Crime Units 1 (19--).   Another
                        _______________________________


          definition used  is  the definition  of computer  crime was  "any


          illegal  act  for  which  knowledge  of  computer  technology  is


          essential for successful investigation and prosecution".  Parker,


          Computer Crime:  Criminal Justice Resource Manual, (1989).
          _________________________________________________

          14.  Conly,  Organizing  for  Computer  Crime  Investigation  and


          Prosecution, 6-7 (19--).

          15.  For instance,  the estimated  cost of  the Internet Worm,  a


          computer program created  by Robert Morris,  Jr. which shut  down


          the  Internet  computer  system, varies  from  $97,000,000  (John


          McAfee,  Chairman,  Computer   Virus  Industry  Association)   to

          $100,000  (Clifford Stoll's low  bound estimate).   Commitment to


          Security, 34  (1989).  It  is difficult to determine  exactly the


          cost  of such  crime because  it is  difficult to  determine what


          should be included.  The estimated downtime of a  computer due to


          such activity  could be used to determine the  cost.  This may be


          flawed, however, since it will not take into account how  much of


          the down  time actually  would have been  used.   Electronic Mail


          Letter from Richard  Stallman to Brian J. Peretti  (Dec. 3, 1990)


          (concerning computer crime).

          16.  Commitment   to  Security,   34.    The   average  facility,


          consisting  of  1,224  microcomputers,  96  minicomputers and  10


          mainframe  computers, lost $109,000,  365 personnel hours  and 26


          hours computer time loss per year. Id.
                                             Id.

          17.  Id. at 23. 6 percent of  incidents resulted in prosecutions.
               Id.


          Id.
          Id.

          18.  Id.
               Id.

          19.    Only 1.5 percent of  respondents to a National  Center for


          Computer Crime Data used Anti-virus  products in 1985.   By  1988


          this figure  rose to  22 percent.   By  1991, 53  percent of  the



          respondents stated that  they would be using  anti-virus software


          by  1991.   According  to  a  Price  Waterhouse survey  in  Great


          Britain,  in 1985  26  percent  installations  spent  nothing  on


          security.   Authers,  Crime  as  a  Business  Risk-  Security/  A
                                Crime  as  a  Business  Risk-  Security/  A


          Management  as Well  as  a  Technical  Problem,  Financial  Times
          Management  as Well  as  a  Technical  Problem


          (London), November 7, 1990.  By 1990 this figure had shrunk  to 4


          percent and is  expected to decline to 0 by 1995. Id.  The amount
                                                            Id.


          spent on security for new systems has increased from 5 percent in


          1985 to 9 percent by 1990. Id.
                                     Id.


               In Japan, less  than 10 percent of groups  that rely heavily


          on  computers have  taken  measures  to  prevent  virus  attacks.


          Computer  Users Fail to Protected Against Viruses. Although Japan
          Computer  Users Fail to Protected Against Viruses.


          does not  have a computer crime law, there  is a movement to make


          such a law.   Computer Body Calls for Jail Sentences for Hackers,
                        Computer Body Calls for Jail Sentences for Hackers


          Kyodo News  Service,  Nov. 15,  1990  (available from  the  Nexis


          library).     The   Japan   Information  Processing   Development


          Association has  stated that  the new law  should make  the crime


          punishable of either one year of hard labor or a fine. Id.
                                                             

          20.  The terms was first applied in 1984. Commitment to Security,


          34 (1989).

          21.  Ring, Computer Viruses; Once Revered as Hackers, Technopaths


          Threaten  Security of  Computer-Dependant Society,  Computergram,


          July 7,  1989.  Some of  these viruses are  extremely small, e.g.


          Tiny, which is 163 bytes, may be the smallest.  Friday 13th Virus


          Alert, The Times (London), July 12, 1990.

          22.  Graggs, Foreign  Virus Strains  Emerge as  Latest Threat  to
                       Foreign  Virus Strains  Emerge as  Latest Threat  to


          U.S. PCs,  Infoworld, Feb.  4, 1991, 18.   Viruses  have appeared
          U.S. PCs


          from Bulgaria, Germany, Australia, China and Taiwan. Id. Some new
                                                               Id.


          viruses  include Armageddon,  from Greece  which  attacks through


          modems and then dials to a talking clock in  Crete, Liberty, from


          Indonesia,  Bulgaria 50,  which is  thought to  have come  from a


          "laboratory"  in Sofia,  Victor,  thought  to  originate  in  the


          U.S.S.R., the Joker,  from Poland, which tells the  user that the


          computer needs a  hamburger, and Saturday  the 14th, presumed  to


          have been developed in South Africa,  which destroys a computer's


          file allocation table. Id.
        
          Some viruses also  carry a message when  they are activated.


          A  virus that is  though to  have been  developed by  students at


          Wellington, New  Zealand,  tells the  user  that they  have  been


          "stoned" and requests that marijuana should be legalized.  Id.
                                                                     Id.


