Note: This file was created by printing Word for Windows
document files to an ASCII file, using a Generic/Plain Text
printer driver. Line breaks and some formatting
characteristics weren't preserved very well in this
conversion.
The author can be reached at the following email address:
rberry@vnet.ibm.com
FREE SPEECH IN CYBERSPACE FREE SPEECH IN CYBERSPACE FREE SPEECH IN CYBERSPACE
The First Amendment and the Computer Hacker The First Amendment and the Computer Hacker The First Amendment and the Computer Hacker
Controversies of 1990 Controversies of 1990 Controversies of 1990
by by by
ROBERT R. BERRY ROBERT R. BERRY ROBERT R. BERRY
A Thesis submitted to the faculty of The University of North
Carolina at Chapel Hill in partial fulfillment of the
requirements for the degree of Master of Arts in the School
of Journalism and Mass Communication.
Chapel Hill
1991
Approved by:
Cathy L. Packer, Advisor
Ruth Walden, Reader
John Semonche, Reader
Copyright (c) 1991 by Robert R. Berry
Table of Contents
Chapter 1. New Questions for a New Medium..................1
Chapter 2. The Net........................................28
Chapter 3. Hackerphobia...................................52
Chapter 4. Operation Sun Devil............................79
Chapter 5. Conclusions...................................115
Bibliography.............................................128
CHAPTER ONE: CHAPTER ONE: CHAPTER ONE:
New Questions for a New Medium New Questions for a New Medium New Questions for a New Medium
Introduction Introduction Introduction
In the spring of 1990, a 20-year-old student at the
University of Missouri in Columbia was prosecuted in a
federal court because of something he published. The
information he published was true, it was of public concern,
and it had come to him through legal channels. Nonetheless,
the government charged that his publication was part of a
conspiracy to commit fraud and that his information-
gathering activities and publication amounted to interstate
transportation of stolen property.
Shouldn't the First Amendment have protected Craig
Neidorf from prosecution? Unfortunately, the answer to that
question is unclear because of the technology he used to
deliver his message. Neidorf's publication was electronic.
He created it as text on his computer and distributed it
over a network to other computer users who read it on their
video screens. It went from author to audience without ever
existing in tangible form. And the information whose
publication led to his prosecution -- a document describing
a telephone system -- came to him through the same channels.
For the first time, a federal court confronted this
question: How does the First Amendment apply to computer-
based communication?
Craig Neidorf's prosecution was only one part of a
crackdown on computer crime that in 1990 aroused widespread
concern over civil liberties and computer use. In another
case, Steve Jackson Games, a small publishing company in
Austin, Texas, found itself nearly put out of business when
the Secret Service raided its premises and confiscated its
computers -- all because the agency suspected it might find
contraband information on the computers.1
Was the government casting its net too broadly in its
campaign against computer crime, infringing on free speech
in the process? The events of 1990 demonstrated better than
any before the confused and uncertain state of the law as it
applied to computer-based communication.
The Problems of a New Medium The Problems of a New Medium The Problems of a New Medium
Advances in computer technology over the past decade have
made computers available to a vast number of people and
irrevocably changed the way most work is done in this
country. The United States Department of Commerce estimated
in 1988 that as many as 38 million personal computers would
be installed by 1991, with 28 percent of all American
households computer-equipped.2 But computers have proved to
be more than tools for word processing and math;
increasingly, the computer is a communication tool.
1See, e.g., Costikyan, "Closing the Net," Reason, Jan. 1991,
at 22; Kapor, "Civil Liberties in Cyberspace," Scientific
American, Sept. 1991, at 116.
2National Technical Information Service, U.S. Dept. of
Commerce, NTIA Information Services Report (1988), at 27.
2
Today, anyone with a computer and a modem3 -- and an
estimated 19 million modems are currently installed4 --
possesses the means to communicate with thousands of other
computer users. Available services include hundreds of
commercial online information services such as CompuServe
and Prodigy.5 These services provide electronic access to
major news services such as USA Today, Dow Jones and the
Associated Press. They also provide their own news, advice
columns, movie and music reviews, and hundreds of other
features online. Syndicated columns from writers such as
Dave Barry and Mike Royko are available by electronic
subscription for users who have electronic mail addresses on
any of the major national computer networks.6 And a
probably uncountable number of amateur newsletters and
magazines produced by individuals are distributed
electronically via computer networks to small lists of
subscribers. Electronic bulletin boards7 number as many as
3A modem is a device used to translate digital computer data
into electrical signals capable of transmission over
telephone lines.
4NTIA Report, supra note 2, at 29.
5One directory lists 718 online informations services
worldwide. Cuadra/Elsevier, Directory of Online Databases
(vol. 12, nos. 1 and 2 (Jan. 1991)).
6Online advertisement from ClariNet, a service that
distributes syndicated publications electronically (April
9, 1991).
7Bulletin boards are "computer systems that function as
centralized information sources and message switching
systems for a particular interest group. Users dial up the
3
100,000.8 Available to an increasing number of people at
constantly shrinking expense, the computer and modem may be
the 1990s equivalent of the mimeographed handbill.
Clearly, "the press" no longer requires ink or paper.
Some of these publications9 are direct electronic analogues
of magazines, newspapers, newsletters and pamphlets, while
others are entirely new forms; but none need ever exist on
paper. A new medium of mass communication, distinct from
print but sharing many of its essential characteristics, is
spreading, and as computers become ever more accessible, its
continued spread is inevitable.
Because these forms of communication may be well on their
way to becoming the dominant ones, it is important that the
law be ready to accommodate them. But the existing models
of media law are inadequate to the task. Today's system
divides technologies of communication into essentially three
tiers of First Amendment protection.10 Most protected are
traditional print media, newspapers and magazines, which
bulletin board, review and leave messages for other users
as well as communicate to other users attached to the
system at the same time." Freedman, The Computer Glossary
80 (4th ed. 1989), at 80.
8L. Wood, D. Blankenhorn, "State of the BBS Nation," Byte,
Jan. 1990, at 298.
9Although the technology is new, there can be no doubt that
these activities are indeed publishing. Black's Law
Dictionary defines publish as "[t]o make public; to
circulate; to make known to people in general. To issue;
to put into circulation."
10See, e.g,, De Sola Pool, infra note 18; Becker, infra note
73, at 829-30.
4
enjoy great, though not absolute, freedom from government
control under the First Amendment.11 The middle ground is
occupied by the broadcast media, radio and television.
Although the First Amendment still protects broadcast
journalists from governmental interference with day-to-day
editorial decision-making,12 broadcasters are nonetheless
subject to government licensing and many other requirements
dictated by the FCC and Congress.13 Least protected by the
First Amendment -- or most regulated -- are common carriers,
telephone and other wire communication systems operated by
companies such as AT&T. Common carriers operate under
strict guidelines governing access, rates, even content.
Because common carriers have almost no control of how their
facilities are used, however, they are generally immune from
liability for misuse.14
None of these legal models can comfortably encompass
computer-based communication. The content of such
communication -- written text -- is most analogous to print,
11See, e.g., Near v. Minnesota, 283 U.S. 697 (1931); New
York Times Co. v. Sullivan, 376 U.S. 254 (1964), New York
Times Co. v. United States, 403 U.S. 713 (1971), Miami
Herald Publishing Co. v. Tornillo, 418 U.S. 241 (1974).
12See, e.g., CBS v. Democratic National Committee, 412 U.S.
94 (1973).
13See, e.g., Red Lion Broadcasting Co. v. FCC, 395 U.S. 367
(1969); FCC v. Pacifica Foundation, 438 U.S. 726 (1978).
14The history of common-carrier regulations, rather than
being derived from First Amendment law, is descended from
the regulation of railroads in the nineteenth century. See
De Sola Pool, infra note 18, at 75-107.
5
but because computer networks rely on telephone lines, its
technological foundation is that of the common carrier.
Perhaps even more problematic, though, is that this new
technology just doesn't look like print, and policymakers
may therefore be hesitant to afford it the same
protection.15
Such problems may prevent a major new outlet for free
expression from achieving its potential. But the danger may
be even more significant. If more traditional technologies
such as print are replaced by electronic delivery, the First
Amendment will no longer protect "the press" as it does
today.
Literature Review Literature Review Literature Review
The difficulties associated with fitting a new
communication technology such as computer-based
communication into existing legal frameworks has not escaped
legal commentators. "Electronic publishing," writes former
White House policymaker Richard Neustadt, "provides square
pegs to fit into the round holes of old regulatory
categories."16 And Kim Uyehara writes, "Lawmakers are
15See, e.g., De Sola Pool, infra note 18, at 197.
16R. Neustadt, G. Skall, M. Hammer, "The Regulation of
Electronic Publishing," 33 Fed. Comm. L.J. 331, 332
(1981).
6
having a hard time keeping legislation current with the
technical explosion."17
Most writers have taken either a broad approach --
discussing very generally the legal and social problems of
new communication technology -- or a very narrow one, asking
and answering very specific legal questions. The most
significant entry in the former category is by Ithiel de
Sola Pool, whose book Technologies of Freedom,18 cited
frequently by other authors, seems to be the seminal work in
the field. The book is slightly dated as far as the
technology goes -- 1983 is a long time ago in the world of
computers -- but its discussion of the underlying issues is
insightful.
De Sola Pool's book is more descriptive than analytical,
concentrating on elucidating the legal problems of new
communication technology rather than solving them. It opens
with a warning:
For five hundred years a struggle was fought,
and in a few countries won, for the right of
people to speak and print freely, unlicensed,
uncensored, and uncontrolled. But new
technologies of electronic communication may now
relegate such old and freed media such as
pamphlets, platforms, and periodicals to a corner
of the public forum. Electronic modes of
communication that enjoy lesser rights are moving
to center stage. The new communication
technologies have not inherited all the legal
immunities that were won for the old.... And so,
as speech increasingly flows over those electronic
17K. Uyehara, "Computer Bulletin Boards: Let the Operator
Beware," 14 Student Lawyer, April 1986, at 30.
18I. de Sola Pool, Technologies of Freedom (1983).
7
media, the five-century growth of an unabridged
right of citizens to speak without controls may be
endangered.19
De Sola Pool provides a history of communication
technology, starting with the origins of print20 and
covering the emergence of electronic media.21 He also
summarizes the history and current state of modern media
law, dividing media into regulatory categories; one chapter
each is devoted to print,22 common carriers,23 and
broadcasting.24 Additional chapters address the newer
technologies of cable25 and -- most significantly for the
purposes of this thesis -- electronic publishing.26 It is
here that de Sola Pool warns that regulations driven by
technology may eventually undermine the First Amendment:
If computers become the printing presses of the
twenty-first century, will judges and legislators
recognize them for what they are?... Practices are
now being canonized in regard to cable television,
computer networks, and satellites which may
someday turn out to be directly relevant to
publishing. People then may ask in puzzlement
where protections of the free press have gone.27
19
Id. at 1.
20
Id. at 12-14.
21
Id. at 23-54.
22Id. at 55-74.
23Id. at 75-107.
24Id. at 108-150.
25Id. at 151-188.
26Id. at 189-225.
27Id. at 189.
8
De Sola Pool makes no specific policy recommendations for
dealing with these new problems. Instead, having sounded
the alarm, he suggests general principles to guide
policymakers. He suggests that the First Amendment applies
equally to all media, that all communication should be
unfettered by government restriction, and that regulation --
including common-carriage rules -- should be a last resort
reserved only for cases of true physical monopoly.28
De Sola Pool's main message, though, seems to be that
vigilance may be required to safeguard the First Amendment
into the future. "Lack of technical grasp by policy makers
and their propensity to solve problems of conflict, privacy,
intellectual property, and monopoly by accustomed
bureaucratic routines are the main reasons for concern," he
writes. "But as long as the First Amendment stands ... the
loss of liberty is not foreordained."29
A similarly broad -- and cautionary -- approach is taken
by law professor M. Ethan Katsh.30 Katsh suggests that new
communication technologies not only present novel legal
problems, but "are likely to affect both how we think about
28Id. at 246.
29Id. at 251.
30M.E. Katsh, "The First Amendment and Technological Change:
The New Media Have a Message," 57 Geo. Wash. L. Rev. 1459
(1989).
9
information and what the relationship is between citizen and
government."31
Katsh argues that electronic communication not only
provides a new physical channel for speech, but changes the
nature of the information itself:
Electronic information is even more active and
more easily manipulable, revisable, and changeable
[than print]. It is changeable in ways that print
is not and, by its very nature, moves much faster.
One who looks at words on a computer screen or
even at words on paper that have emerged from a
"printer" may think that he or she is seeing
print, but the static or fixed quality of print is
gradually being lost as information is encoded in
electronic form.32
Katsh is not optimistic about the future of First
Amendment law. "[D]ifferences in treatment among media can
be expected to multiply," he writes. "It is even possible
that 'full' First Amendment protection, whatever that may
mean in the future, will not be enjoyed by any medium other
than, perhaps, the spoken word."33 But he argues that
despite greater legal restrictions, the power of new
technologies will diminish the ability of the state to
impede the flow of information.34 Prior restraint, for
example, may become virtually impossible as means of
31Id. at 2.
32Id. at 13.
33Id. at 17.
34Id. at 17.
10
publication proliferate.35 Katsh sees in the future a "new
communications environment," an environment characterized by
a vigorous system of expression but an unstable and confused
First Amendment framework.36
Apart from de Sola Pool and Katsh, few authors appear to
have tackled the broad issues associated with computer
communication. Most have concentrated instead on specific
legal questions associated with specific media. Almost
universally, the authors ask which model of media law can
apply to these new technologies. But their analyses
generally concentrate on very narrow regulatory and
liability issues rather than the larger First Amendment
issues involved. The question of legal models is generally
answered only to the extent necessary to resolve the narrow
questions they have tackled.
Also, most of the existing literature is devoted to
analysis of one specific form of computer communication, the
electronic bulletin board system or BBS. The discussion of
BBSs is further limited to one particular legal question,
the liability of the BBS's system operator, or sysop, for
messages posted by users on the BBS.
35Id. at 21.
36Id. at 23.
11
Attorney Robert Charles examines the question of sysop
liability for defamation posted on a BBS.37 Charles uses
the analogy technique used by virtually every other author
writing on this subject. "This question may be answered by
looking to the standards of liability that have been applied
to other communication technologies," he writes.38 He then
divides existing media into two categories based upon their
legal status in defamation cases: print media, which are
generally held accountable for defamation, and common
carriers, which generally are not.39 The exception to that
common carrier rule is when a common carrier is a "knowing"
participant in the defamation.40 Charles ultimately
recommends the formulation in explicit detail of a new,
clear standard "tailored specifically to computer bulletin
boards," incorporating the "knowing" test used for common
carriers.41
Most writers tackling the sysop liability question
discuss not defamation but messages related to criminal
action, mainly computer hacking and other forms of computer
37R. Charles, "Computer Bulletin Boards and Defamation: Who
Should Be Liable? Under What Standard?" 2 J. of Law and
Technology, Winter 1987, at 121.
38Id. at 123.
39Id. at 132.
40Id. at 132-3.
41Id. at 147.
12
crime.42 In particular, phreaking, the theft of long-
distance telephone service -- usually closely associated
with hacking -- has been a popular subject of discussion.
"While bulletin boards are usually not directly involved in
any of these crimes, they are used to receive and distribute
information by the computer enthusiasts who commit the
illegal acts," writes attorney Eric Jensen, who also
includes distribution of pornography and the formation of
pedophilia rings among the potential abuses of BBSs.43
Jensen similarly asks whether earlier models of media law
can accommodate BBSs. Dividing older media into the
categories of publishers, republishers, and common carriers
-- and choosing republishers as the best analogy to BBSs --
Jensen ultimately reaches a conclusion much like Charles',
that sysop liability should be based upon the degree of the
sysop's participation in the illegal actions.44 He cautions
that direct regulation of BBSs, because of their nature,
42The term hacker originally meant a person with great
technical expertise with computers -- particularly with
programming -- and for whom computing was an end in
itself, even an art form. However, it has popularly come
to mean a person who, through stealing passwords and
otherwise exploiting security holes, gains unauthorized
access to computer systems, either maliciously or
mischievously. See Chapter 2, notes 36-38 and surrounding
text.
43E. Jensen, "An Electronic Soapbox: Computer Bulletin
Boards and the First Amendment," 39 Fed. Comm. L.J. 217,
224-226 (1987).
44Id. at 257.