               Approximately 80  or 90 of  the 300 viruses counted  for the


          IBM  personal computer originated in Bulgaria according to Morton


          Swimmer of Germany's Hamburg University Virus Test Center.




          23.  A report in  La Liberation, a French  newspaper, stated that
                            La Liberation


          computer viruses  could be planted  in French EXOCET  missiles to


          misguide  them  when  fired.    La  Liberation,  Jan.  10,  1991,


          reprinted in  Klaus Brunnstein,  Risks-Forum, vol.  10, iss.  78,
          reprinted in


          Jan. 22  1991 (available at American Journal of International Law


          and Policy Office).

          24.  A  "trojan horse"  is a  program that  does not  seem to  be


          infected, however,  when used  in a computer,  the virus  is then


          transferred  the uninfected machine.   On trojan  horse destroyed


          168,000 files in Texas.  Commitment to Security, 34 (1989).

          25.  Ring, Computer Viruses; Once Revered as Hackers, Technopaths
                     Computer Viruses; Once Revered as Hackers, Technopaths





          Threaten  Security of  Computer-Dependent Society,  ComputerGram,
          Threaten  Security of  Computer-Dependent Society


          July 7, 1989.

          26.  Highland, One Wild  Computer "Worm" Really Isn't  a  Federal
                         One Wild  Computer "Worm" Really Isn't  a  Federal


          Case, Newsday, Jan. 23, 1990, 51.
          Case

          27.  Stoll, at 346.   The amount of computers  that were actually


          infected by the worm  is still the subject of debate.   Mr. Stoll


          estimates that  2,000 computers  where infected,  while the  most


          commonly  cited  number is  6,000.   Commitment  to  Security, 34


          (1989).    The 6,000  estimate  was  based  on  an  Massachusetts


          Institute of Technology estimate that 10 percent of the  machines


          at the school  were infected and was  then inferred to  the total


          number  of  machines  across  the  country  that  were  affected.


          General Accounting  Office, Computer  Security: Virus  Highlights


          Need for Improved  Internet Management, 17  (1989).  This  number


          may be inaccurate  because not all locations had  the same amount


          of vulnerable machines. Id.
                                  Id.

          28.       For the  first  eight months  of  1988, there  were 800


          incidents  concerning computer  viruses. Commitment  to Security,


          34.  The Computer  Virus Industry  Association  reported that  96




          percent of  these reported infections were incorrectly identified


          as viruses. Id.
                      Id.

          29.   Robinson, Virus Protection  for Network Users,   Washington


          Post, Washington Business, p.44, Feb. 11, 1991.

          30.  Ross,  Hacking   Away  at  the   Counterculture,  3   (1990)


          (available at the  American University  Journal of  International


          Law  and Policy).  On Saturday Night Live, during the news update


          segment, Dennis Miller stated, in comparing a computer viruses to


          the   AIDS  virus,  "Remember,  when  you  connect  with  another


          computer, you're connecting  to every computer that  computer has


          ever been connected to."  Id.
                                    Id.

          31.  Id. at 8-9.
               Id.

          32.  Computer Virus Legislation, Hearing on  H.R. 55 and H.R. 287


          before the Subcomm. on Criminal Justice of the House Comm. on the


          Judiciary, 100th  Cong., 1st Sess.  49 (1989) (statement  of Marc


          Rotenberg,   Director,   Computer    Professionals   for   Social


          Responsibility).   In Israel,  Hebrew University used  a computer


          virus to  detect and  destroy a virus  that would  have destroyed


          data files. Id.
                      Id.




          33.  Computergram International, October 14, 1990.

          34.

          35.  Watts, Fears of Computer Virus Attack from East Europe grow,
                      Fears of Computer Virus Attack from East Europe grow


          The Independent, November 24, 1990, p.6.   On a trip to Bulgaria,


          a British computer consultant  returned with 100 viruses  that do


          not exist in the West. Id.
                                 Id.

          36.  Id.

          37.  McGourty, When a Hacker Cracks the Code, The Daily Telegraph
                         When a Hacker Cracks the Code


          (London), October 22, 1990, p. 31.

          38.  The equipment would cost about 50 (British) pounds. Id.
                                                                   Id.

          39.  Id.   A British company, has stated that they have developed
               Id.


          a glass that  will reduce this problem.   Tieman, Spy-Proof Glass


          to Beat the Hackers, The (London) Times, Jan 17, 1991.


               A  more  recent  problem concerns  the  ability  of computer


          hackers to access into fax  machines and either change or reroute


          information from the machine. Becket, Espionage fears mounting as
                                                Espionage fears mounting as


          hackers tap into faxes, The Daily Telegraph (London), December 1,
          hackers tap into faxes


          1990,  p. 23.  This problem  can be  circumvented by  the  use of


          encryption devices or passwords on the machine.  Id.
                                                           Id.

          40.  Stoll  at 9.  The  word itself originally had  two meanings.



          People originally called themselves hackers were software wizards


          who thoroughly knew computer systems.  Id.  In U.S. v. Riggs, 739
                                                         U.S. v. Riggs


          F. Supp. 414, 423 (N.D. Ill.  1990) the court defined hackers  as


          "individuals involved  with the  unauthorized access  of computer


          systems by various  means."  The New Hacker's  Dictionary defines


          hackers  as  "A  person  who  enjoys  learning   the  details  of


          programming systems  and how  to stretch  their capabilities,  as


          opposed  to most  users  who  prefer to  learn  only the  minimum


          necessary."    New  Hacker's Dictionary, to  be published Spring,


          1991.


               Hacker has also been used in a  non-evil sense with the word


          "cracker"  taking the  disreputable part  of the  word.   In this


          light,  hacker means "computer  enthusiasts who `take  delight in


          experimenting  with system  hardware, software  and communication


          systems."  and cracker  meaning  "a  hacker  who  specializes  in


          gaining illegal  access to a  system."  One Wild  Computer `Worm'
                                                  One Wild  Computer `Worm'


          Really Isn't  a Federal  Case, Newsday, January  23, 1990,  p.51.
          Really Isn't  a Federal  Case


          The typical hacker has been described  as "a juvenile with a home

          computer  who  uses  computerized bulletin  board  systems  for a


          variety  of illegal  purposes.   Conly,  Organizing for  Computer


          Crime Investigation and Prosecution, 8 (19--).


          41.   Sulski, How to Thwart  Potential Saboteur, Chicago Tribune,
                        How to Thwart  Potential Saboteur


          November 18, 1990, p.18.

          42.  Computerworld, December 3,  1990, p. 122. Kryptik,  a hacker


          group,  was  stated as  having  planned  to plant  a  virus  in a


          telephone  network on  December  5,  1990. Id.    It is  unclear,
                                                     Id.


          however, if the virus actually was planted. Id.
                                                      Id.

          43.  Sulski, How to  Thwart Potential Saboteur, Chicago  Tribune,
                       How to  Thwart Potential Saboteur


          November  18, 1990, p.18.   Computer security  experts state that


          the  risk of  having hacker break  into your system  is less than


          being burglarized or having a power outage due to lightning.  Id.
                                                                        Id.


          Errant opinion poll  results have also been blamed on the work of


          hackers.    Holdsworth,   Hackers  May  Have  Attacked   TV  Poll
                                    Hackers  May  Have  Attacked   TV  Poll


          Computers-MP,  Press Association Newsfile, May 4, 1990.
          Computers-MP

          44.  Stoll, 312.

          45.  Id.  This  view is also shared  by the editors of  2600, The
               Id.



          Hackers  Quarterly.   It is  also held  by  these persons  that a


          service  is done  to the  computing  community because  those who


          break in to computer systems show the operators that their system


          is not strong enough and that it should be made stronger.

          46.  Stoll, at 354.

          47.   Mr.  Stoll's computer  was broken  into by   an  Australian


          hacker who said he  did so to show that Mr.  Stoll's security was


          not  good and  that  hackers  are good  because  they show  where


          security problems are in computer  networks.  Id. at 353-54.   He
                                                        Id.


          rejected such arguments. Id.
                                   Id.

          48.  Director, Computer Professionals for Social Responsibility

          49.  Computer Virus Legislation, Hearing  on H.R. 55 and H.R. 287


          before the Subcomm. on Criminal Justice of the House Comm. on the


          Judiciary, 100th Cong., 1st Sess. 26-27 (1989) (statement of Marc


          Rotenberg,   Director,   Computer    Professionals   for   Social


          Responsibility). The Aldus peace virus, which displayed a message


          calling  for  peace  and then  disappeared  without  damaging the


          system itself, is an example of a virus  which he believes should


          be protected.  Id.
                         Id.


          50.  Commitment to Security, 34.

          51.  Stoll, 349.

          52.  "I can never understand why people think it is  all right to


          run out of computer paper but not all right to be infected with a


          virus.  The  disruption is the same  and it takes about  the same


          amount of  time to  put matters  right."   Cane, Hygiene  See Off
                                                           Hygiene  See Off


          Computer  Viruses, Financial  Times  (London)  October 14,  1989,
          Computer  Viruses


          Section I, p. 24.

          53.  18 U.S.C. 1030 (1988).

          54.      Ala. Code    13A-8-100  et.seq. (1990); Alaska  Stat.
                   Ala. Code                               Alaska  Stat.


          11.46.200(a)(3), 11.46.484(a)(5), 11.46.740, 11.46.985, 11.46.990


          (1990);  Ariz. Rev. Stat. Ann.   13-2301(E), 13-2316 (1990); Cal.
                   Ariz. Rev. Stat. Ann.                               Cal.


          Penal Code    502 (West 1990); Colo. Rev.  Stat.   18-5.5-101 et.
          Penal Code                     Colo. Rev.  Stat.


          seq. (1990); Conn. Gen. Stat    53a-250 et. seq., 52-570b (1990);
                       Conn. Gen. Stat


          Del. Code  Ann. tit.  11,     931 et  seq. (1990);  Fla. Stat.
          Del. Code  Ann.                                     Fla. Stat.