13
would be unenforceable. Hobbyists could easily "go
underground," concealing their activities from regulators.45
Jensen provides one original analogy, what he calls "the
BBS as an association,"46 a place where "people from all
across the country gather electronically and exchange views,
recipes, or epithets, just as would the local Jaycees."47
Citing NAACP v. Alabama,48 he writes, "As an association
engaged in speech, a bulletin board is entitled to
constitutional protection."49
A slightly different approach to the sysop liability
question is taken by Edward Di Cato,50 who discusses a more
recent addition to the list of BBS hazards: the distribution
of computer viruses.51 Di Cato reaches a familiar
conclusion -- that a sysop would be liable only for
"recklessly" allowing a computer virus to spread through a
45
Id. at 232-3.
46Id. at 252.
47Id.
48357 U.S. 449 (1958).
49Id.
50E. Di Cato, "Operator Liability Associated With
Maintaining a Computer Bulletin Board," 4 Software L.J.
147 (1990).
51A virus is a computer program that is designed to
replicate itself by attaching itself surreptitiously to
other programs. Viruses may be fairly harmless, perhaps
popping up a mischievous message on the screen, or
destructive -- erasing files from a hard disk or perhaps
scrambling the disk's data irretrievably.
14
BBS.52 He also suggests that sysops could protect
themselves by exercising tight control over their BBSs,
verifying users' identities before giving them access.53 He
further suggests that a disclaimer clearly specifying the
responsibilities of users and specifically repudiating sysop
responsibility might further protect sysops from
liability.54
The sysop liability question has also been tackled by
John T. Soma, Paula J. Smith and Robert D. Sprague.55 Their
article, however, consists mostly of an extensive survey of
"computer crime" laws, engaging in little First Amendment
analysis.
One commentator reaches a conclusion quite different from
most others on the subject of BBS regulation. Robert Beall
examines the liability of sysops for the posting of
illegally obtained information by phone phreakers.56 In
asking which model of media law will apply, Beall forces a
choice between the laws covering newspapers or the laws
52Di Cato, supra note 50, at 155.
53Id. at 156.
54Id. at 157.
55J. Soma, P. Smith, R. Sprague, "Legal Analysis of
Electronic Bulletin Board Activities," 7 W. New Eng. L.
Rev. 571 (1985).
56R. Beall, "Developing a Coherent Approach to the
Regulation of Computer Bulletin Boards," 7 Computer/Law
Journal 499 (1987).
15
covering telephone service;57 he ends up choosing elements
of each. He agrees with other commentators that a sysop may
not be liable without affirmative involvement in the illegal
activity.58 While he seems to favor strong First Amendment
protection for BBSs, he is not satisfied with the resulting
lack of protection against phreaking activity. He therefore
proposes a full-fledged system of licensing of BBSs by the
FCC, with licensees required to adhere to certain rules in
order to retain or renew their licenses.59 However, he
would rely upon the private sector for enforcement of these
rules; telephone companies, for instance, would be expected
to monitor BBSs for stolen credit card numbers.60
Besides the BBS, the only other related communication
media that have received significant attention in the legal
literature are the similar technologies of teletext and
videotex. Teletext is a form of electronic text delivered
by television stations to subscribers' TV sets, either via
broadcasting or cable hookups but as part of a conventional
television signal. Teletext presents a series of pages, or
frames, of text, from which the subscriber may select using
a special keypad.61 Videotex is a similar service,
57Id. at 509-10.
58Id. at 504-5.
59Id. at 513-15.
60Id. at 516.
61Freedman, supra note 7, at 689.
16
delivered to customers' TV sets via telephone lines.62
Neither service has been implemented on a large scale in the
United States, but despite their obscurity, they have
received much attention from legal commentators.
Jeffrey Hurwitz devotes his attention to teletext,
particularly broadcast teletext.63 He suggests that the
FCC's 1983 decision not to regulate teletext -- reasoning
that it is an "ancillary service" not subject to the
regulations applied to regular TV programming -- was
incorrect.64 Teletext, like traditional broadcasting, he
felt should be content regulated -- subject to the Fairness
Doctrine,65 the "equal opportunity" rule and the "reasonable
access" rule.66 Exempting teletext from such content
regulations provides an easy avenue for circumventing the
purpose of such regulations as applied to broadcasting, he
writes.67 Perhaps most troubling, however, is his argument
that the FCC, more than anything else, has simply
misconstrued the clear language of the statutes and
62Id. at 735.
63J. Hurwitz, "Teletext and the FCC: Turning the Content
Regulatory Clock Backwards," 64 Boston Univ. L. Rev. 1057
(1984).
64Id. at 1057.
65The Fairness Doctrine, no longer FCC policy, was still
applied to broadcasters when Hurwitz wrote his article.
66Hurwitz, supra note 63, at 1083.
67Id. at 1098.
17
regulations in question.68 Hurwitz's arguments suggest that
the existing statutes could pose a threat to the freedom of
computer communication.
Another writer, Richard Hindman, has a markedly different
view of teletext.69 "The first amendment," he writes,
"protects the right of every person to participate in the
marketplace of ideas."70 Most of Hindman's article is
devoted to an analysis of a consent decree that currently
bars telecommunications giant AT&T from entering the
teletext business.71 However, Hindman's comments about the
First Amendment issues underlying teletext regulation are
insightful:
The history of broadcast and cable regulation
suggests that as new communication technologies
become available Congress and the courts will fail
to fully comprehend how the first amendment limits
government authority to regulate. In fact, at
first, the courts will attempt to characterize
users of the new medium as someone other than a
speaker entitled to full first amendment
protection or, as a speaker entitled to some
lessor [sic] protected right.... [U]ntil a new
technology becomes familiar in its own right,
courts generally attempt to impute the regulatory
baggage of an existing medium, leaving unresolved
the difficult constitutional issues.72
68Id. at 1083-1094.
69R. Hindman, "The Diversity Principle and the MFJ
Information Services Restriction: Applying Time-Worn First
Amendment Assumptions to New Technologies," 38 Catholic
Univ. L. Rev. 471 (1989).
70Id. at 471.
71U.S. v. AT&T, 552 F.Supp. 131 (D.C. Cir. 1982).
72Id. at 494-5.
18
Lynn Becker, in her survey of the confused state of the
law regarding teletext and videotex, agrees that the
technology of delivery should not be the decisive factor in
deciding its regulatory status.73 "A preferable
alternative," she writes, "would be to view all electronic
publishing as a single communications medium regardless of
the method of transmission.... The basis for distinguishing
between typeset and electronically transmitted
communications is not viable in 1985. The regulatory
underpinnings are without merit."74 Instead, she calls for
the design of a new legal framework designed to accommodate
the new media and to recognize their true nature. "[T]he
new media must be viewed according to their function rather
than through their methods of distribution.... When viewed
in this manner, the regulatory mandate is clear: Congress
shall make no laws abridging ... the freedom of the
press."75
What conclusions emerge from this body of literature?
It is clear that analogy to older media has been the method
of choice for deciding the legal status of computer
communication, whether BBS, teletext or videotex. Almost
every author divides existing media into regulatory
73L. Becker, "Electronic Publishing: First Amendment Issues
in the Twenty-First Century," 13 Fordham Urban L.J. 801
(1985).
74Id. at 866.
75Id. at 868.
19
categories, generally classifying print media as most immune
to regulation but most vulnerable in liability cases and
common carriers as most regulated but generally immune to
liability, with broadcasters in the middle. With only a
couple of exceptions -- Beall's scheme of licensing BBSs and
Hurwitz's argument in favor of content regulation for
teletext -- the authors are opposed to governmental
regulation of electronic publishing. However, the authors
devote themselves to answering narrow questions, questions
either of BBS sysop liability or of the regulatory status of
two obscure technologies, teletext and videotex.
In the literature there seems to be agreement on several
specific questions. First, BBS sysops should be held liable
for messages on their boards only when they are in some way
involved with or aware of the illegality. Second, a new
legal framework may be necessary to accommodate these media.
And third, the First Amendment does apply to computer-based
communication.
Missing from most of the literature is recognition of a
serious First Amendment threat or an attempt to discover the
specific sources of that threat. With the exception of De
Sola Pool's forward-looking book and Katsh's philosophical
article, most authors seem to perceive only technical legal
difficulties. While most authors conclude, or even assume,
that the First Amendment applies to computer communication,
they do not seem to see implications for the mainstream of
First Amendment law. Computer-based communication is
20
portrayed either as something still far in the future or as
a "niche" medium of interest only to computer hackers and
scientists. It is depicted as only peripheral to the speech
the First Amendment is intended to protect.
In fact, however, such electronic communication is in use
today by a vast number of people with diverse interests,
using inexpensive and readily available technology. It is
already a significant and important forum for speech on
almost every conceivable topic. The way in which this
medium is used indicates that it is not peripheral to First
Amendment "core speech." It should be considered in the
mainstream of First Amendment-protected expression. If
computer-based media are to become a dominant channel for
information delivery in the future, it is vitally important
that the decisions made today regarding the treatment of
these media be the right ones.
Objectives Objectives Objectives
Perceptions of a threat to the First Amendment freedoms
of computer-based communication have come not from codified
policies -- of which there are few -- but from de facto
policies emerging from an unsettled and chaotic area of law.
These de facto policies are, in turn, the product of
precedent-setting events such as the Craig Neidorf and Steve
Jackson cases and other controversies of 1990.
Krasnow, Longley and Terry, in their book The Politics of
Broadcast Regulation, begin their analysis with the idea
21
that "there is no such thing as 'government regulation';
there is only regulation by government officials."76 In
other words, particularly with a medium as new as this one,
attention is best directed not toward codified regulations
but rather toward the attitudes and agendas of the people
who will create them -- people both in and out of the
government. The legal treatment of any new technology will
ultimately be a product of political pressures, different
players with different agendas pushing in different
directions. The result will depend upon whose voice is
heard most strongly.
The embryonic field of computer-communication law is
characterized by several different facets of government and
the private sector influencing policy formation. These
include Congress, which has responded primarily to economic
pressures related to computer crime, but has passed statutes
incidentally affecting computer communication; the courts,
which only recently and at the lowest levels have been asked
to recognize constitutional protection for computer
communication; and law enforcement agencies, which have
caused the most visible controversies by enforcing computer
crime laws zealously and without evident regard for free
speech. Other entities exerting an influence on the
policymaking process include the computer-user community,
76Krasnow, Longley, and Terry, The Politics of Broadcast
Regulation 9 (citing Loevinger, The Sociology of
Bureacracy, 24 Business Lawyer 9 (1968)) (3d ed. 1982).
22
particularly the "computer underground" and the hacker
subculture, which have been the focus of the recent
controversies; and the Electronic Frontier Foundation, a
political action group founded to protect the civil
liberties of computer communicators.
This thesis will examine the political development of de
facto policies affecting the First Amendment freedoms
associated with computer-based communication, particularly
during the important events of 1990. It will examine the
legislative history of the relevant federal statutes and the
events surrounding the important cases, including those of
Craig Neidorf and Steve Jackson, and the Secret Service's
"Operation Sun Devil," and attempt to identify the roles of
the major players in this process.
Research Questions and Methodology Research Questions and Methodology Research Questions and Methodology
The specific research questions addressed by this thesis
are:
1) Does a threat to the freedom of computer-based 1) Does a threat to the freedom of computer-based 1) Does a threat to the freedom of computer-based
communication represent a threat to the core meaning of the communication represent a threat to the core meaning of the communication represent a threat to the core meaning of the
First Amendment? First Amendment? First Amendment?
In order to answer this question, this thesis will first
explore the nature of computer-based communication as it is
used today. After an overview of the technology that makes
such communication possible, it will examine the way in
which this medium is used. It will demonstrate that
computer-based communication is a vital and important
23
medium, and that users of this medium are members of a
community engaged in "core speech" deserving of the highest
constitutional protection.
2) Who are the important players involved in the 2) Who are the important players involved in the 2) Who are the important players involved in the
controversies of 1990 and the formation of computer- controversies of 1990 and the formation of computer- controversies of 1990 and the formation of computer-
communication policy and what are their roles? communication policy and what are their roles? communication policy and what are their roles?
The thesis will then examine in detail the important
cases of 1990 and the events surrounding them in an attempt
to discover the role of each major player involved. The
players themselves will be identified, and the contribution
of each will be evaluated. This will include an exploration
of the legislative history of the statutes involved in these
cases, as well as factual accounts from news media and other
sources of the events surrounding the 1990 controversies.
Source documents, including legislative debates,
indictments, written court opinions, search warrant
affidavits, briefs and policy statements will provide
insight into the motives and objectives of each player.
3) Based upon the roles of the players involved, what is 3) Based upon the roles of the players involved, what is 3) Based upon the roles of the players involved, what is
the general direction of the law? the general direction of the law? the general direction of the law?
From this analysis should emerge an overall picture of
the regulatory atmosphere, the degree of the First Amendment
threat and what the future may hold for these new media.
Organization Organization Organization
Chapter Two will describe the technological foundation of
today's computer-based communication media in order to
24
define terms and concepts important to this topic. It will
briefly describe the way in which these media are used, in
order to establish that a genuine outlet for First
Amendment-protected speech is involved. It will also
introduce the culture of computer hackers, which plays an
important part in events described later.
Chapter Three will examine the legislative history of the
computer crime laws that served as the authority for the
hacker crackdown of the late 1980s and 1990. This chapter
will study the role of Congress as a regulatory player and
will also reveal the early involvement of two other players
that figure prominently in later events: computer hackers
and law enforcement.
Chapter Four will discuss in detail the major cases of
1990 and the surrounding events that have been the focus of
the recent controversies over First Amendment freedoms and
computer communication. These events demonstrate the
involvement of four important players in this regulatory
process: computer hackers, law enforcement agencies, the
courts and the Electronic Frontier Foundation.
Chapter Five will summarize and discuss the preceding
material and will attempt to identify the direction of the
law based upon the roles of the involved players.
Limitations Limitations Limitations
Some legal aspects of this new communication technology,
while important, will not be included in this thesis.
25
First, any examination of computers and civil liberties
seems to include a discussion of privacy. Computers provide
new ways of collecting and retrieving information about
individuals, and many civil libertarians see this use of
computers as a threat to privacy. However, privacy law will
not be a part of this thesis.
Second, the communication of data by electronic
transmission introduces a host of new and difficult
questions of copyright and patent. While these questions
are intriguing, they could themselves be the basis of
another thesis. While the law of intellectual property
plays a part in some of the cases involved in this area,
extended discussion of copyright or patent law is beyond the
scope of this thesis.
Third, where this thesis discusses computer-crime laws,
it will limit such discussion to the federal statutes
involved in the hacker-crackdown controversies of 1990.
Consequently, state computer-crime laws, of which there are
many, will not be discussed.
A Note About Sources and Citations A Note About Sources and Citations A Note About Sources and Citations
Because of the nature of this topic, a large number of
the sources used in this thesis are themselves electronic
publications, or are source documents made available through
electronic means. Citation of such documents is
problematic, as conventional citation forms are not readily
adaptable to nonprinted sources. In this thesis, citation
26
of an electronic document will provide complete
identification of the publication and the source through
which it was obtained. Because electronic publications do
not generally have page numbers, citation to a specific
passage in an electronic document will give the line number
in the file.
27
CHAPTER TWO: CHAPTER TWO: CHAPTER TWO:
The Net The Net The Net
This chapter will explore the nature of today's computer-
based media, both technological and cultural, in order to
lay the foundation for the discussion that follows.
The first section will describe the technological
foundation of computer-based communication. In order to
understand many aspects of this topic, and to appreciate the
culture of computer users, it is necessary first to
understand the media through which communication takes
place. Such an understanding requires a certain amount of
technical explanation. However, the minute technical
details of computer networking are less important than an
appreciation of the vast variety and immense power of the
technology.
The second section will examine the way in which these
media are used today. This will include general
descriptions and examples of the types of communication that
take place via computer-based media.
The final section will be a brief introduction to the
culture of computer hackers, a group that has played a
continuing and important role in the development of policy
in this area.
The Technology The Technology The Technology1
Several kinds of technological media exist through which
computer-based communication takes place. These can
generally be grouped into three categories: the computer
bulletin board system (BBS), the online information service
and the computer network. There is considerable overlap
between these categories, and within each category there is
much variation in implementation. Nonetheless, meaningful
distinctions can be made between these types of systems and
the way in which they operate.
Bulletin Board Systems (BBSs) Bulletin Board Systems (BBSs) Bulletin Board Systems (BBSs)
At the low end of the technological and economic scale is
the computer bulletin board system or BBS. Typically, a BBS
is operated on a single personal computer, often in a spare
bedroom or corner of the home of the system operator
(sysop). Such a BBS is usually operated strictly as a
hobby, and no fee is charged for access (though some BBSs
may charge a small fee to help defray costs). The only
equipment required to operate a BBS is a computer, BBS
software,2 a modem and a telephone line. In some cases the
1Much of the information in this section comes from the
author's own experience. Where this information has been
supplemented by external sources, or where such sources
might provide additional useful information, citations are
given.