          815.01 et seq.  (1990); Ga. Code  Ann.    16-9-90 et seq  (1990);
                                  Ga. Code  Ann.


          Haw. Rev. Stat.    708-890 et seq. (1990); Idaho Code    18-2201,
          Haw. Rev. Stat.                            Idaho Code


          2202  (1990); Ill.  Ann. Stat.     15-1,  16-9 (1990);  Ind. Code
                        Ill.  Ann. Stat                           Ind. Code


            35-43-1-4,  35-43-2-3  (1990);  Iowa Code      716A.1  et. seq.
                                            Iowa Code



          (1990); Kan.  Stat. Ann.   21-3755 (1990); Ky. Rev. Stat. Ann.
                  Kan.  Stat. Ann.                   Ky. Rev. Stat. Ann.


          434.840  et. seq. (1990);  La. Rev. Stat.  Ann. 14(D)     71.1 et
                                     La. Rev. Stat.  Ann


          seq.  (1990); Me.  Rev.  Stat.  Ann. chap.  15,  tit. 17-A,   357
                        Me.  Rev.  Stat.  Ann.


          (1990); Md.  Crim. Law  Code Ann. Article  27   45A,  146 (1990);
                  Md.  Crim. Law  Code Ann.


          Mass. Gen. L. ch 266,   30 (1990) see infra; Mich. Comp.  Laws
          Mass. Gen. L.                                Mich. Comp.  Laws


          28.529(1)  et seq. (1990);  Minn. Stat.   609.87  et seq. (1990);
                                      Minn. Stat.


          Miss. Code Ann.   97-45-1 et seq (1990); Mo. Rev. Stat.   569.093
          Miss. Code Ann.                          Mo. Rev. Stat.


          et  seq. (1990);  Mont. Code  Ann.    45-2-101, 45-6-310,45-6-311
                            Mont. Code  Ann.


          (1990); Neb. Rev. Stat. art. 13(p),   28-1343 et seq (1990); Nev.
                  Neb. Rev. Stat.                                      Nev.


          Rev.  Stat.    205.473  et  seq. (1990);  N.H.  Rev.  Stat.  Ann.
          Rev.  Stat.                               N.H.  Rev.  Stat.  Ann.


            638.16  et seq. (1990); N.J. Rev. Stat.   2C:20-1, 2C:20-23 et.
                                    N.J. Rev. Stat.


          seq., 2A:38A-1  et seq.  (1990); N.M. Stat.  Ann.     30-16A-1 et
                                           N.M. Stat.  Ann.


          seq. (1990); N.Y. Penal Law    155.00, 156.00 et seq, 165.15(10),
                       N.Y. Penal Law


          170.00,  175.00 (1990); N.C.  Gen. Stat.   14-453  et seq (1990);
                                  N.C.  Gen. Stat.


          N.D. Cent. Code 12.1-06.1.01(3),  12.1-06.1-08 (1990); Ohio  Rev.
          N.D. Cent. Code                                        Ohio  Rev.


          Code  Ann.    2901.01, 2913.01, 1913.04, 1913.81 (Anderson 1990);
          Code  Ann.


          Okla. Stat. tit.  21,    1951 et  seq. (1990); Or. Rev.  Stat.
          Okla. Stat                                     Or. Rev.  Stat.


          164.125, 164.377  (1990);   Pa.  Cons. Stat.   1933  (1990); R.I.
                                      Pa.  Cons. Stat.                 R.I.



          Gen. Laws    11-52-1 et seq (1990); S.C. Code Ann.    16-16-10 et
          Gen. Laws                           S.C. Code Ann.


          seq (Law. Co-op 1990); S.D. Codified Laws Ann.   43-43B-1 et seq.
                                 S.D. Codified Laws Ann.


          (1990);  Tenn. Code Ann.    39-3-1401 et  seq (1990);  Texas Code
                   Tenn. Code Ann.                               Texas Code


          Ann. tit 7   33.01 et seq. (Vernon 1990); 19   Utah Laws    76-6-
          Ann.                                           Utah Laws


          701 et  seq.; Va.  Code Ann.   18.2-152.1  et seq.  (1990); Wash.
                        Va.  Code Ann.                                Wash.


          Rev.  Code Ann.   9A.48.100, 9A.52.010, 9A.52.110 et seq. (1990);
          Rev.  Code Ann.


          Wis. Stat.   943.70 (1990); Wyo. Stat.   6-3-501 et seq. (1990).
          Wis. Stat.                  Wyo. Stat.

          55.   Parker, Computer Crime:   Criminal Justice Resource Manual,


          129 (1979).

          56.   McEwen, Dedicated Computer  Crime Units, 60 (1989).   These


          other laws include  embezzlement, larceny, fraud, wire  fraud and


          mail fraud.  Id. at 60.
                       ___

          57.  Pub. L. No. 98-473,   2102(a), 98 Stat. 1837, 2190 (codified


          at 18 U.S.C.   1030).

          58.  S.  Rep.  No.  432,  99th  Cong., 2d  Sess.,  1986  U.S.  2,


          reprinted in, 1986 Cong. & Admin. News 2479, 2479.
          reprinted in

          59.  Pub. L. No. 99-474,   2, 100 Stat. 1213 (amending 18  U.S.C.


            1030).

          60.  18 U.S.C.   1030(b).

          61.  18 U.S.C.   1030(a)(1).   The person  must act  knowingly to



          access a computer  either without authorization or  exceeding the


          authorization given  and obtain  information with  the intent  or


          reason  to believe that  the information  will either  injure the


          United  States of  American or  give  an advantage  to a  foreign


          nation.  As  seen by the placement  of this section, it  is clear


          that  the Congress was  particularity aware  of the  dangers that


          computer  might  have to  the  national  security of  the  United


          States.   This  section parallels  18  U.S.C.  793,  the  federal


          espionage statute.

          62.  1030(c)(1)(A).

          63.  1030(c)(1)(B).

          64.  As defined by the Fair  Credit Reporting Act, 15 U.S.C. 1681


          et seq.

          65.  1030(c)(2)(A).

          66.  1030(c)(2)(B).  The penalty is up to 10 years in prison.

          67.  18 U.S.C.   1030(a)(2).

          68.  18 U.S.C.   1030(c)(2)(B).

          69.  18 U.S.C.   1030(c)(2)(B).

          70.  The punishments that may be handed out are up to 5 years for


          the first offense and 10 years for any subsequent offense.

          71.  18 U.S.C.  1030(a)(5).


          72.  18 U.S.C.   1030(c)(3)(A).

          73.  18 U.S.C.   1030(c)(3)(B).

          74.  18 U.S.C.   1030(a)(6).

          75.  As defined by 18 U.S.C.   1029.

          76.  18 U.S.C.  1030(c)(2)(A).

          77.  18 U.S.C.   1030(c)(2)(B).

          78.  18 U.S.C.   1030(a)(6)(B).

          79.  18 U.S.C.   1030(a)(6)(B).

          80.  These computers  include computers used exclusively  for the


          United States government  or a  financial institution  or if  not


          exclusively by  the  government  one which  the  conduct  of  the


          computer affects the government's or the institution's operation,


          18  U.S.C. 1030(e)(2)(A),  the computer  is  one of  two or  more


          computers  that  commit  the  offense,  18  U.S.C. 1030(e)(2)(A).


          Financial  institution is  defined in  18  U.S.C. 1030(e)(4)  and


          includes  and institution  whose  deposits  are  insured  by  the


          Federal Deposit Insurance Corporation, 1030(e)(4)(A), the Federal


          Reserve or  one of  its  members, 1030(e)(4)(B),  a credit  union


          insured   by   the   National    Credit   Union   Administration,


          1030(e)(4)(C),   a  Federal   home  loan   bank   system  member,


          1030(e)(4)(D),  institutions under the  Farm Credit Act  of 1971,


          1030(e)(4)(F), a broker-dealer registered pursuant to   15 of the


          Securities Exchange Act  of 1934, 1030(e)(4)(F), or  a Securities


          Investor Protection Corporation, 1030(e)(4)(G).

          81.  S. Rep.  No. 432, 99th Cong., 2d Sess. 4, reprinted in, 1986
                                                         reprinted in


          U.S. Code Cong. & Admin. News 2479, 2481.

          82.  Note, Computer Crime and The Computer Fraud and Abuse Act of


          1986, X Computer/Law Journal 71, 79, (1990).

          83.  18 U.S.C.   1030 (e)(2) states:


               As used in this section-


               (2)  The term "Federal interest computer" means a computer-


                    (A)  exclusively for the use of a financial institution


          or the  United States Government, or,  in the case  of a computer


          not  exclusively  for  such  use,  used by  or  for  a  financial


          institution  or  the  United States  Government  and  the conduct


          constituting  the  offense  affects  the  use  of  the  financial


          institution's  operation or  the  Government's operation  of such


          computer; or


                    (B)  which is one  of two or more computer  used in the


          committing the  offense, not all of which are located in the same


          state.

          84.  "[T]here is  not statute  specifically addressing  viruses."


          135 Cong. Rec.  E2124 (daily ed. June  14, 1989) (letter of  Rep.
              Cong. Rec.  E2124


          Herger (quoting FBI Director William Sessions)).

          85.  H.R. 287 and H.R. 55.

          86.  "Existing  criminal statues are not specific on the question


          of  whether unauthorized  access is  a  crime where  no theft  or


          damage  occurs . .  ." 135 Cong.  Rec. E2124 (daily  ed. June 14,
                                     Cong.  Rec.


          1989)  (letter of  Rep.  Herger  (quoting  FBI  Director  William


          Sessions)).

          87.  Prosecution could occur under a trespass law.  It may not be


          applicable, however, since trespass is a property based crime and


          courts have not recognized information in the same manner as real


          property.