2BBS packages include TBBS (The Bread Board System),
Wildcat! and Searchlight. Many BBS packages are shareware
(see infra note 7), bringing the cost of operating a BBS
even lower.
29
BBS will not even have its own telephone line but will share
the sysop's home or business line (and consequently may be
available only during certain hours).
The idea of a computer system publicly available for
posting messages goes back at least to 1973 when a project
called Community Memory went online in San Francisco. A
project of a group of progressive computer enthusiasts,
Community Memory was a system consisting of a mainframe3
computer connected to a dedicated teletype terminal placed
in a record store (a second terminal was added later). The
system functioned much like the message base of a modern
BBS, allowing anyone who wanted to use it to leave a message
that could be viewed by others.4
The first true BBS appeared in January of 1978 when two
members of a Chicago computer club called CACHE (Chicago
Area Computer Hobbyist Exchange) came up with the idea of
using a computer to help the club members share information
that had previously been posted on a real bulletin board.
The system, called the CACHE Bulletin Board System/Chicago
or CBBS/Chicago, was strictly a message board and ran on
3A mainframe is a large computer with abundant processing
power. The term is usually used to distinguish such large
computers from personal computers such as the IBM PC or the
Apple Macintosh. Technically, before the advent of such
small computers in the late 1970s, all computers were
mainframes. See Freedman, The Computer Glossary 434 (4th
ed. 1989).
4S. Levy, Hackers 155-58, 167-80 (Paperback ed. 1984).
30
software the two men, Randy Seuss and Ward Christensen,
designed over a weekend. The program was freely distributed
and widely adapted, and before long BBSs sprang up all over
the country.5
Today, many different BBS software packages offer
different features, but certain functions are common to
virtually all BBSs. After logging on to the BBS by
providing a user name and a password,6 a caller is usually
presented with a menu of BBS functions from which to choose.
These generally include bulletins, electronic mail (e-mail),
message areas, file downloads and perhaps other features
such as online games.
Bulletins, e-mail and the message areas are all forms of
electronic communication between BBS users. Bulletins are
text files, usually prepared by the sysop and usually
containing information about the operation of the BBS
itself. They inform the user of BBS rules and regulations,
the history of the BBS, scheduled down time and other
5Petersen, "Whether for Gabbing or Gobbling Facts,
Computer Bulletin Board Systems Have Taken Wing," Chicago
Tribune, Mar. 16, 1989, at sec. 5, p. 2; Balz, "Signing On
to the World of Computer Bulletin Boards," Chicago Tribune,
May 30, 1986, at 53.
6The user name or user ID may be the caller's real name
or a "handle." Systems that allow handles will usually also
require the user to provide his real name so the sysop can
verify his identity, even though the handle may be all that
other users will see. The password, chosen by the user, is
the BBS's primary means of maintaining security. Users are
usually advised to select a password that would not be easy
to guess and not to write the password anywhere.
31
information of general interest. Bulletins are often
displayed automatically to first-time callers, and some BBSs
require that callers read certain bulletins before full
access is granted.
E-mail is a private form of communication between two
users. An e-mail note will be addressed to a specific
person, using that person's user name, and will not be
visible to anyone else (except perhaps the sysop). When the
user to whom the note is addressed logs on, he will usually
be notified right away that he has mail waiting. He can
then read any e-mail notes waiting for him and reply if he
chooses to.
The heart of most BBSs is the "message base." Generally,
a BBS will have a number of message areas divided by topic.
Unlike e-mail notes, these messages are visible to any
caller. These message areas are public discussion forums
where any reader is free to jump in at any time.
In addition to these forms of communication, information
may also be published via the file download section.
Ordinarily, a BBS's file collection consists mostly of
public-domain and shareware7 software, but it may also
7Shareware is a method of software distribution in which
copies of a software product may be freely distributed
through BBSs and other means, allowing users to try the
software before deciding to buy it. If the user chooses to
continue using the software beyond a certain trial period,
he is expected to register it by sending a fee to the
program's author. In exchange for registering, the user
will typically receive printed documentation, upgrade
32
contain text files. These files might be extracts from
threads8 in the message areas, instructional articles,
electronic newsletters, fiction, poetry or virtually any
other form of written material.
Information Services Information Services Information Services
Similar in concept to the BBS, but very different in
scale, is the online information service. Unlike most BBSs,
the information service is a commercial enterprise,
operating on a subscription or membership basis and charging
a fee for access, usually an hourly rate. Such a service is
much larger than a BBS, operating on a mainframe computer
(or even an array of mainframe computers). Furthermore, the
information service supports hundreds or even thousands of
simultaneous callers and is available nationally, or even
internationally, through local telephone calls.
Major online information services in the United States
include CompuServe, Prodigy, GEnie, The Source and BIX. Of
these, the largest and most familiar is probably CompuServe,
a subsidiary of H&R Block. CompuServe has over half a
notices, technical support and perhaps a more fully
functional version of the software.
8A thread is "a more or less continuous chain of postings
on a single topic." Online Jargon File, version 2.9.6
(distributed via the Internet, Aug. 16, 1991), at line
15707.
33
million members9 who pay an hourly rate ($12.50 in 1991) to
use the service. Like a BBS, CompuServe features e-mail,
file libraries and message areas organized by topic.
However, these areas are so large and so numerous that books
exist for the sole purpose of helping one navigate them.
CompuServe also offers many special online services (some of
which cost an additional surcharge); users can make airline
reservations, search online databases, invest in the stock
market and shop in an "electronic mall" while online.10
Other online information services offer similar assortments
of services.
The Internet and Usenet The Internet and Usenet The Internet and Usenet
In terms of the number of users and the volume of
traffic, the largest component of the online community is
probably the international network of mainframe computers
generally referred to as the Internet. Originally called
ARPANet, this "network of networks" was originally developed
in 1969 by the U.S. Defense Advanced Research Projects
Agency (DARPA) to connect university computers to one
another. The first national computer network, it was
intended as a means of sharing resources among academic
researchers. During its first year the network had only
9CompuServe Inc., CompuServe Information Manager Users
Guide 2 (1989).
10See Compuserve Inc., Compuserve Almanac (5th ed. 1989).
34
four nodes,11 a number that grew to 25 by 1973. By the
1980s, however, the network had begun to grow exponentially,
and as access became more widely available its usage
broadened to include general-purpose communication.12 As of
July 1991, 535,000 nodes were connected to the Internet.13
Estimates suggest that the network serves as many as two
million individual users.14
Connected to the Internet is another international
network, the diverse and vital Usenet. Usenet is a
"volunteer" network in that it has no central authority or
governing body. The only requirement for operating a Usenet
node is finding another node willing to provide a
connection.15
Usenet began as the idea of two students at Duke
University in 1979, and the first two Usenet sites were
11A node is "a computer system used as a junction or
connection point in a communication network." Freedman,
supra note 3, at 482. In simple terms, a node is simply one
of the computers connected to a network. In the case of the
Internet, however, an individual node may actually be a
gateway to another entire network. See infra note 24.
12Hafner and Markoff, Cyberpunk: Outlaws and Hackers on
the Computer Frontier 278-80 (1991).
13"ACM Forum," Communications of the ACM, Nov. 1991, at
21-22 (letter from Mark Lottor, SRI International, Network
Information Systems Center).
14Hafner and Markoff, supra note 12, at 280.
15Cerf, "Networks," Scientific American, Sept. 1991, at
50.
35
called unc (at the University of North Carolina) and duke.16
As of October 1991 Usenet had an estimated 40,000 sites and
served 1,902,000 active users.17
Usenet provides e-mail services as well as a set of
public discussion forums called newsgroups. A newsgroup is
simply a series of messages, called articles, related to a
particular topic. A user with access to Usenet can post an
article to a newsgroup, and that article will then be
propagated to all other Usenet sites carrying that
newsgroup. Although there is no authority mandating
adherence to any rules regarding newsgroup administration, a
set of conventions has emerged regarding the creation of
newsgroups and their arrangement within standard
hierarchies. Any newsgroup created without adherence to
these conventions is unlikely to be carried by other
sites.18
The standard newsgroup hierarchies include, among others,
rec, for recreational topics; comp, for computer-related
16Each node on a network must have a unique name to
identify it. This name is used as part of the network
addressing used to route e-mail and other data to the node.
Network convention is to give the name of a node in lower
case.
17Usenet Readership Summary Report for October 91 (text
file distributed via Usenet, Nov. 2, 1991).
18G. Spafford, What Is Usenet? (text file distributed via
Usenet, Sept. 9, 1991), at line 243.
36
topics; and soc, for social topics.19 Hence a newsgroup for
discussing dogs is called rec.pets.dogs. There are also a
number of "alternative" newsgroup hierarchies that do not
generally follow the standard rules, but are nonetheless
carried by a large number of systems (though not
universally).20
Other national or international mainframe networks
include Bitnet, which connects educational institutions, and
Milnet, which connects American military installations.
BBS Networks BBS Networks BBS Networks
In addition to the nationwide (and worldwide) mainframe
networks, the 1980s also saw the emergence of several
networks connecting small BBS systems to one another. The
oldest and largest is FidoNet, which began as a pair of BBSs
in Baltimore that had the capability of exchanging messages.
As other systems were added, it grew into a nationwide
network.21 Today FidoNet has more than 11,000 nodes.22
A caller to a FidoNet BBS will usually find two different
groups of message areas. One contains the local message
19G. Spafford, List of Active Newsgroups (text file
distributed via Usenet, July 25, 1991).
20G. Spafford, Alternative Newsgroup Hierarchies, (text
file distributed via Usenet, Sep. 9, 1991).
21Dvorak and Anis, Dvorak's Guide to PC
Telecommunications 96-7 (1990).
22"FidoCon91 -- 408 Attend Biggest BBS Bash Ever,"
Boardwatch Magazine, Oct. 1991, at 13.
37
base, those messages available only to callers of the same
BBS. The other area contains the FidoNet message areas, or
echoes, which are the messages shared through the FidoNet
network. Generally, a FidoNet BBS will go offline once per
day, usually at night, and during that time will connect to
neighboring FidoNet boards. The BBSs will exchange
messages, and in that way a message posted to a FidoNet echo
will eventually be propagated to every FidoNet board.
Other BBS networks include Alternet, Eggnet and
PCBoard.23
Gateways Gateways Gateways
As systems become more interconnected, the distinctions
between BBSs, information services and national networks
become less important to the user. Today gateways24 exist
between virtually all of these networks and information
services. A user with an account on any of these systems,
therefore, can send electronic mail through these gateways
to a user on any of the others. A CompuServe subscriber,
for instance, can address an e-mail message in such a way
that it will be transmitted through an Internet gateway to a
FidoNet node.
23Dvorak and Anis, supra note 21, at 100.
24A gateway is "a computer that connects two different
communication networks together. The gateway will perform
the protocol conversions necessary to go from one network to
the other." Freedman, supra note 3, at 307.
38
The effect of this is the creation of a single, vast
network, connecting users from all walks of life and
virtually every geographic location. Indeed, many users do
not distinguish between the Internet, Usenet and other
networks; instead, the entire global complex of
interconnected computer networks is often referred to simply
as "The Net."25 A computer hobbyist with an account on a
FidoNet BBS or a privately-owned Usenet node can participate
in an online community populated by scientists, college
students, professionals, government employees and others
across the globe. This virtual world,26 existing not in
physical space but in the electronic realm of computer
networks, is sometimes called cyberspace.27
The Culture The Culture The Culture
Originally, mainframe networks such as the Internet were
created to provide a means by which scientists could share
technical information.28 Likewise, BBSs originally existed
to provide specialized groups of people with a medium
through which they could exchange information. But the way
25E.g., Godwin, "The First on a New Frontier," The Quill,
Sept. 1991, at 19.
26In computer science, virtual describes a "simulated or
conceptual environment and, as a result, may refer to
'virtually' anything." Freedman, supra note 3, at 735.
27Hafner and Markoff, supra note 12, at 9.
28Id. at 280.
39
in which these media are used today goes far beyond mere
information sharing. Instead, computer networks and the
systems they comprise have become a means of association, a
community not bound by geography. In this virtual
community, people from all over the world meet and associate
with others who share their interests, all without ever
seeing one another.
Naturally, much of the discussion that takes place
through these media is on the subject of computers. But a
surprising amount is nontechnical in nature. On Usenet, for
instance, none of the five most popular newsgroups are
computer-related.29 Instead, Usenet newsgroups provide a
forum for discussing sex, Star Trek, movies, Indian culture,
cooking, politics, law, country music, and any other topic
of enough interest to inspire the creation of a newsgroup.30
A thread on a Usenet newsgroup might begin with an
article like this one from rec.music.country.western:
From: uuwayne@venus.lerc.nasa.gov (Wayne Stopak)
Newsgroups: rec.music.country.western
Subject: Keith Whitley
Date: 7 Nov 1991 12:44 EDT
29The five most popular newsgroups as of October 1991
were alt.sex, rec.humor.funny, misc.jobs.offered, rec.humor
and rec.arts.erotica. Top 40 Newsgroups In Order By
Popularity, text file distributed via Usenet, November 2,
1991.
30As of July 25, 1991, there were 569 newsgroups in the
standard hierarchies, as well as 655 in "alternative"
hierarchies, for a total of 1,224. Spafford, supra notes 19
and 20.
40
I have only been listening to country music for a
little while now
on W.G.A.R. in Cleveland. They play some Keith Whitley
that I
like, namely, I'M NO STRANGER TO THE RAIN and DON'T
CLOSE YOUR
EYES. I know that he is no longer alive. Does anyone
know when
or how he died? How old was he?31
To which the following response might appear:
From: warnock@nssdca.gsfc.nasa.gov (Archie Warnock)
Newsgroups: rec.music.country.western
Subject: Re: Keith Whitley
Date: Fri, 8 Nov 1991 14:15:00 GMT
<'scuse me, guys - I'll handle this...>
Keith died of alcohol poisoning in May of 1989 at the
age of 34.
"Don't Close Your Eyes" was the song of the year for
1988, and
just a glimmer of what we'd have gotten from him, had
he lived.32
Of course, Usenet newsgroups are not limited to
recreational topics. Many newsgroups are devoted to
political discussions,33 as shown by these examples from two
threads in the newsgroup talk.politics.misc:
From: enbal@tamu.edu (James L. Heilman)
Subject: Pat Buchanan and David Duke
Date: 18 Nov 91 21:42:06 GMT
31Article posted to Usenet newsgroup
rec.music.country.western on November 7, 1991. Newsgroup
articles have been edited slightly for cosmetic reasons, but
errors in grammar and spelling -- arguably part of the
unique flavor of Usenet -- have been left intact.
32Article posted to Usenet newsgroup
rec.music.country.western on Nov. 8, 1991.
33These include talk.politics.drugs,
talk.politics.mideast, talk.politics.soviet,
talk.politics.theory, soc.politics,
alt.politics.homosexuality, and others.
41
Newsgroups: talk.politics.misc
Given the fact that Pat Buchanan and David Duke will
likely run
for president, a columnist recently wrote that for
George Bush to
get elected, he must run to the right of Buchanan and
to the left
of Duke. Sounds like a Bozo sandwich to me. As to the
remarkably
high voter turnout in Louisiana, George Will stated on
This Week
With David Brinkley that the way to increase voter
turnout in the
U.S. is to run a crook against a Nazi.
From: bard@cutter.ssd.loral.com (James Woodyatt)
Newsgroups: talk.politics.misc,alt.censorship
Subject: Re: Censorship of 'Doonesbury'
Date: 19 Nov 91 01:43:37 GMT
In article <1991Nov17.014025.527@desire.wright.edu>,
demon@desire.wright.edu (Enemy of Totalitarianism)
writes:
> Great, if you want to play word games, then we'll
play along:
> Newspapers have every right to censor their
publication.
> Newspapers are exercising their right to censor their
> publication. Newspapers ARE NOT CENRSORING Mr.
Trudeau.
> In the context of the censorship of Mr. Trudeau,
there is no
> censorship. He can continue to spout his views, he
can talk to
> people in the street, pass out leaflets, get
published in
> sympathetic newspapers, but freedom of speech does
not garauntee
> access to any and all printed material. It protects
individuals
> and organizations from being prevented from airing
their
> views in a public forum, which is not happening to
Mr. Trudeau.
> He can not force people to listen to him, or to print
his views.
> Let him start his own newspaper if he wants to repeat
lies.