          88.  Note, Computer Crime and The Computer Fraud and Abuse Act of


          1986, X Computer/Law Journal 71, 80 (1990).

          89.  Id.
               Id.

          90.  Shalgi,  Computer-ware: Protection and Evidence,  An Israeli
                        Computer-ware: Protection and Evidence,  An Israeli


          Draft  Bill,  IX  Computer/Law J.  299,  299  (1989) [hereinafter
          Draft  Bill       Computer/Law J.


          Shalgi].  This proposed bill has not progressed much since it was


          proposed and is at the stage prior to an official "bill".  Letter


          from Barry  Levenfeld  to Brian  J. Peretti  (December 13,  1990)


          (concerning  Israel's legislature  progress on  the comprehensive


          computer  law).     This  paper  will  use  the   Shalgi  English


          translation of the law.

          91.  Chapter 2 concerns Offenses and Accessing Computers, Chapter


          3, Damages, Chapter 4, Rights of Software Creators and Chapter 5,


          Evidence. Levenfeld, Israel Considers Comprehensive Computer Law,
                               Israel Considers Comprehensive Computer Law,


           Int'l Computer L Advisor 4 (March 1988).  The topics  covered in
           Int'l Computer L Advisor


          Chapters 2 through 5 are beyond the scope of this paper.

          92.

          93.  Shagli, at 311.

          94.  Chapter 2,   2, Shagli at 311.

          95.  Chapter 2,   3(a), Shagli at 311.   An employee is exempt if


          he commits this  act when  it was  due to a  strike concerning  a


          labor dispute. Chapter 2,  3(b), Shagli at 311.

          96.  Chapter 2,   4(a).

          97.  Chapter 2,   4(b), Shagli at 311.

          98.  As defined by Chapter 1,   1.

          99.  Chapter 2,   5, Shagli at 311.



          100. Chapter 2,   6, Shagli at 312.

          101. Chapter 2,   7, Shagli at 312.

          102. Chapter 2,   9, Shagli at 312.

          103. Id.
               Id.

          104. Chapter 2,   10, Shagli at 312.

          105. By  not  stating that  this also  applies to  individuals or


          others (non-corporations) who  are attempting to supply  services


          to the public, some important services that may be offered to the


          public  may not  be  done.   Levenfeld,  8,  translates the  word


          corporation as entities which may solve the problem.

          106. Shalgi, 312.  Levenfeld, 5,  states that since this  section


          is  so broad  the only  possible areas that  are not  covered are


          personal and academic uses.

          107. Chapter 2,   14, Shagli at 313.

          108.  Section 5.

          109. Levenfeld,  4-5.   Perhaps the  only  computers not  covered


          would  be those used  for personal or  academic uses exclusively.


          Id. at 5.
          Id.

          110.  Section 5.

          111. Levenfeld,  4-5.   Perhaps the  only  computers not  covered


          would be those  used for personal  or academic uses  exclusively.



          Id. at 5.
          Id.

          112. Levenfeld at 4.

          113. Shalgi, 305.

          114. See,  Computers at Risk,  Safe Computing in  the Information


          Age, 36  (1991) (discussing the  need for a repository  to gather


          computer crime information).

          115. Chapter 2,   12, Shagli at 313.

          116. New Hacker's Dictionary.

          117. Chapter 2,    13, Shagli at 313.  The law states that if the


          owner of the computer is not given in his presence, the  order is


          only good for twenty-four hours.  Id.
                                            Id.

          118. Shagli, at 304.   Under Israeli  law, an object that  may be


          proof of an  offense may be seized without a court order. Id. The
                                                                    Id.


          law will bring the seizure of computers in accord with the United


          States Constitution's sixth Amendment.

          119. Chapter 1,   1, Shagli at 310.

          120. Alexander,  Suspect  Arrested  in   AIDS  Disk  Fraud  Case,
                           Suspect  Arrested  in   AIDS  Disk  Fraud  Case


          Computerworld, Feb. 5, 1990, 8.

          121.  Colvin,  Lock up the Keyboard  Criminal, Telecommunications


          PLC (England), June 1990.

          122. Computer Misuse Act, 1990, ch. 18.

          123.   In the five years prior to the  adoption of the Act, there



          were 270  cases of computer misuse  in Britain of  which only six


          were brought to court and only 3 resulting   convictions.  Fagan,


          Technology:  EC urged to  strengthen laws on  computer crime, The
          Technology:  EC urged to  strengthen laws on  computer crime


          Independent (London), February 13, 1990, p. 19.

          124. Id.
               Id.

          125. Davies,  Cracking down on  the computer hackers,  Fin. Times
                        Cracking down on  the computer hackers


          (London), October 4, 1990.

          126. Law Commission No. 186, Cm 819.

          127. Computer Misuse Act, 1990, ch. 18,   1.

          128. The penalty for this type of behavior is up to six months in


          prison, 2000 pounds or both.

          129. Computer Misuse Act, 1990, ch. 18,   2(1)(a).

          130. Computer Misuse Act, 1990, ch. 18,   2(1)(b).

          131. Computer Misuse Act, 1990, ch. 18,   2(5)(a).

          132. Computer Misuse Act, 1990, ch. 18,   2(5)(b).

          133. Computer Misuse Act, 1990, ch. 18,   3(1).

          134. Computer Misuse Act, 1990, ch. 18,   3(7).

          135. Computer Misuse Act, 1990, ch. 18,   3(2).

          136. Computer Misuse Act, 1990, ch. 18,   3(5).

          137. Id.      Colvin,   Lock   up   the   Keyboard   Criminal   ,
               Id.


          Telecommunications PLC (England), June 1990.

          138. Computer Misuse Act, 1990, ch. 18,   4.

          139. Computer Misuse Act, 1990, ch. 18,   4(1).



          140.  5(2) states that a significant link under  1 can be (a) the


          person was in  Great Britain at the  time in which he  caused the


          computer to act in a certain way or (b) the computer he attempted


          to  get access  to  was in  Great  Britain.  5(3)  states that  a


          significant link under  3  can be (a) that  the person was  Great


          Britain at  the time when he did the  act or (b) the modification


          took place in Great Britain.  However, this may not an exhaustive


          list.

          141. Davies,  Cracking down on  the computer hackers,  Fin. Times
                        Cracking down on  the computer hackers


          (London), October 4, 1990.

          142. Computer Misuse Act, 1990, ch. 18,   5.

          143. Although  proposed on February  14, 1989, the  proposed bill


          has not yet become law.

          144. Appendix A,   10.

          145. Appendix A,   1.

          146. Appendix A,   1, alternative.

          147. Appendix A,   2.

          148. Appendix A,   3.

          149. Appendix A,   4.

          150. Appendix A,   5.

          151. Appendix A,   7.

          152. The Ghana  Law Reform  Commission states  that they  created



          their proposed law  from the Scottish Law Commission  and the Law


          Reform  Commission of  Tasmania,  Australia reports  on  computer


          crime.

          153. Appendix A,   9(a).

          154. Appendix A,   8(b).

          155. See, infra, endnote __ and accompanying text.
                    infra

          156. Appendix A,   9(a).

          157. Appendix A,   9(b).

          158. Appendix A,   10.

          159. Appendix A,   6.

          160. Id.
               Id.

          161. Appendix A,   7.

          162. Appendix A,   1.

          163. Appendix A,   10.

          164. Id.
               Id.

          165. Id.
               Id.

          166. The  first computer  crime  law  in  the United  States  was


          enacted in 1979.

          167. S. Rep. No. 432, 99th Cong.,  2d Sess. 3, reprinted in  1986
                                                         reprinted in


          U.S. Code Cong. & Admin. News 2479, 2481.

          168. By increasing  security, the ease  with which one  can enter


          the  system will become more difficult.   Some systems, believing


          that if  such unauthorized  access does  occur that  no sensitive

















          information will be stolen, opt  to have less security then other


          systems.  In actuality, by one system not having enough security,


          the entire network can be put  at danger when a mischievous  user


          wishes to  break into a  users account which  may be  accessed by


          that system.    See  Stoll, 353-54 (stating an  Australian hacker


          broke  into  Mr.  Stoll's computer  account  because  a connected


          computer's system  manager did not wish  to have a high  level of


          security.

          169.    Stoll,  32.     Many  military  computers  and  sensitive


          scientific computers  operate in a  secure environment.   This is


          created by not allowing the computer system to have any telephone


          links to the outside world (i.e. outside of the building.

          170.  By having a secure system, information at the computer site


          can only be removed by a person walking into the computer center,


          copying the  information and then walking  out with it.   This is


          both burdensome  (it is much  easier to access the  computer from


          one's home or office) and cumbersome (since a person will have to


          walk around with reels  of data that will later be  put back into




          the system.

          171. Computer Virus Legislation, Hearing on H.R. 55 and  H.R. 287


          before the Subcomm. on Criminal Justice of the House Comm. on the


          Judiciary, 100th Cong., 1st Sess.  44, n. 27 (1989) (statement of


          Marc  Rotenberg,  Director,  Computer  Professionals  for  Social


          Responsibility).




          172.  Colvin,  Lock up the Keyboard  Criminal, Telecommunications
                         Lock up the Keyboard  Criminal


          PLC (England), June 1990, p.  38.  Michael Colvin, the  author of


          Great Britain's Computer  Misuse Act stated  that the passage  of


          the bill should not be looked  at that the computer owner  should


          not have security  measures on their computers. Id.  The bill, he
                                                          Id.


          states, was made  only to compliment,  not substitute, the  users


          security  measures.  Id. In  West  Germany, the  severity  of the
                               Id.


          punishment for hacking depends on the effort that was required to


          commit the offense.   Fagan, Technology:  EC urged to  Strengthen
                                       Technology:  EC urged to  Strengthen


          Laws on Computer Crime, The Independent, Feb. 13, 1990, 19.
          Laws on Computer Crime

          173.    McGourty,  When  a  hacker cracks  the  code,  The  Daily
                             When  a  hacker cracks  the  code


          Telegraph, October 22, 1990, p. 31.