Oh, if only it were so bloody simple. It's not.
42
The San Jose Metro wanted to print the strips that the
San Jose
Mercury News wouldn't run, so they went to United Press
Syndicate
and told them what they wanted to do. UPS said it was
fine with
them as long as the Merc, which has exclusive rights to
print
Doonesbury in the South Bay Area here, signed a waiver
allowing
the Metro to print the strips that the Merc wouldn't.
The Merc
refused saying that their intention was to prevent the
strip from
being read in the South Bay.
Tell me with a straight face that is not censorship. It
is not
illegal. It can be argued that it is not even immoral
on its face.
But it is certainly censorship.
> But they do not send people around to the sources
saying "don't
> try to publish anywhere else, either". That's why
this form of
> "censorship" is more commonly known as "editing".
The S.J. Mercury News effectively "edited" the strips
out of all the papers in the South Bay area.34
The decentralized and uncontrolled nature of Usenet
permits disagreements between participants to become quite
heated. This is probably exacerbated by the fact that
posters may forget social niceties when communication is not
face to face. A personal attack on another poster is called
a flame, and flaming is one of the hazards of life on the
network.
34Articles posted to Usenet newsgroup talk.politics.misc
on Nov. 18 and 19, 1991. In a reply to another article, net
convention is to place the ">" symbol to the left of quoted
passages from the article being replied to.
43
Electronic Magazines Electronic Magazines Electronic Magazines
BBS message areas and Usenet newsgroups are propagated to
many people and are themselves a form of publishing. But
even closer analogies exist to conventional, printed media
such as newsletters and magazines. Numerous electronic
magazines and newsletters are published regularly and
distributed to subscribers via computer.
Bitnet, the mainframe network connecting educational
institutions, features a number of electronic journals and
magazines. These include academic journals covering topics
such as computers, psychology, medicine and education; they
also include magazines of fiction, music reviews and
environmental issues.35
BBSs also feature a number of online publications.
Boardwatch, a magazine devoted to news related to BBSs and
online services, is published monthly in both printed and
online formats; it can be found both on newsstands and on
BBSs that subscribe to it. Another magazine, Info-Mat, is
published only electronically and covers general computer-
industry news. FidoNet BBSs carry Fido News, a newsletter
covering FidoNet and BBS topics.
35Bitnet Servers (text file distributed via Bitnet); see
also E. Parker, "Computer Conferencing Offers Boundless
Geography, Time," Journalism Educator, Winter 1991, at 49.
44
The Hacker Culture The Hacker Culture The Hacker Culture
An important subset of the culture of "the Net" is what
has been called the computer underground, particularly the
"hacker" subculture. Chiefly because of its prominent
involvement in cases and controversies that have contributed
to the development of policies affecting free speech, this
part of the online community warrants special consideration.
To discuss computer hackers, it is necessary first to
explain what is meant by the term. The word hacker has many
different meanings and is used differently by different
groups. The online Jargon File, an extensive lexicon of
hacker slang distributed via computer networks, defines the
word hacker thus:
[originally, someone who makes furniture with
an axe] n. 1. A person who enjoys exploring the
details of programmable systems and how to stretch
their capabilities, as opposed to most users, who
prefer to learn only the minimum necessary. 2.
One who programs enthusiastically (even
obsessively) or who enjoys programming rather than
just theorizing about programming. 3. A person
capable of appreciating {hack value}. 4. A person
who is good at programming quickly. 5. An expert
at a particular program, or one who frequently
does work using it or on it; as in 'a UNIX
hacker'. (Definitions 1 through 5 are correlated,
and people who fit them congregate.) 6. An expert
or enthusiast of any kind. One might be an
astronomy hacker, for example. 7. One who enjoys
the intellectual challenge of creatively
overcoming or circumventing limitations. 8.
[deprecated] A malicious meddler who tries to
discover sensitive information by poking around.
Hence 'password hacker', 'network hacker'.36
36Jargon File, supra note 8, at line 8397.
45
The word hacker originated in the early computer labs at
MIT in the late 1950s. Originally, it did not even
necessarily involve computers but referred generally to a
person who derived pleasure from mastering complex
technological systems (such as the telephone network or even
a subway system). Soon, however, the word came to mean a
person who compulsively programmed a computer, usually
ingeniously, and did so for its own sake rather than to
achieve any goal (other than the program itself).37
More recently, however, the word has most commonly been
understood to mean a person who gains unauthorized access to
computer systems. This has been the preferred usage in the
mainstream media, although in computer-enthusiast circles
this meaning is often frowned upon. The word cracker,
according to the Jargon File, was coined in the mid-1980s to
take this meaning in an attempt to stave off the distortion
of hacker brought about by the popular press.38 Cracker is
not widely understood outside hacker circles but is used
within that culture.
To some degree, the ambiguity of the word hacker is
unavoidable. The two senses are not mutually exclusive: An
"unsavory" hacker (a cracker) is also a hacker in the
classic sense, a person who enjoys exploring and mastering
37See generally Levy, supra note 4.
38Jargon File, supra note 8, at line 4725.
46
the complex systems of computers and telecommunications.
Therefore, while all hackers might not break into computer
systems, it is not generally inaccurate to apply the word
hacker to someone who does.
Despite the potential ambiguity, this thesis will use the
word hacker mainly in its popular sense: a person who, using
stolen passwords or other security breaches, gains
unauthorized access to a computer system. Most available
sources use the word in this sense, and continual shifting
of terminology would not be useful. However, it is
necessary first to discuss the elements of hacker culture
that are common to all hackers, crackers and "classic"
hackers alike. In this context, where such distinctions are
necessary, the word cracker will be used to specify a hacker
who breaks into computer systems.
That computer hackers have a culture all their own seems
beyond question. The introduction to the Jargon File
explains the justification for a lexicon of hacker
terminology:
The 'hacker culture' is actually a loosely
networked collection of subcultures that is
nevertheless conscious of some important shared
experiences, shared roots, and shared values. It
has its own myths, heroes, villains, folk epics,
in-jokes, taboos, and dreams. Because hackers as
a group are particularly creative people who
define themselves partly by rejection of 'normal'
values and working habits, it has unusually rich
47
and conscious traditions for an intentional
culture less than 35 years old.39
The history and evolution of this culture was traced by
Steven Levy in his book Hackers: Heroes of the Computer
Revolution (1984). The beliefs and values of the hacker
culture Levy summed up in what he called the "Hacker Ethic":
Access to computers -- and anything which might
teach you something about the way the world works
-- should be unlimited and total....
All information should be free....
Mistrust Authority -- Promote
Decentralization....40
Ideas such as these help to explain the motivations of
modern crackers as they break in to computer systems "just
to look around" and attempt to wrest control of large
systems away from their owners.
More recently Gordon Meyer, a sociology student at
Northern Illinois University, examined the social
organization of the computer underground.41 Meyer defines
the computer underground as including not only hackers
(crackers) but also phone phreaks, people who obtain and use
unauthorized information about the telephone system, and
pirates, people who collect and trade illegitimate copies of
39Id. at line 55.
40Levy, supra note 4, at 40-41.
41G. Meyer, The Social Organization of the Computer
Underground, unpublished master's thesis, Northern Illinois
University, Aug. 1989.
48
commercial software.42 These groups are related and,
especially in the case of phone phreaks and hackers,
overlapping.43
While the ethics of hackers and phreakers might be
questioned, their attitudes seem clearly descended from
Levy's "Hacker Ethic" and motivated not by malice, but by a
desire for knowledge:
The phone system is the most interesting,
fascinating thing that I know of. There is so
much to know....
Phreaking involves having the dedication to
commit yourself to learning as much about the
phone system/network as possible. Since most of
this information is not made public, phreaks have
to resort to legally questionable means to obtain
the knowledge they want.44
Meyer's study demonstrates that the computer underground
exhibits characteristics of a loosely organized social
group, including association, sharing of information and
socialization, all through the media of BBSs and computer
networks.45 This degree of contact between individuals,
together with the existence of specialized language and
conduct, indicate clearly that the computer underground is
42Id. at 25.
43Id. at 28.
44Phreaker quoted by Meyer, id. at 29.
45Id. at 63.
49
truly a culture.46 But this culture is dependent upon
computer-based communication for its existence.
Conclusions Conclusions Conclusions
It is beyond question that this medium falls squarely
within the Supreme Court's definition of "the press": "The
press in its historical connotation comprehends every sort
of publication which affords a vehicle of information and
opinion."47
Rather than a "niche" medium of interest only to
scientists, or a medium of only potential value to society
at large, computer-based communication is used today by
countless thousands of people to engage in speech at the
very heart of that protected by the First Amendment.
Furthermore, the ready availability of the technology means
that anyone with a few hundred dollards and the desire to do
so can become a "publisher" with a potential audience of
vast size. "The new computer-based forums for debate and
information exchange," writes attorney Mike Godwin, "are
perhaps the greatest exercise of First Amendment freedoms
this country has ever seen."48 Unencumbered by the
governmental regulation and financial barriers associated
46Id. at 76.
47Lovell v. City of Griffin, 303 U.S. 444, 452 (1938).
48Godwin, supra note 25, at 18.
50
with other media -- few people can afford to own a newspaper
or broadcast station -- computer-based communication
represents the epitome of a "robust and wide-open" debate.49
It is also a medium that has spawned its own unique culture,
and it is that culture's primary means of First-Amendment-
protected communication and association.
49"[W]e consider this case against the background of a
profound national commitment to the principle that debate on
public issues should be uninhibited, robust, and wide-open,
and that it may well include vehement, caustic, and
sometimes unpleasantly sharp attacks on government and
public officials." New York Times Co. v. Sullivan, 376 U.S.
254 (1964), at 270.
51
CHAPTER THREE: CHAPTER THREE: CHAPTER THREE:
Hackerphobia Hackerphobia Hackerphobia
Recent controversies involving computers and the First
Amendment have been the culmination of a conflict that has
been building since at least the early 1980s. It was then
that the activities of computer hackers first came to the
attention of Congress, leading eventually to the passage of
laws addressing the perceived problem and opening the door
to the kind of zealous prosecution that came later.
The important computer crime legislation passed by
Congress during the 1980s consisted of the Counterfeit
Access Device and Computer Fraud and Abuse Act of 1984,
later amended by the Computer Fraud and Abuse Act of 1986.1
The 1984 act, part of an omnibus crime bill, was aimed
primarily at credit card fraud, but also established new
computer crime offenses. It created several new offenses
for unauthorized access to a "federal interest computer"2
resulting in at least $5,000 or more in illegal gains,
unauthorized access to classified government data, or
unauthorized access to confidential financial data. The
1986 act made some technical adjustments to the wording of
118 U.S.C. S1029, 1030 (1988).
2A federal interest computer is defined in the act as a
computer used by the government or a federally insured
financial institution or a computer used in committing an
offense involving computers in more than one state. 18
U.S.C. S1030(e)(2) (1988).
these offenses and added two new ones: one for "malicious
damage" involving access to a federal interest computer, and
one proscribing trafficking in stolen passwords.
These laws only incidentally affected free speech by
providing law enforcement agencies with broad new authority
to prosecute computer crime. In order to understand whether
that authority has been abused, it is necessary first to
identify Congress's intentions.
By examining the committee hearings held throughout the
1980s on the subject of computer crime, this chapter will
identify the attitudes and concerns that contributed to
these computer crime laws. It will examine the roles not
only of the legislators themselves, but also of witnesses
from the industry, law enforcement community and hacker
culture.
Government Takes Notice Government Takes Notice Government Takes Notice
The number and variety of information services and other
forms of computer-based communication available in this
country suggest a vigorous and almost totally free medium of
expression. But this freedom has been the freedom of a
frontier -- only fairly recently have government regulators
begun to notice what goes on in the virtual world. Writer
John Perry Barlow (a cofounder of the Electronic Frontier
Foundation) has drawn comparisons between the "electronic
frontier" of cyberspace and the Old West:
53
Cyberspace, in its present condition, has a lot
in common with the 19th Century West. It is vast,
unmapped, culturally and legally ambiguous,
verbally terse (unless you happen to be a court
stenographer), hard to get around in, and up for
grabs. Large institutions already claim to own
the place, but most of the actual natives are
solitary and independent, sometimes to the point
of sociopathy. It is, of course, a perfect
breeding ground for both outlaws and new ideas
about liberty.3
It was only a matter of time before government at some
level became interested in the activities associated with
computer communication. In the words of policy analyst Eli
Noam, "The problems involving the increased computerization
of society are somewhat analogous to those that occurred
with the advent of the automobile. The car was a wonderful
thing until we discovered that it produced something called
pollution. Then we had to do something about it, or we were
going to choke on its fumes."4 In the case of computer
communication, the "pollution" that first drew the attention
of regulators was computer hacking.
WarGames WarGames WarGames
Widespread public awareness of computer hacking can be
traced to 1983 and the release of the movie WarGames, which
tells the story of David Lightman, a high-school student who
breaks into a military computer and nearly starts World War
3Barlow, "Crime and Puzzlement," Whole Earth Review, Fall
1990, at 45.
4Daly, "Group Tries Taming 'Electronic Frontier,'"
Computerworld, Mar. 25, 1991, at 77.
54
III.5 Lightman, trying to reach a game company's system,
accesses a fictitious Defense Department computer called the
WOPR (War Operations Planned Response, pronounced
"whopper"), which has just been given direct control of the
nation's nuclear missiles. Playing what he thinks is a
game, Lightman initiates a program that brings the world to
the brink of nuclear war.
The movie, while entertaining, depicts events ranging
from highly unlikely to utterly impossible -- in the words
of one expert, "nothing more than very interesting
fantasy."6 Despite its implausibility, however, the movie
contributed to a heightened awareness of computer security
issues.7
Only months after the release of WarGames, the FBI, with
much publicity, arrested a group of young computer hackers
from Minneapolis who called themselves the 414s (after their
telephone area code). Over the course of several months,
they had broken into numerous computer systems ranging from
military computers at the Los Alamos National Laboratory to
5MGM/UA 1983.
6Computer and Communications Security and Privacy:
Hearings Before the Subcommittee on Transportation, Aviation
and Materials of the Committee on Science and Technology,
House of Representatives, 98th Cong., 1st Sess. (1983)
(statement of Stephen Walker, president, Trusted Information
Systems, Inc.)
7See, e.g., McLellan, "The Hacker's Bane," Inc., Dec.
1983, at 55; Heins, "Foiling the Computer Snoops," Forbes,
Nov. 21, 1983, at 58.
55
a medical records system at the Memorial Sloan-Kettering
cancer research hospital.8 The hackers had apparently been
inspired at least partly by WarGames, although their
activities had begun prior to the film's release.9 They had
done no damage to most of the systems they had infiltrated,
though files were erased on a few. Certainly no real danger
of the sort depicted in WarGames ever existed.10
Nonetheless, the arrests seemed to confirm the fears that
movie had created.
The cumulative effect of WarGames and the arrests of the
414s was to catapult hacking into the public eye. It seemed
that hacking -- which had, in one form or another, been
around for decades -- was no longer as harmless as it may
once have been. Society's increasing dependence on
computers was a new vulnerability. Arizona prosecutor Gail
Thackeray, a key player in the later Operation Sun Devil,
returned to the Old West analogy to describe this feeling:
Out here in the Wild West, when it was just a
few settlers on the land, frontier justice had its
place.... You could rustle up wild horses, have
Saturday night shoot-'em-ups, do whatever you
wanted. But as the West became more settled,
there were still a few guys who wanted to go out
8See, e.g., Markoff, "Teen Hackers' Antics Prompt House
Hearing," InfoWorld, Nov. 7, 1983, at 26; DeWitt, "The 414
Gang Strikes Again," Time, Aug. 29, 1983, at 75.
9Gillard and Smith, "Computer Crime: A Growing Threat,"
Byte, Oct. 1983, at 398.
10See, e.g., Alpern and Lord, "Preventing WarGames,"
Newsweek, Sep. 5, 1983, at 48.
56
and have shoot-'em-ups on Saturday night. But now
they also wanted to shoot at the telegraph poles.
And as the shooters began to attack things the
community valued, the community acted to protect
its rights.11
It was not long before Congress responded to this sudden
awareness of the threats of hacking in a computer-dependent
society. Several committees in the House of Representatives
and the Senate began holding hearings on computer crime.12
All shared a recognition of the pervasiveness of computers
in American society and the drawbacks associated with that
pervasiveness, as illustrated by Rep. Dan Glickman's (D-
Kansas) remarks at one of the earliest hearings, in the fall
of 1983:
We are in an era where we cannot live without
computers. Now, of course, we must learn to live
with them. But have we lost control? Have we
created a monster? Are we, in effect, the modern-
day Dr. Frankenstein? Do we have a technical
problem or is there an ethical problem? And I
suspect the answer is probably both.13
11Bromberg, "In Defense of Hackers," The New York Times
Magazine, April 21, 1991, at 45.