          174.  A  Password is a word that  is either given to  the user by


          the  system  or selected  by  the  user  to prevent  others  from


          accessing his  computer  or account  within the  computer.   This


          words,  groups of  letters or  symbols  are supposed  to be  kept


          secret so as  to not let other  who are not authorized  to access


          the system have access to it.




          175. Donn  Seeley, A  Tour  of the  Worm, Department  of Computer
                             _____________________


          Science,  University of  Utah, Nov.  1988,  reprinted in  General
                                                      reprinted in


          Accounting Office, Computer  Security: Virus Highlights  Need for


          Improved Internet Management, 20 (1989).

          176. Authers,  Armed with  a  secret weapon,  Financial  (London)


          Times, Feb. 5, 1991, Section I, 16.

          177.  Id.

          178. For  a discussion  of  this  virus,  see,  Branscomb,  Rogue
                                                    see               Rogue


          Computer  Programs and Computer Rogues:  Tailoring the Punishment
          Computer  Programs and Computer Rogues:  Tailoring the Punishment


          to  Fit the  Crime, 16  Rutgers Computer  &  Tech. L.J.  1, 14-16
          to  Fit the  Crime      _______________________________


          (1990) (discussing the applicability of state and federal  law to


          computer viruses).



          179.   Jim Thomas, publisher  of the Computer  Underground digest


          argues  that computer pirates actually buy more programs then the


          average computer program buyer.   Letter from Jim Thomas to Brian


          J. Peretti (  (discussing computer pirating of software)

          180. See, GNU Manifesto (available at American University Journal


          of International Law and Policy).   See also, Stallman, GNU EMACS
                                              See also,


          General  Public License, (Feb.  11, 1988) (available  at American


          University Journal of International Law and Policy).

          181. The GNU  Manifesto  (available at  the  American  University


          Journal of International Law and Policy).

          182. The  author proposes that such copyright protection last for


          only two years.   By granting the  creator such protection for  a


          short period of  time, he will be  able to  recover  the expenses


          that he put into the writing of the program.


               If   this  type of  protection   is  granted,  it should  be


          understood that the creator of the program has a copyright to the


          sourcecode of the  program for  that period.   If he updates  the


          program  after the  two year  period,  the updated  code will  be


          protected,  but  the  original  code  will  not  be  granted  the
          protection.   In this  manner, an author  cannot attempt  to give


          copyright  protection  to  a  program  after  the  copyright  has


          expired.

          183. Electronic letter from  Brian J. Peretti to  Dorothy Denning


          (Nov. 13, 1990) (concerning computer crime).

          184. This will be a semi-secure system.

          185. The system, of  course, will have a system  manager who will


          create  the accounts  for the  users.   His account  will be  off


          limits  to those who wish  to use the system.   At the same time,


          individuals will  be  encouraged to  attempt  to break  into  the


          manager's  account and  tell  him how  it  was done  in  order to


          improve security for this and other systems.

          186. The problem  still exists  that information  learned through


          the  use of  this system may  allow those  who use the  system to


          break into other computer systems.  This problem can be corrected


          by having the  system manager and the  users communicate problems


          with the system so that they may be corrected on other systems.

          187. United States v. United States Gypsum Co., 438 U.S. 422, 425


          (1978).

          188. S. Rep. No.  432, 99th Cong., 2d Sess. 6,  reprinted in 1986
                                                          reprinted in
          U.S. Code Cong. & Admin. News 2479, 2484.

          189.  Stoll, The Cuckoo's Egg.

          190.  The countries which a person can go to could be any country


          in the  world, except  Albania, since they  are the  only country


          whose computers are not connected to outside computers.  Stoll.

          191. A school in Red Bank, New Jersey, has instituted a "computer


          responsibility training".  Weintraub, Teaching Computer Ethics in
                                                Teaching Computer Ethics in


          the Schools, The School Administrator 8, 9 (apr. 1986).
          the Schools, ________________________

          192. S.  Rep. No. 432, 99th Cong.,  2d Sess. 3, reprinted in 1986
                                                          reprinted in


          U.S. Code Cong. & Admin. News 2479, 2481.

          193. Electronic  Mail Letter  from  Rop  Gonggrijp  to  Brian  J.


          Peretti (Jan. 25, 1991) (concerning computer  viruses).  "We have


          to watch that  we keep telling people how  virusses work, because


          that  is the only solution to the  problem:  mystifying the whole


          thing ans just hunting down "computer  terrorists" is useless and


          (as proven in  the US and Germany) leads to  a questionable style


          of government in the field of information technology..." Id.
                                                                   Id.

          194. General  Accounting   Office,  Computer  Security:     Virus


          Highlights Need for Improved Internet Management, 25 (1989).

Post Bottom Ad