12These included the Subcommittee on Civil and
Constitutional Rights and the Subcommittee on Crime of the
House Judiciary Committee, the Subcommittee on
Transportation, Aviation and Matterials of the House
Committee on Science and Technology, the Subcommittee on
Health and the Environment of the House Energy and Commerce
Committee, and the Subcommittee on Oversight of Government
Management of the Senate Governmental Affairs Committee.
13Computer and Communications Security and Privacy, supra
note 6, at 2.
57
To illustrate the danger, the subcommittee then proceeded
to watch an excerpt from WarGames.14
When that subcommittee issued its report a few months
later, among its findings were that computers were pervasive
in American society; that they represented "assets of
incalculable value"; and that their vulnerability presented
"a problem of national significance."15 But its
recommendations were not drastic: It suggested that Congress
charter a national commission to gather more information on
the subject and to ultimately recommend a policy
framework.16 And seemingly recognizing that more was at
stake than just computer crime, the report said that the
commission should consider not only the vulnerabilities of
"critical national systems," but should also take into
account "the implications of technological innovation on
government, society and the individual."17
The Subcommittee on Civil and Constitutional Rights of
the House Judiciary Committee held a hearing in late 1983 to
explore the question of whether a federal law would be an
14Id. at 13.
15Computer and Communications Security and Privacy:
Report Prepared by the Subcommittee on Transportation,
Aviation and Materials, Transmitted to the Committee on
Science and Technology, House of Representatives, 98th
Cong., 2d Sess. (1984), at 1.
16Id.
17Id.
58
appropriate remedy to this potential epidemic of computer
crime.18 Rep. Glickman advised the committee members that
the subject was more complicated than they thought, though
he stopped short of suggesting a First Amendment problem:
[This subject] goes far beyond the issue of
whether there ought to be a Federal crime against
accessing illegally a computer of somebody else's
system. It involves privacy issues, it involves
management questions both in the private sector
and in the Federal Government.... I would tell you
that with technology changing so dramatically,
electronic mail, a variety of things, I would just
urge you to be somewhat cautious in how you
proceed in this area.19
The onward march of technology was at the heart of the
problem: It was evident that the government was ill-equipped
to deal with a technology it didn't understand. Rep. Dan
Mica (D-Florida) reported that the committee's legislative
drafting service was having difficulty drafting a computer-
crime bill because it didn't have any attorneys
knowledgeable about computers.20 "We have to grope and we
have to patch and paste from [existing law], and there isn't
much," he said. "It is all new ground."21
18Computer Crime: Hearing Before the Subcommittee on
Civil and Constitutional Rights of the Committee on the
Judiciary, House of Representatives, 98th Cong., 1st Sess.
(1983).
19Id. at 3.
20Id. at 10.
21Id.
59
"Falling Through The Cracks" "Falling Through The Cracks" "Falling Through The Cracks"
What were the objectives of legislators as they
approached this new form of crime? Why did they feel that a
new federal law was called for? The basic idea seemed to be
that computer criminals would somehow "fall through the
cracks" between existing laws covering fraud, theft and
embezzlement.22 Rep. Bill Nelson (D-Florida) summed up the
concern:
[T]here is [a] new kind of criminal that is
lurking in the shadows of criminal activity. He
is a highly sophisticated criminal. He is a high-
technology criminal, and he is one who, when faced
by the Nation's prosecutors, often find they do
not have the adequate tools to prosecute.23
Support for this statement, however, seemed lacking.
Prosecutors at several hearings testified about their
experience with computer crime, and universally, they had
succeeded in prosecuting every case they had pursued. An
FBI witness listed crimes committed by computer in terms of
the existing statutes under which they were already being
prosecuted: wire fraud, interstate transportation of stolen
property, bank fraud and embezzlement, destruction of
government property, and theft of government property.24
22Computer Crime, supra note 18, at 3-5.
23130 CONG. REC. H7632 (daily ed. July 24, 1984)
(statement of Rep. Nelson).
24Id. at 24 (statement of Floyd I. Clarke, Deputy
Assistant Director, Criminal Investigative Division, Federal
Bureau of Investigation).
60
"We in the FBI have not had, to date, any significant
problems in prosecution of computer related crime under
already existing statutes over which we have jurisdiction,
such as the Fraud by Wire Statute."25 Indeed, although
prosecutors expressed fears about the difficulty of
prosecuting computer crime under existing laws, there were
many examples provided at the hearings of computer crimes
that had been successfully prosecuted.26
Nonetheless, the FBI and other law-enforcement witnesses
went on record as supporting new laws to prevent potential
future problems. One prosecutor who had been involved in
successful computer-crime prosecutions summed up this
attitude: "It is my view that any additional tool that can
assist the prosecutor, albeit one that has not so far been
needed, is not something that I would turn down."27
Victoria Toensing, a federal deputy assistant attorney
general, explained in more detail:
I am quite certain that sooner or later, we are
going to run into some factual situations where we
cannot slip the step-sister's foot into
25Ibid.
26See, e.g., Computer Crime, supra note 18, at 15-17
(statement of Rep. Coughlin) (youths who stole $100,000 in
merchandise by computer and were successfully prosecuted);
at 18-19 (statement of John Keeney, Deputy Assistant
Attorney General, Criminal Division, Department of Justice)
(two "difficult" cases nonetheless prosecuted under existing
law).
27Id. at 25 (statement of William Block, Assistant U.S.
Attorney for the District of Columbia).
61
Cinderella's slipper, and we will need a statute
that really covers computer fraud....
I stress that this is a potential problem
because so far at least we have been able to
prosecute computer fraud cases under existing
statutes.28
The "Hacker Threat" The "Hacker Threat" The "Hacker Threat"
The hearings also revealed that, despite the excitement
caused by WarGames and the 414s, the hacker threat was not
great. Several witnesses, including 414 hacker Neal
Patrick,29 testified that the most rudimentary of security
precautions would have prevented their break-ins. Asked if
it was possible for hackers to do extensive damage, Patrick
responded, "I think it is. But I also think it's very easy
to prevent that. There is no need for million-dollar
security measures, but just commonsense ideas and attitudes
would prevent most of this, if not all of this, from
happening."30 Robert Morris, a prominent computer security
expert who had worked with the National Security Agency,
agreed:
The notion that we are raising a generation of
children so technically sophisticated that they
can outwit the best efforts of the security
28Computer Fraud Legislation: Hearing Before the
Subcommittee on Criminal Law of the Committee on the
Judiciary, U.S. Senate, 99th Cong., 1st Sess. (1985), at 34-
5 (statement of Victoria Toensing, Deputy Assistant Attorney
General, Criminal Division, Department of Justice).
29Computer and Communications Security and Privacy, supra
note 6, at 17.
30Id. at 19.
62
specialists of America's largest corporations and
of the military is utter nonsense. I wish it were
true. That would bode well for the technological
future of the country.... These kids appear to be
having fun and, in most cases, the techniques
involved, the techniques required have almost no
sophistication whatever. They are the moral
equivalent of stealing a car for joy riding
purposes when the keys have been left in the
ignition.31
By and large, most legislators seemed to understand this
-- that the success of hackers such as the 414s was due
almost entirely to poor password control and other lax
security procedures.32 And they were reassured by
government witnesses that rigorous security measures made
sensitive national-security data such as that at Los Alamos
impervious to access by outsiders.33 Nonetheless, many
seemed to favor a "brute force" approach to solving the
immediate problem:
I have learned that this problem is largely the
result of poor and/or lax computer security.
However, until computer security is improved and
installed I believe we owe it to our citizenry to
protect those records and the vital information
which is so stored. This protection can best be
afforded with a federal statute ...34
31Computer and Communications Security and Privacy, supra
note 6, at 507 (statement of Robert Morris).
32See, e.g., Computer Crime, supra note 18, at 7
(statement of Rep. Glickman).
33Computer and Communications Security and Privacy, supra
note 6, at 34 (statement of Jimmy McClary, Division Leader
for Operation Security and Safeguards Division, Los Alamos
National Laboratory).
34Computer Crime, supra note 18, at 17 (statement of Rep.
Coughlin (R-Pennsylvania)).
63
Others continued to believe that hackers were a serious
threat to American businesses and to national security.
Legislators spoke of the "underground culture of people
known as computer hackers who continuously try to defeat the
security measures programmed into modern computers."35 But
attempts to uncover a hacker conspiracy capable of bringing
down the entire national infrastructure were unsuccessful.
Rep. William Carney (R-New York) asked hacker Neal Patrick
if he was aware of any "professional groups" of hackers who
worked to break into computers for personal gain. When
Patrick said no, Carney reminded him of TAP, which he
described as "an organization [with] bulletins, letters, and
communications back and forth."36 In fact, TAP was not an
organization at all, but a four-page newsletter
(Technological Assistance Program) providing technical
information of interest to hackers.37 Rep. Glickman asked
witness Donn Parker, who described himself as a hacker (but
not of what he called the "unsavory" variety), if there was
a "hackers organization,"38 to which Parker said no. Parker
went on to say that he had been approached by military
35Computer and Communications Security and Privacy, supra
note 6, at 2.
36Id. at 21.
37Hafner and Markoff, Cyberbunk: Outlaws and Hackers on
the Computer Frontier 20-21 (1991).
38Computer and Communications Security and Privacy, supra
note 6, at 81.
64
officials who were also concerned about organized hacker
conspiracies:
I was paid a visit by some of the Office of
Special Investigations of the Air Force on this
exact concern of theirs.... [I]n the future what
they were concerned about was sort of a type of an
electronic Messiah, a charismatic figure being
able to rally the unsavory hacker forces together,
and in effect direct them towards the penetration
-- organized penetration -- of computer systems.39
The potential danger from such an "electronic Messiah" --
or in Rep. Glickman's words, "a 21st century Adolf Hitler"40
-- was evidently perceived as great. One study cited by
Parker had tackled the question of whether computer crime
could bring about "national collapse" in the United States.
While the study's conclusion was negative, it said that
great damage could still be done; and Parker added that many
experts disagreed with the conclusion and felt that the
nation had already reached "a critical stage of
vulnerability."41
Despite these fears, it became clear as the hearings
progressed that hackers generally were merely mischievous
rather than malicious. As one witness cautioned, "You don't
want to lock up some kid who is just fooling with his
computer and all of a sudden he is guilty of a felony and
39Id.
40Id.
41Id. at 77.
65
you have an obligation to go after him, like in that movie
we saw."42
Most legislators seemed ultimately to conclude that the
real threat was not from hackers at all, but from a less
spectacular source: employees and others who already had
authorized access and misused it.43
Exaggerated Fears: The "WarGames Scenario" Exaggerated Fears: The "WarGames Scenario" Exaggerated Fears: The "WarGames Scenario"
There remained those, however, whose fear of computers
and of mysterious, shadowy hackers -- perhaps reinforced, or
even caused, by WarGames -- led to a tendency to exaggerate
the danger of hackers. Legislators couldn't resist the
temptation to compare real-life hacking incidents to
WarGames, despite assurances that the events in the film
were impossible. While certainly there may have been a real
computer-crime problem, that problem -- fraud perpetrated by
insiders -- was in reality less spectacular and exciting.
And legislators tended to see grave problems where there
were, at best, only potential problems.
This tendency is perhaps best illustrated by the hearings
and debates surrounding one of the post-WarGames computer-
42Computer Crime, supra note 18, at 28 (statement of Mr.
Edwards).
43See, e.g., Computer Crime, supra note 18, at 49-50
(statement of James F. Falco, Assistant State Attorney,
Consumer Fraud and Economic Crime Division, Eleventh
Judicial Circuit of Florida); Computer and Communications
Security and Privacy, supra note 15, at 4.
66
crime bills. The Medical Computer Crime Act of 198444 was a
response to the 414s' computer break-in at the Memorial
Sloan-Kettering cancer research center45 and was designed to
provide medical institutions specific legal recourse to help
protect their computerized medical records. This break-in
was a popular example of the "hacker problem," and it was
frequently cited as having been a "life-threatening"
incident.46
At a hearing in April 1984,47 the Subcommittee on Health
and the Environment of the Committee of Energy and Commerce
of the House of Representatives explored the supposedly
pervasive problem of illegal access to medical records.
Despite this supposed pervasiveness, however, witness Robert
Coburn -- whose company provided computer services to
hospitals -- could cite only two examples of illegal access
to hospital computers. One was the 414s' Sloan-Kettering
44H.R. 4954, 98th Cong. (1984).
45132 CONG. REC. H9262 (daily ed. Oct. 6, 1986)
(statement of Rep. Wyden).
46See, e.g., Computer Crime, supra note 18, at 12
(statement of Rep. Mica).
47Health and the Environment Miscellaneous -- Part 4:
Hearings Before the Subcommittee on Health and the
Environment of the Committee of Energy and Commerce, House
of Representatives, 98th Cong. (1984).
67
break-in. The other was in an episode of the television
show St. Elsewhere.48
Furthermore, while the St. Elsewhere break-in did result
in a patient's death, the Sloan-Kettering incident was
decidedly less exciting. "This situation demonstrated the
potential for a War Games scenario to occur, albeit on a
less dramatic scale in the hospital setting," Coburn
testified. "We understand that the data base that was
accessed and tampered with at Sloan Kettering was actually
billing data, and therefore probably did not pose a life-
threatening situation."49
When asked if he was aware of any other such break-ins,
Coburn's answer was probably not what the committee wanted
to hear:
In discussions with various hospitals around
the country, we have not been able to find
evidence of other similar instances of medical
computer crime. We have noted that as hospitals
are becoming more technologically sophisticated,
they are recognizing the need to safeguard their
data from this possibility by instituting ... more
sophisticated security measures on the computer
systems themselves.50
Several witnesses, while favoring the bill, spoke only of
a potential problem. Coburn explained, "We are not aware
that the problem is as yet widespread or pervasive. As you
48Id. at 350 (statement of Robert W. Coburn, President,
Commons Management Group).
49Id.
50Id.
68
have indicated, however, it is a potentially disastrous
situation...."51 Another witness predicted that
"[p]otential problems will become real problems.
Unauthorized tampering with medical records will result in
incorrect -- and possibly life threatening -- changes in
treatment."52 But none cited any incidents where this had
already happened.
Indeed, witness Meryl Bloomrosen of the American Medical
Record Association testified that "[i]t is unlikely that
unauthorized access and tampering with information such as
that used for billing would result in interference with the
patient's treatment."53
The consensus seemed to be that only the potential for a
problem existed, and the Sloan-Kettering break-in appeared
to be the only case anyone knew about of an actual illegal
access to a hospital computer. Furthermore, it became clear
that even the Sloan-Kettering break-in did not threaten
lives. A report from the hospital submitted for another
hearing explained that
[i]n no way did any of the tampering affect the
treatment of patients receiving radiation therapy.
51Id. at 355 (emphasis added).
52Id. at 423 (statement of Robert B. Conaty, on behalf of
American Hospital Association).
53Id. at 427 (statement of Meryl Bloomrosen, on behalf of
American Medical Record Association).
69
Only the accounting information -- billing records
to [hospitals using the system] -- was affected.54
Hacker Neal Patrick of the 414s, testifying at that
same hearing, agreed that only "doctor's bills, where ...
doctors would be billed for services or would be billed for
the time that he used" on the computer system had been
accessed.55
Despite all this, however, the bill's sponsor, Rep. Ron
Wyden (D-Oregon), reported back to the full House that "last
summer, with just a few taps of a computer keyboard, a group
of adolescents put at risk the health of thousands of cancer
patients at Memorial Sloan-Kettering Cancer Center in New
York." He said that the 414s had "gained access to the
radiation treatment records for 6,000 past and present
patients and had at their fingertips the ability to control
the radiation levels that every patient received....
Luckily, no one was hurt -- this time."56
Rep. Henry Waxman (D-California) contributed to the
excitement, speaking of "the large and growing problem of
outsiders gaining access to hospital records"57 -- a problem
none of the expert witnesses had been able to see.
54Computer and Communications Security and Privacy, supra
note 6, at 546 (statement submitted for the record by the
Memorial Sloan-Kettering Cancer Center).
55Id. at 27 (statement of Neal Patrick).
56130 CONG. REC. H9637 (daily ed. Sept. 17, 1984)
(statement of Rep. Wyden).
57Ibid. (statement of Rep. Waxman).
70
Perhaps not surprisingly, the bill was passed. Though it
never became law independently, it contributed to the
Computer Fraud and Abuse Act of 1986, the law under which
Craig Neidorf would be indicted in 1990.
Mistrust of Computers Mistrust of Computers Mistrust of Computers
A recurring theme throughout new proposals like the
Medical Computer Crime Act was a tendency to focus on the
tool of the crime -- the computer -- rather than on the
crime itself. The computer was seen as super-powerful and a
crime committed by computer as somehow worse than the same
crime committed by more conventional means. "[C]omputer
embezzlement is to traditional embezzlement as a nuclear
bomb is to a slingshot," one witness said. "They are both
weapons in the latter and they are both offenses in the
former, but other than that they have nothing in common."58
It appeared that to some, the crime itself was less
important than the tool used to commit it. According to
Rep. Don Edwards (D-California), "It might be easier to
convict somebody for stealing money from a bank by charging
the person with computer crime, rather than the crime of
58Computer Crime, supra note 18, at 35 (statement of
James Falco, Assistant State Attorney, Consumer Fraud and
Economic Crime Division, Eleventh Judicial Circuit of
Florida).
71
embezzlement or stealing money from it."59 This sort of
emphasis on the computer rather than the theft was evidently
already practiced under existing state computer crime laws;
a Florida woman, for instance, was convicted of stealing
more than $100,000 from her employer, an insurance company.
For insurance fraud and grand theft, she was sentenced to
five years, but for computer fraud, she was sentenced to
seven years.60
Some legislators commented on this evident misdirection
of their attention, pointing out that the computer was
merely a tool like a gun or a forger's pen61 and therefore
capable of being misused. Rep. Bill Nelson pointed out that
even the terminology used was misleading:
Computer-assisted crime is the way we should
refer to this particular type of wrongdoing. But
I doubt that the simpler, less accurate term
'computer-crime' will disappear from popular
reports of the problem.
Nevertheless, what we are talking about is not
crimes committed by computers, but crimes
committed by people with the assistance of
computers.62
59Computer Crime, supra note 18, at 27 (statement of Mr.
Edwards).
60Conputer Crime, supra note 18, at 35.
61Computer Crime, supra note 18, at 27 (statement of Mr.
Clarke); Computer Communications Security and Privacy, supra
note 15, at 20.
62132 CONG. REC. H3277 (daily ed. June 3, 1986)
(statement of Rep. Nelson).
72
There was some recognition that the tool used to commit
these crimes was not the real issue at all. Though no one
spoke of cyberspace or the Hacker Ethic, some legislators
and witnesses did recognize that what was new was an
attitude about information. Indeed, at one of the earliest
hearings, Rep. Dan Glickman cautioned his colleagues:
We need to respond to a very real problem, but
the real issue is abuse of information. The bills
tend to focus on the device or instrumentation of
the crime. Perhaps we should be looking at more
all-encompassing ways to address the violation,
the misuse of information.63
Others also advocated a comprehensive approach:
[W]e need to shift attention in our statutes
from concepts such as "tangible property" and
credit and debt instruments to concepts of
"information" and "access to information."64
Others also spoke of the intricacies and difficulties of
adapting property law to an information-based society.
We also need better legal definitions for our
electronic information society. Such terms as
"property," "property rights," "theft of
property," "malicious access," and "manipulation
of contents" need to be defined with our current
and future electronic information society in
mind.65
63Computer Crime, supra note 18, at 8.
64Counterfeit Access Device and Computer Fraud and Abuse
Act: Hearings Before the Subcommittee on Crime of the
Committee on the Judiciary, House of Representatives, 98th
Cong., 1st and 2d Sess. (1983-84), at 1.
65Id. at 299 (statement of George Minot, Senior Vice
President, CompuServe); see also Computer Crime, supra note
18, at 25 (statement of William Block).
73
One witness spoke of "crimes of information" and the need
to "properly value, assess, and protect information as an
asset."66 It would be just such an assessment that would
lead to the prosecution of Craig Neidorf.
Financial Impact Financial Impact Financial Impact
Ultimately, the financial impact of computer crime seems
to have been Congress's primary motive for moving ahead with
computer crime legislation. Though the issue of computer
crime was originally brought to its attention by the
spectacular exploits of hackers such as the 414s and David
Lightman in WarGames, it became clear that the largest
threat came not from hackers (whose motives, it seemed, were
rarely avaricious), but from "insiders" -- employees and
others with authorized access who committed fraud by
computer.67 The danger to national security -- the
possibility of a "WarGames scenario" -- turned out to be
very slight, but less-exciting computer crime did exist.
Such crime, according to an American Bar Association survey
66Id. at 256 (statement of Henry Dreifus, President,
Corpra Research).
67Computer and Communications Security and Privacy, supra
note 15, at 4.
74
cited at several hearings, cost American businesses $730
million in one year.68
Rep. Peter Rodino summed up the economic approach by
arguing that attacking white-collar crime such as computer
crime would be
more productive, economically, to this country
than the more publicized emphasis on violent
crime.
The prosecution of this type of crime, which
silently robs millions of dollars from all of the
taxpayers, a few dollars at a time, we believe,
must remain a high priority for Federal law
enforcement.69
In the end, then, it seems that the computer-crime laws
that were passed in the wake of the hacker fears of 1983
were intended not so much to deter hacking as to provide
law-enforcement officials with tools to prosecute thieves.
The economic intent of these laws is perhaps illustrated by
the fact that in the new laws Congress gave primary
authority to the Secret Service -- an arm of the Treasury
Department -- to investigate computer crime.
First Amendment Concerns First Amendment Concerns First Amendment Concerns
It is evident that for the most part, Congress did not
perceive any First Amendment implications in the bills it
68See, e.g., The Computer Fraud and Abuse Act of 1986:
Hearing Before the Committee on the Judiciary, U.S. Senate,
99th Cong., 2d Sess. (1986), at 1.
69130 CONG. REC. H7634 (daily ed. July 24, 1984)
(statement of Rep. Rodino).
75
considered. Indeed, only one computer-crime bill of the
mid-1980s appears to have turned Congress's attention to the
First Amendment. In July 1985, the Judiciary Committee's
Subcommittee on Security and Terrorism held a hearing to
consider the reported problem of computer networking by
pedophiles.70 The bill under consideration would have
explicitly proscribed obscene interstate computer
transmissions, as well as transmissions "whose purpose is to
facilitate the sexual abuse or sexually explicit depiction
of a child."71
Deputy Assistant Attorney General Victoria Toensing of
the Department of Justice's criminal division evaluated the
bill in constitutional terms:
It is abundantly clear that neither obscene
material nor child pornography is protected by the
first amendment. It is also clear that indecent
material which is not obscene, but which is in and
of itself offensive, may be regulated civilly if
not banned. The extent to which legislation may
go beyond this point to ban material which is
merely communicative in nature and not per se
obscene or indecent is somewhat more problematic.
As a general rule, the first amendment
prohibits the Government from interfering in
communication of purely factual information even
where the material communicated is of a commercial
nature. Thus, in our view, legislation which
seeks to ban the transmission of only descriptive
or factual information about juveniles with
70The Use of Computers to Transmit Material Inciting
Crime: Hearing Before the Subcommittee on Security and
Terrorism of the Committee on the Judiciary, United States
Senate, 99th Cong., 1st Sess. (1985).
71Id. at 12.
76
nothing more, without a specific intent, would
raise serious constitutional problems....
Of course we are all repulsed by the fact that
people are using information like this. However,
we do not have a Supreme Court case that allows us
to do that yet.72
This statement indicates -- albeit indirectly -- that if
nothing else, the Justice Department does (or did in 1985)
recognize computer-based communication as deserving of First
Amendment rights. Furthermore, the model Toensing applied
seemed closer to that of print than that of broadcast: "The
written word has not been considered exempt from first
amendment protection," she testified. "And that is the
problem there, Senator."73
Summary Summary Summary
The release of the movie WarGames, followed closely by
the highly visible arrests of the 414s, initiated the early
phase of the regulatory process regarding computer
communication. This early phase saw the involvement of
three important players: Congress, which set the stage for
later controversy with its computer crime legislation;
computer hackers, who sparked the whole controversy; and law
enforcement agencies, which encouraged Congress to pass laws
covering crimes that might otherwise "fall through the
cracks." The latter two would continue to play an important
72Id. at 27-34.
73Id. at 34.
77
part in the ongoing controversy of freedom of speech and
computer communications.
78
CHAPTER FOUR: CHAPTER FOUR: CHAPTER FOUR:
Operation Sun Devil Operation Sun Devil Operation Sun Devil
The late 1980s and early 1990s saw the emergence of
several major players in the controversy over computer-based
communication. During the early 1980s, when Congress was
considering and passing the Computer Fraud and Abuse Acts of
1984 and 1986, law enforcement agencies, though interested,
remained largely on the sidelines. They made it clear to
legislators that they would not turn down new laws to help
them fight computer crimes but otherwise kept a low profile.
During the late 1980s and especially 1990, however, law
enforcers -- particularly the Secret Service, which was
given primary authority to enforce computer crime laws under
the 1984 and 1986 statutes -- took their duties to lengths
some thought excessive. While the passage of computer crime
laws had not caused much controversy, the way in which the
laws were executed caused many to fear for the future of the
First Amendment.1
Other major players who emerged prominently during this
time include the hacker community, which suddenly found
itself at the middle of a constitutional controversy; a new
political action group, the Electronic Frontier Foundation,
which championed the cause of freedom in cyberspace; and
1See, e.g., Costikyan, "Closing the Net," Reason, Jan.
1991, at 22; Kapor, "Civil Liberties in Cyberspace,"
Scientific American, Sept. 1991, at 116; Barlow, "Crime and
Puzzlement," Whole Earth Review, Fall 1990, at 45.
federal courts, which for the first time had the opportunity
to rule on the First Amendment questions associated with
computer-based communication.
This chapter will examine the contributions of these
players in the hacker crackdown controversy that exploded
during 1990. After a survey of the events surrounding the
crackdown and the two major cases that emerged from it, this
chapter will identify the positions and agendas of these
players, based upon policy statements, legal documents, news
stories and other material.
Crackdown Crackdown Crackdown
On May 9, 1990, the United States Department of Justice
announced the culmination of Operation Sun Devil, a two-year
investigation into computer hacking.2 The operation had
involved "sophisticated investigative techniques" and
targeted "computer hackers who were alleged to have
trafficked in and abuse [sic] stolen credit card numbers,
unauthorized long distance dialing codes, and who conduct
unauthorized access and damage to computers."3
On the two days immediately before the announcement, the
Secret Service, under the authority bestowed upon it by the
Counterfeit Access Device and Computer Fraud and Abuse Act
2U.S. Department of Justice, United States Attorney,
District of Arizona, Press Release (May 9, 1990).
3Id.
80
of 1984,4 had executed 27 search warrants in cities across
the United States.5 Forty computers and 23,000 computer
disks were seized by federal agents and local law
enforcement officials.6 No arrests were immediately made
and no charges filed; the searches and seizures were part of
the ongoing investigation of Operation Sun Devil. The
operation was the latest development in a crackdown that had
been going on at least since 1987.7
Communications on BBSs from the time show that the Secret
Service's enforcement efforts were having an effect on the
hacker community. The feeling in the computer underground
during the late 1980s and 1990 was one of siege:
We can now expect a crackdown.... I just hope
that I can pull through this one and that my
friends can also. This is the time to watch
yourself. No matter what you are into....
Apparently the government has seen the last straw
in their point of view.... I think they are going
after all the 'teachers' [of hacking techniques]
... and so that is where their energies will be
put: to stop all hackers, and stop people before
they can become threats.8
418 U.S.C. S1030 (1988).
5Press release, supra note 2.
6"Probe Focuses on Entry, Theft by Computers," Chicago
Tribune, May 10, 1990, at sec. 1, p. 6.
7See, e.g., Betts, "Hackers Under the Gun: Secret Service
Sweep Yields Arrests Nationwide," Computerworld, Aug. 17,
1987, at 2.
8Posting from a computer BBS, quoted in E. Goldstein, "An
Overview," 2600 Magazine, Spring 1990 (as reproduced in
Computer Underground Digest, Issue 1.10, at lines 87-92).
81
One of the sysops of a BBS called the Phoenix Project,
concerned about his users' privacy, posted the following
announcement in the spring of 1990, months before the
announcement of Operation Sun Devil:
I will be adding a secure encryption routine9
into the e-mail in the next 2 weeks -- I haven't
decided exactly how to implement it, but it'll let
two people exchange mail encrypted by a password
only known to the two of them.... Anyway, I do not
think I am due to be busted.... I don't do
anything but run a board. Still, there is that
possibility. I assume that my lines are all
tapped until proven otherwise. There is some
question to the wisdom of leaving the board up at
all, but I have personally phoned several
government investigators and invited them to join
us here on the board. If I begin to feel that the
board is putting me in any kind of danger, I'll
pull it down with no notice -- I hope everyone
understands. It looks like it's sweeps-time again
for the feds. Let's hope all of us are still
around in 6 months to talk about it.10
The Phoenix Project BBS was shut down within a few days
as part of the Steve Jackson Games raid.11
Another Sun Devil target was the Ripco BBS, operated in
Chicago by Bruce Esquibel ("Dr. Ripco"), who was not a
9Encryption is "the encoding of data for security
purposes by converting the standard data code into a
proprietary code before transmission over a network. The
encrypted data must be decoded at the receiving station."
Essentially, encryption renders computer data unintelligible
until it is decrypted using the correct mathematical key.
A. Freedman, The Computer Glossary 259 (4th ed. 1989).
10Quoted in Goldstein, supra note 8, at lines 224-235.
11Id. See infra notes 54-61 and surrounding text.
82
hacker and claimed no interest in hacking.12 Ripco,
however, was a popular "hangout" in the computer
underground, largely because of its extensive collection of
text files, and was a popular "chat" BBS covering wide-
ranging topics. It had a reputation as being a "legal and
above-board" BBS.13 In fact, Ripco had an explicit policy
forbidding the posting of stolen credit card numbers or
specific instructions on how to "phreak" a phone call, as
sysop Esquibel explained later:
It is no secret that many of the posts of board
5 (fone phun) either solicited for the need of or
said they had and would share such information. I
never considered this wrongful for a number of
reasons. The primary one would be most people on
there were blowing smoke as far as really knowing
anything either fraudulent or important.... Many
people who wish to raise their status will often
come up with outlandish claims in an attempt to
convince others he or she is an expert on one
matter or another.
Any attempt to suppress this act I felt would
of [sic] damaged Ripco's open door policy since
people do have to start somewhere and eventually
learn their peers will catch on fast if someone is
pulling a bluff. Thus this type of activity was
tolerated but the line was crossed if anyone
attempted to really do it. For example if a
message contained something like 'just dial 1-800-
555-1212 and punch in 123456 at the tone', the
entire message was removed or in more cases re-
edited especially if other parts were about non-
related matters.14
12Sulski, "Crackdown on Crime Is Raising Question of
Computer Rights," Chicago Tribune, Nov. 18, 1990, at 17.
13"Update on Ripco BBS and Dr. Ripco," Computer
Underground Digest, Issue 1.26, at lines 574-607.
14Esquibel, "Dr. Ripco Speaks Out," Computer Underground
Digest Issue 1.27, at lines 342-370.
83
On May 8, 1990, Secret Service awakened Esquibel and
seized his BBS.15 In addition to the BBS computer, they
also confiscated several other computers that had no
connection to the BBS but were physically close to it.
Esquibel was not charged with a crime, but during the
agents' questioning, they told him they had printouts of
stolen credit card numbers and long-distance access codes
that had apparently been posted to the BBS without
Esquibel's knowledge. They also commented on files that
contained instructions on constructing bombs, telling him
that making such information available was "wrong."16
Those affected by Operation Sun Devil seemed keenly aware
of the implications of such shutdowns. "Does the First
Amendment come into play at all?" Esquibel asked. "[W]hy
isn't a newspaper's printing press taken when a reporter
refuses to name his sources about a sensitive story?"17
"Raiding Ripco seems to be throwing the baby out with the
bath water by intimidating sysops willing to allow
provocative discussions," wrote the editors of one online
newsletter. "In our view, this is no long a computer
15E.g., Sulski, supra note 12, at 17.
16Esquibel, supra note 14, at lines 328, 388.
17Id. at line 520.
84
underground issue, but one of First Amendment
protections."18
Closing down BBSs, however, did not seem to attract very
much attention, perhaps because the First Amendment's
applicability to the medium remained untested. The most
visible and controversial "busts" resulting from the Secret
Service's hacker crackdown were the related cases of Craig
Neidorf, a Missouri college student, and Steve Jackson
Games, a small publishing company in Austin, Texas -- cases
in which the First Amendment issues seemed clearer than ever
before.19
The Case of Craig Neidorf The Case of Craig Neidorf The Case of Craig Neidorf
The legal troubles of Craig Neidorf centered around a
computer text file that originated at the Atlanta offices of
the Bell South telephone company. The E911 (Enhanced 911)
file, as it was called, contained "a description of the
purposes, operation, installation, and maintenance of the
emergency 911 telephone service operated by Bell South [and]
a glossary of the terminology needed to understand the
18"Moderators' Corner," Computer Underground Digest Issue
1.09 (May 16, 1990), at lines 108-117.
19See, e.g., "Group to Defend Civil Rights of Hackers
Founded by Computer Industry Pioneer," Wall Street Journal,
July 11, 1990, at B4, col. 1; "Enforcement Questions Raised
After Hacker Case Dismissed," Washington Post, Aug. 2, 1990,
at C13, col.1.
85
operation of the 911 system."20 Sometime around December of
1988, Robert Riggs, a member of a hacker group called the
Legion of Doom,21 gained unauthorized access to Bell South's
Atlanta computer system, from which he downloaded22 a copy
of the E911 file to his home computer in Decatur, Georgia.
He then transferred the file to a public BBS in Lockport,
Illinois. Neidorf downloaded the file from the Illinois BBS
to his home computer in Missouri, edited it and published
its contents in Issue 24 of his electronic magazine Phrack,
which was distributed to subscribers and BBSs via computer
networks.23
On February 7, 1990, Riggs and Neidorf were indicted by
an Illinois grand jury on charges of wire fraud,24 violation
of the Computer Fraud and Abuse Act of 198625 and interstate
transportation of stolen property.26 The indictment alleged
20
Memorandum of Law of Amicus Electronic Frontier
Foundation at 2, U.S. v. Riggs, 743 F.Supp. 556 (N.D. Ill.
1990).
21Costikyan, supra note 1, at 23.
22To download is "to transmit data from a central
computer to a remote computer." Freedman, supra note 9, at
232.
23Costikyan, supra note 1. at 2-3.
2418 U.S.C.A. S1343 (1990).
2518 U.S.C.A. S1030 (1990).
2618 U.S.C.A. S2314 (1990). Riggs/Neidorf indictment
reproduced in Computer Underground Digest, Issue 1.00 (Mar.
1990).
86
that the E911 file was proprietary27 and confidential, that
it was worth $79,449 to Bell South, and that it contained
information hackers could use to disrupt the operation of
the 911 system.28 Four months later the grand jury revised
that indictment, relying now only upon charges of wire fraud
and interstate transportation of stolen property.29
The charges against Neidorf fell generally into three
categories: those alleging a broad conspiracy to commit wire
fraud; those connected with the transfer of the E911 file
from Georgia, through Illinois, to Missouri; and those
connected with the publication of Phrack -- not only the
issue containing the E911 file, but also two previous issues
that allegedly advocated hacking activity.30
One of these issues had contained an article titled "The
Phoenix Project."31 This project, according to the
government, was "a plan to solidify the hacker community by
publishing hacking tutorials and disseminating other items
27"Belonging to ownership; belonging or pertaining to a
proprietor; relating to a certain owner or proprietor. Made
and marketed by a person or persons having the exclusive
right to manufacture and sell such; as a proprietary
article, medicine, or food." Black's Law Dictionary 637
(Abridged 5th ed. 1983).
28Indictment, supra note 26.
29U.S. v. Riggs superseding indictment reproduced in
Computer Underground Digest Issue 1.15 (June 16, 1990).
30U.S. v. Riggs, 743 F.Supp. 556, 559 (N.D. Ill. 1990).
31Costikyan, supra note 1, at 26.
87
of interest to hackers, such as information on how to
prevent law enforcement authorities from discovering hacking
activity."32 Another charge related to a later issue of
Phrack that allegedly contained such tutorials.33
Shortly after Neidorf's trial began in July 1990, the
prosecution's case began to come apart. A Bell South
employee testified that the supposedly confidential document
-- which Bell South had originally valued at $79,449, though
it later reduced that figure to $20,000 -- was, in fact,
available for $13 to anyone calling an 800 number.34
Prosecutors dropped the charges against Neidorf on July 27.
Robert Riggs had already pleaded guilty.35
The Steve Jackson Games Case The Steve Jackson Games Case The Steve Jackson Games Case
Steve Jackson Games (SJG), a small, privately owned
company in Austin, Texas, designs and manufactures role-
playing adventure games of the type played with dice and
elaborate rule books. Many of these games have been part of
GURPS, the Generic Universal Role Playing System, a series
that includes such titles as GURPS Witch World, GURPS Conan
and GURPS Riverworld. The company also operates a BBS called
Illuminati, which SJG uses to facilitate communication
32743 F.Supp. 556, 558.
33Id.
34Costikyan, supra note 1, at 26.
35Markoff, "U.S. Drops Computer Case Against Student,"
The New York Times, July 28, 1990, at 9, col. 3.
88
between its customers and game authors. In the spring of
1990, SJG was preparing to publish a new game, GURPS
Cyberpunk, a game in the tradition of William Gibson's
award-winning science fiction novel Neuromancer and other
fiction of the "cyberpunk" genre.36 The introduction to
GURPS Cyberpunk describes this genre:
"Cyberpunk" is the term applied to a science
fiction literary "movement" of the 1980s.
Although there are several authors from the 1960s
and 1970s whose work appears cyberpunk in
retrospect, the term wasn't coined until the
publication in 1984 of William Gibson's novel
Neuromancer....
Neuromancer presented a view of the future that
was different. Gone were the glass-domed cities
and utopias of Golden Age science fiction. The
domes are still there in cyberpunk, but they're
occupied by the rich and guarded by security
forces that shoot first and don't bother to ask
questions....
The cyberpunk future is vibrant -- pulsating
with life, from the streets to the high-rises....
Cyberpunk is a style defined by two elements.
The first is the interaction of man with
technology. Computers are as common as
dishwashers in the cyberpunk future, and the
dividing line between man and machine is sometimes
blurred....
The second element found in most cyberpunk work
is that of struggle. The world is divided into
two groups -- the haves and the have-nots -- with
a vast chasm between them.37
More familiar examples of cyberpunk include the movie
Blade Runner and the short-lived television series Max
36Sterling, "Gurps' Labor Lost: The Cyberpunk Bust,"
Effector (newsletter of the Electronic Frontier Foundation),
Vol. 1 Number 2, at 1-2.
37L. Blankenship, GURPS Cyberpunk 4 (1990).
89
Headroom.38 It is easy to understand why the genre, with
its pervasive themes of technology and fighting against
centralized authorities, is popular among computer hackers.
Hacking, in fact, is itself a component of the genre.
On March 1, 1990, agents of the Secret Service, search
warrant in hand, raided the offices of Steve Jackson Games.
The authorities seized from the company three computers, two
laser printers and all of the drafts of GURPS Cyberpunk,
both on computer disk and on paper. The computers included
not only the ones used in the drafting of GURPS Cyberpunk,
but also the system that ran the Illuminati BBS.39 A total
of about $10,000 worth of computer hardware and software was
confiscated.40 The officers left behind broken locks,
damaged filing cabinets and a ransacked warehouse.41 They
refused to say what they were looking for.42
When Steve Jackson visited the local Secret Service
office in an attempt to recover some of his equipment, he
was told by the agents that GURPS Cyberpunk was "a handbook
38Hafner and Markoff, Cyberpunk: Outlaws and Hackers on
the Computer Frontier 9 (1991).
39Electronic Frontier Foundation, Legal Case Summary,
July 10, 1990; Lewis, "The Executive Computer: Can Invaders
Be Stopped But Civil Liberties Upheld?" The New York Times,
Sept. 9, 1990, at F12.
40J. Wilson, "It CAN Happen Here," Computer Gaming World,
June 1990, at 8.
41Costikyan, supra note 1, at 23.
42Lewis, supra note 39.
90
for computer crime." When he explained that it was science
fiction, they insisted, "This is real."43
The confiscation of the company's computers and all the
existing drafts of GURPS Cyberpunk nearly put Steve Jackson
Games out of business. Callers to the company's Illuminati
BBS saw only the following message:
Before the start of work on March 1, Steve
Jackson Games was visited by agents of the United
States Secret Service. They searched the building
thoroughly, tore open several boxes in the
warehouse, broke a few locks, and damaged a couple
of filing cabinets (which we would gladly have let
them examine, had they let us into the building),
answered the phone discourteously at best, and
confiscated some computer equipment, including the
computer that the BBS was running on at the time.
So far we have not received a clear explanation
of what the Secret Service was looking for, what
they expected to find, or much of anything else.
We are fairly certain that Steve Jackson Games is
not the target of whatever investigation is being
conducted; in any case, we have done nothing
illegal and have nothing whatsoever to hide.
However, the equipment that was seized is
apparently considered to be evidence in whatever
they're investigating, so we aren't likely to get
it back any time soon. It could be a month, it
could be never.
To minimize the possibility that this system
will be confiscated as well, we have set it up to
display this bulletin, and that's all. There is
no message base at present. We apologize for the
inconvenience, and we wish we dared to do more
than this.44
Forced to miss the publication deadline for GURPS
Cyberpunk, Jackson had to lay off half of his staff, and for
43L. Blankenship, GURPS Cyberpunk (1990), at 5
(introduction by Steve Jackson).
44E. Goldstein, supra note 8, at lines 253-275.
91
a while SJG operated on a precarious financial basis.45
Eventually, using some old backups of their computer data
and some fragments of early drafts that had been distributed
to testers -- as well as reconstructing much from memory --
Jackson and his staff were able to complete and publish
GURPS Cyberpunk.46 But Jackson estimated that the raid and
the delays it caused cost his small company more than
$125,000.47
The Secret Service returned most of Steve Jackson Games'
property in June of 1990.48 Some of the equipment was
irreparably damaged,49 and the Secret Service retained the
drafts of GURPS Cyberpunk.50 Furthermore, the Secret
Service's affidavit and application for the search warrant
remained sealed, leaving it a mystery what the Secret
Service had been looking for.51 There was no evidence, nor
any formal accusation, that Steve Jackson Games had ever
been involved in any kind of illegal activity.
45
Legal Case Summary, supra note 39; Costikyan, supra
note 1, at 24.
46Barlow, supra note 1, at 52.
47Costikyan, supra note 1, at 24.
48Sterling, supra note 36, at 3.
49Costikyan, supra note 1, at 24.
50Legal Case Summary, supra note 39.
51Id.
92
When the warrant was finally unsealed several months
later, it confirmed that Steve Jackson Games was never
suspected of anything illegal.52 Furthermore, GURPS
Cyberpunk had had nothing to do with the raid. In fact, the
object of the search had been none other than the E911 file
published by Craig Neidorf in Phrack.53
The link between the E911 file and Steve Jackson Games
was an employee of the company named Loyd Blankenship and
his association with a shadowy hacker group called the
Legion of Doom, a group that was targeted by the Secret
Service's crackdown. Blankenship, known also as The Mentor,
was a former hacker and the author of GURPS Cyberpunk.54
During the time he was working on GURPS Cyberpunk, he had
been in contact with some members of the Legion of Doom for
the purpose of verifying the game's faithfulness to its
genre.55 (In fact, the title page of the published book
credits the Legion of Doom as "Hacking Consultants."56)
From his home, Blankenship operated a BBS called The
Phoenix Project, which took its name from the "Phoenix
52Kapor, supra note 1, at 116.
53Sterling, supra note 36, at 3.
54Id. at 2.
55From commentary by SJG employee Walter Milliken posted
to the Usenet newsgroup comp.risks.
56Blankenship, supra note 43, at 1.
93
Project" announced in Phrack #19.57 Blankenship's BBS, like
many others, had on it a copy of Phrack #24, the issue
containing the edited E911 file. The file was identified
and reported to the Secret Service by Henry Kluepfel, a Bell
security manager who was working with investigators.58
Furthermore, the affidavit alleged, e-mail messages
posted on the Phoenix Project BBS indicated that Blankenship
and Legion of Doom member Chris Goggans (Erik Bloodaxe) had
"established a password decryption service"59 for hackers
attacking computer systems, a service to be provided through
The Phoenix Project BBS.60
Based on these facts, the Secret Service alleged
interstate transportation of stolen property and computer
fraud.61 On this basis it raided both the home and
workplace of Loyd Blankenship, shutting down Steve Jackson
Games in the process.
57Costikyan, supra note 1, at 24.
58Application and affidavit for search warrant for Steve
Jackson Games (case #A-90-54m), Feb. 28, 1990, at 11.
59On most multiuser computer systems, users' logon
passwords are stored in an encrypted file for security
reasons. Decryption of passwords stored in this file would
reveal the passwords of all users, allowing the person
possessing the decrypted passwords to freely access any
account on the system.
60Id. at 7.
61Id. at 17.
94
The Hunt for the Legion of Doom The Hunt for the Legion of Doom The Hunt for the Legion of Doom
The troubles of Craig Neidorf and Steve Jackson resulted
from what was apparently one of the central objectives of
the Secret Service's hacker crackdown: the eradication of
the hacker group the Legion of Doom (LOD).62 The government
perceived the Legion of Doom as "a closely knit group of
hackers" engaged in disruption of telephone services, credit
card fraud and theft of proprietary information.63 These
descriptions of a highly organized and malevolent group of
hackers echo the fears expressed at Congressional hearings
during the 1980s of hacker conspiracies and "professional"
hacker groups.64
The reality, however, is that the Legion of Doom was far
less dangerous and far less organized than the government
apparently believed. The membership of the Legion of Doom
is probably impossible to determine. One member said that
the group never had more than 15 to 20 members and that
"it's almost like if you say you're in, you are."65 And as
is the custom in hacking circles, members generally used
62Markoff, "Drive to Counter Computer Crime Aims At
Invaders," The New York Times, June 3, 1990, at 30.
63E.g., Riggs/Neidorf indictment, infra note 26;
Riggs/Neidorf superseding indictment, infra note 29; SJG
search affidavit, infra note 58.
64See Chapter 3, notes 35-41 and surrounding text.
65Schatz, "The Terminal Men," The Washington Post, June
24, 1990, at H6.
95
pseudonyms, though the true identities of some were revealed
when they became ensnared in the crackdown. A list of
Legion of Doom members might include Robert Riggs (The
Prophet), Loyd Blankenship (The Mentor), Chris Goggans (Erik
Bloodaxe) and Len Rose (Terminus), as well as such
mysterious figures as Acid Phreak, Phiber Optik and Lex
Luthor.
The group's foreboding name was taken from a group of
comic-book villains that frequently clashed with Superman.
"You wouldn't want a fairy kind of thing like Legion of
Flower Pickers or something," one member explained. "But
the media ate it up too. Probing the Legion of Doom like it
was a gang or something, when really it was just a bunch of
geeks behind terminals."66
The Legion of Doom was not a "closely knit group,"67 and
its agenda was not nearly so malevolent as the Sun Devil
investigators alleged. "We're just out to learn," Acid
Phreak explained. "We transfer data about records that we
find in systems. But we draw the line on how we use that
data. We use it to play around, not abuse it."68
66Barlow, supra note 1, at 49.
67Goldstein, supra note 8, at line 214.
68Schatz, supra note 65, at H1.
96
Exaggerated Fears Exaggerated Fears Exaggerated Fears
The government's belief that the Legion of Doom was
actively engaged in theft and fraud and disruption of
telephone services may help to explain why the E911 file was
seen as so dangerous. Prosecutors, however, seemed not to
have a clear idea of exactly what the file was. The Secret
Service, in the affidavit and application for the Steve
Jackson Games search warrant, refers to the E911 file
variously as a "document," as "source code" and as a
"program."69 Similarly, the press release issued by the
Department of Justice upon the indictment of Riggs and
Neidorf said that the two "stole a copy of Bell South's
highly proprietary and closely held computer program that
controlled and maintained the E911 system."70 The
government further claimed that Neidorf published the file
"so that [other hackers] could unlawfully access the E911
system and potentially disrupt or halt ... 911 service in
the United States."71 William Cook, the assistant United
States attorney who led the prosecution of Neidorf,
described the E911 file to the jury as a "road map" to the
emergency telephone system. He explained that the file
69Affidavit, supra note 58.
70Indictment, supra note 26 (emphasis added).
71U.S. Dept. of Justice, Press Release, Feb. 6, 1990
(reproduced in Computer Underground Digest, Issue 1.00, Mar.
1990).
97
"described in vivid detail each of the locations along the
E911 path to an emergency call."72
In fact, the E911 file, titled "Control Office
Administration Of Enhanced 911 Services For Special Services
And Major Account Centers," is an administrative document
containing little technical information. The document
describes the 911 system very generally and defines some of
the terms used in administration of the system -- terms like
PSAP (Public Safety Answering Point), "an agency or facility
which is authorized by a municipality to receive and respond
to police, fire and/or ambulance services."73 It defines
the responsibilities of the various entities involved in the
911 system with regard to maintenance, testing and problem
reporting. The document is dry reading, filled with
acronyms and other bureaucratic jargon:
The MMOC should notify the appropriate SSC/MAC
when the Host, Node, or all Node circuits are down
so that the SSC/MAC can reply to customer reports
that may be called in by the PSAPs. This will
eliminate duplicate reporting of troubles. On
complete outages the MMOC will follow escalation
procedures for a Node after two (2) hours and for
a PSAP after four (4) hours. Additionally the
MMOC will notify the appropriate SSC/MAC when the
Host, Node, or all Node circuits are down.74
72Transcript of William Cook's opening statement at trial
of Craig Neidorf, reproduced in Computer Underground Digest
Issue 3.41 (Nov. 16, 1991), at lines 108, 482.
73E911 file as reproduced in Phrack Issue 24, at line
1071.
74Id. at lines 1270-1276.
98
It also includes a glossary of terms used to describe the
E911 system -- terms such as PSAP, selective routing and
night service.75 Nothing in the file appears to provide any
technical information that could be used to actually
interfere with the operation of the system.
Rather than a tool for sabotage, the republished E911
file was more likely seen as a kind of trophy, an
interesting glimpse at part of the complex telephone system
with which hackers were fascinated. In response to
Neidorf's arrest, hacker Chris Goggans, known as Erik
Bloodaxe, said, "No member of LOD has ever (to my knowledge)
broken into another system and used any information gained
from it for personal gain of any kind ... with the exception
of maybe a big boost in his reputation around the
underground.... The information [in the E911 file] is hardly
something anyone could possibly gain anything from except
knowledge about how a certain aspect of the telephone
company works."76
Like its descriptions of the E911 file, the government's
charges of conspiracy against Craig Neidorf similarly
reflected an exaggerated threat. The indictment against
Neidorf prominently mentions an article in Phrack #19 titled
"The Phoenix Project," described by the government as "a
75Id. beginning at line 1438.
76Goldstein, supra note 8, at lines 185-192.
99
plan to solidify the hacker community by publishing hacking
tutorials and disseminating other items of interest to
hackers, such as information on how to prevent law
enforcement authorities from discovering hacking
activity."77 In fact, the "project" announced in Phrack #19
seemed more likely intended to boost morale in the besieged
hacker community than anything else. It was mostly devoted
to announcing an upcoming convention for hackers, as well as
the new Phoenix Project BBS:
SummerCon '88 is a celebration of a new
beginning. Preparations are currently underway to
make this year's convention twice as fun as last
year's and the greater the turnout the greater the
convention shall be. No one is directly excluded
from the festivities and the practice of passing
illegal information is not a part of this
convention....
Any security consultants or members of law
enforcement agencies that wish to attend should
contact the organizing committee as soon as
possible to obtain an invitation to the actual
convention itself....
The first step in what is called The Phoenix
Project, which is a re-birth of the hack/phreak
community is underway. This first step is a
public education bulletin board system dedicated
to teaching the public about telecommunications
and computer systems. The board is called The
Phoenix Project, and the number is (XXX)XXX-XXXX.
No illegal information is to be posted on this
system. Our SysOp is The Mentor. Thank you, and
call if you're interested.78
77743 F.Supp. 556, 558.
78Knight Lightning (Craig Neidorf), "Phrack World News,"
Phrack, Issue 19 (no date given), at lines 1531-1651
(telephone number removed).
100
In addition to the E911 file, the Secret Service also
expected to find at Steve Jackson Games a program providing
a "password decryption service" established by Loyd
Blankenship and Chris Goggans.79 But the evidence presented
in the agency's own affidavit suggests that this service
was, in fact, little more than idle chatter; it was neither
"established" nor operational in any way. It was merely an
apparently half-serious suggestion made on the BBS by co-
sysop Chris Goggans (under the pseudonym Erik Bloodaxe):
13/58 things...
Name: Erik Bloodaxe #2
Date: Tue Jan 23 22:57:29 1990
I think it's time for your friend at the Legion of
Doom to start a new service...(with great help
from friends)
Decryption service! On any unix or Prime, send the
etc/passwd file, or the UAF file to the sysop
directory, and you will be mailed back the
encrypted passwords...(on UNIX( any pw that the
deszip could bust)
The Prime UAF must be in binary, so kermit it from
the site, and xmodem it here.
In return, we will not distribute any information
gained from your site, but we will probably look
around it anyway...but it will remain between you
and us.
What do you people think? Bad idea? Good idea?
Hell...It is just another attempt by me to piss
everyone off.
->ME80
79Affidavit, supra note 58.
80Messages from The Phoenix Project BBS, attached to
search affidavit and reproduced in Computer Underground
Digest 2.11, Nov. 13, 1990.
101
Even if this "service" had been operational, Loyd
Blankenship's connection to it was tenuous. The Secret
Service's conclusion that he was involved in trafficking in
stolen passwords was apparently based entirely on a
Blankenship's answer to another user's question about what
"Kermit," mentioned in Goggan's message, was:81
23/47: kermit
Name: The Mentor #1
Date: Fri Jan 26 10:11:23 1990
Kermit is a 7-bit transfer protocol that is used
to transfer files to/from machines. It is mostly
found on mainframes (it's a standard command on
VAX, for instance). Kermit has the added advantage
of being able to work through an outdial (because
it is 7-bit).
Mentor82
Kermit is a commonly used file transfer protocol83 and is
certainly not limited to use in stealing passwords. But
based upon this straightforward technical explanation, the
Secret Service alleged that Loyd Blankenship was involved in
Chris Goggan's proposed password decryption scheme.
81Indictment as quoted in Computer Underground Digest
Issue 2.11, Nov. 13, 1990.
82Id.
83A file transfer protocol is a set of standards
regarding the transmission of data from one computer to
another and how errors in transmission should be handled.
The Kermit protocol is noted for its ability to complete
file transfers over even noisy telephone connections and its
ability to communicate between personal computers and large
mainframes that may have different data formats. See
Freedman, supra note 9, at 385.
102
This tendency toward exaggeration was also demonstrated
by the agents who raided Steve Jackson Games. When he
attempted to recover some of his equipment, agents insisted
to Steve Jackson that GURPS Cyberpunk was a "handbook for
computer crime" and that the techniques it described were
real. While the technology described in the book is
extrapolated from that of today, no specific real-world
techniques, only game rules, are described. A roll of the
dice, for instance, determines whether a player has
successfully broken into a computer system.84 And much of
the technology is fantastically futuristic, such as this
description of the "Icon Interface":
This interface is very similar to the icon-
based operating systems used on personal computers
in the 1980s and early 1990s. A two-dimensional
"screen" is projected directly onto the
character's optic nerve. When he wishes to
execute a program or examine a database, he
mentally "selects" the appropriate icon. To
connect to another computer, for instance, he
selects a telephone; to disconnect from a system,
he selects a door....
Installation requires a major surgical facility
and a minimum of 10 days.85
About the only realistic hacking technique the book
describes is searching through trash to find useful data
(the success of which is still dependent upon a roll of the
dice).86
84Blankenship, supra note 43, at 69.
85Id. at 73.
86Id. at 86-87.
103
The Electronic Frontier Foundation The Electronic Frontier Foundation The Electronic Frontier Foundation
Another major player to emerge during 1990 -- as a direct
result of the government's hacker crackdown -- was the
Electronic Frontier Foundation, founded by Mitch Kapor,
author of the popular spreadsheet program 1-2-3 and former
CEO of the software company Lotus, and writer John Perry
Barlow. The EFF was founded shortly after Barlow was
visited by an FBI agent investigating another (possibly
mythical) hacker group called the NuPrometheus League. The
mysterious group had stolen some Macintosh source code87
from the Apple computer company and distributed it widely to
members of the computer industry and the press, and was the
subject of an FBI investigation in 1989 and 1990.88
According to Barlow, an FBI agent who visited him at his
home in Wyoming -- evidently suspecting that Barlow might be
part of the NuPrometheus League -- knew almost nothing about
computers. Barlow found himself explaining computer
technology to the agent. "You know things have rather
jumped the groove when potential suspects must explain to
law enforcers the nature of their alleged perpetrations,"
87Source code is "the language a program is written in by
the programmer." Freedman, supra note 9, at 641. Because
source code reveals the inner workings of a program, and
because it can be easily modified and adapted by other
programmers, it is generally considered highly confidential
and proprietary by its owner.
88Markoff, supra note 62, at 30.
104
Barlow later wrote. Much of the agent's visit was devoted
to Barlow's explanation to the agent of exactly what had
been stolen.89
The FBI agent's visit demonstrated to Barlow one of the
fundamental problems of the recent hacker crackdown: the
lack of technical expertise among law enforcement officials.
I realized in the course of this interview that
I was seeing, in microcosm, the entire law
enforcement structure of the United States. Agent
Baxter was hardly alone in his puzzlement about
the legal, technical, and metaphorical nature of
datacrime.
I also found in his struggles a framework for
understanding [the] series of recent Secret
Service raids on some young hackers.... And it
occurred to me that this might be the beginning of
a great paroxysm of governmental confusion during
which everyone's liberties would become at risk.90
Mitch Kapor had received one of the copies of the
NuPrometheus League's stolen Macintosh code and was also
paid a visit by an FBI agent. After hearing about Barlow's
similar experience, Kapor began to see a larger problem:
I suddenly realized I wasn't alone, that I had
some direct connection to this, that NuPrometheus
was connected to all the other arrests of computer
hackers at the time, and I began to see how great
an injustice could be taking place within such a
huge investigation as Sun Devil.91
89Barlow, supra note 1, at 53-4.
90Barlow, "A Man From the FBI: The Origins of the
Electronic Frontier Foundation," Effector, March 1991, at 1.
91Bromberg, "In Defense of Hackers," The New York Times
Magazine, April 21, 1991, at 47.
105
These concerns led Barlow and Kapor to found the
Electronic Frontier Foundation. The EFF's mission statement
recognized the "new world" of cyberspace and the difficulty
of applying old laws to a new medium such as computer-based
communication. The EFF, the statement said, would "help
civilize the electronic frontier," both through educational
activities to increase understanding of the new media, and
through supporting litigation to preserve First Amendment
rights in the realm of computer-based communication.92 But
the EFF's founders resisted the suggestion that the EFF was
a "hacker defense fund":
I regard unauthorized entry into computer
systems as wrong and deserving of punishment.
People who break into computer systems and cause
harm should be held accountable for their actions.
We need to make appropriate distinctions in the
legal code among various forms of computer crime,
based on such factors as intent and the degree of
actual damage....
As I began to find out the real story behind
government raids and indictments last summer, I
became incensed at the fact that innocent
individuals were getting caught up in the
blundering machinations of certain law enforcement
agencies....93
The EFF immediately became involved in the case of Steve
Jackson Games.94 Its attorneys helped Jackson obtain the
92Electronic Frontier Foundation, Mission Statement, July
10, 1990.
93Kapor, "Why Defend Hackers?", Effector, March 1991, at
1, 3.
94Electronic Frontier Foundation, supra note 39.
106
return of his confiscated equipment95 and successfully
sought to have the SJG search affidavit unsealed.96
The EFF's most prominent early role, however, was
probably its involvement in the defense of Craig Neidorf.
With the aid of the EFF's attorneys, Neidorf moved to have
the charges against him dropped on First Amendment grounds.
In support of this motion the EFF filed an amicus brief in
which it explained the importance of the issues in the case:
The indictment in this case has raised a
significant concern among BBS operators and users
as to the liability that they might face for the
communication of information that may turn out to
have originally been obtained without
authorization. . . . [M]any of these bulletin
board systems have ongoing discussions, or
conferences, about a wide variety of subjects, and
often, in the spirit of free and open
communication, individuals put postings on the
bulletin boards which could be construed as
advocating or supporting illegal activity. While
the operators of these BBSs do not support such
activity, they would like to maintain a free, open
and robust interchange of ideas, and are concerned
about the liability they may face.97
In challenging these charges stemming from Neidorf's
publication of the E911 file, EFF's brief emphasized that
Neidorf had been uninvolved in the illegal removal of the
E911 file from the Bell South computer. Neidorf, it said,
acted as publisher, "much as the publisher of the Chicago
95Sterling, supra note 36, at 3.
96Bromberg, supra note 91, at 49.
97Motion of the Electronic Frontier Foundation for Leave
to Appear as Amicus Curiae at 3-4, U.S. v. Riggs, 743
F.Supp. 556 (N.D. Ill. 1990).
107
Tribune does when printing and distributing that
newspaper."98 Therefore, the EFF maintained, Neidorf
should be accorded the full protection of the First
Amendment. This protection, the EFF argued, extended not
only to the actual publication of Phrack, but also to the
transfer of the E911 file from Illinois to Missouri, because
that transfer was incidental to publication. "If ... the
publication of the E911 text was protected by the First
Amendment, the transmittal of the information to and from a
bulletin board prior to publication triggers First Amendment
protections."99
The EFF then argued that any statute criminalizing
publication of information must serve an overriding
governmental interest, must be narrowly tailored to serve
that interest and bears a heavy presumption against
constitutionality. The interest in protecting confidential
business information, it argued, was not an overriding
governmental interest, and thus the government interest did
not outweigh Neidorf's First Amendment rights to receive and
republish the E911 file, which was of "public
significance."100
98Memorandum, supra note 20, at 4.
99Id. at 4.
100Id. at 4-9.
108
In support of its argument, the EFF cited Smith v. Daily
Mail Publishing Co.101 In that case, a newspaper had been
prosecuted for violating a state law prohibiting publication
of the name of a juvenile defendant without prior approval
of a judge. The Supreme Court struck down the law as
unconstitutional. Chief Justice Burger wrote that state
action to punish publication of truthful information must
serve a state interest "of the highest order."102 The
interest here -- protecting the anonymity of juvenile
offenders -- was recognized by the Court as legitimate, but
not sufficiently compelling to outweigh First Amendment
rights. The EFF also cited similar decisions in Worrell
Newspapers of Indiana, Inc. v. Westhafer,103 which declared
unconstitutional a law prohibiting publication of a
suspect's name before an arrest had been made, and Landmark
Communications Inc. v. Virginia,104 which struck down a
newspaper's indictment for publishing the name of a judge
who was under investigation.
Surely, the EFF argued in its brief, the interests
involved in these cases -- protecting the anonymity of
juvenile offenders in Smith, for instance, and apprehending
101443 U.S. 97 (1979).
102Id. at 103.
103739 F.2d 1219 (7th Cir. 1984).
104435 U.S. 829 (1978).
109
criminals in Worrell -- were more compelling than the
governmental interest in protecting confidential business
information such as that supposedly contained in the E911
file. Yet even those higher state interests had failed to
outweigh the First Amendment's protection for the
publisher.105 The information published by Neidorf related
to a matter of public significance -- relating, as it did,
to the availability of emergency service to the public -- so
the First Amendment interest in publication outweighed the
interest advanced by the government,106 the EFF argued. And
far narrower means of protecting that interest are
available, such as imposing liability upon the person who
actually stole the information rather than upon the
republisher.107 To punish Neidorf for publishing
information he knew to be stolen, the EFF argued, would be
analogous to prosecuting The New York Times for publishing
the Pentagon Papers, "which it may have known or had reason
to know had been stolen by Daniel Ellsberg."108
105Memorandum, supra note 20, at 6.
106Id. at 8.
107Id. at 9.
108Id. at 13. The EFF also cited Pearson v. Dodd, 410
F.2d 701 (D.C. Cir. 1969), and Dietemann v. Time, Inc., 449
F.2d 245 (9th Cir. 1971), to support a "distinction between
publishing information one has stolen [as in Dietemann] and
publishing information stolen by others [as in Pearson]."
Memorandum, supra note 20, at 12.
110
Some of the charges against Neidorf related not to the
publication of the E911 file but to two issues of Phrack
that supposedly advocated hacking activity, one announcing
"The Phoenix Project" and the other allegedly containing
hacker tutorials. Neidorf and the EFF challenged these
counts of the indictment on First Amendment grounds as well.
Since the charges centered around advocacy of illegal
conduct, the brief argued, they had to meet the incitement
standard established by Brandenburg v. Ohio.109 The Supreme
Court's per curiam opinion in Brandenburg enunciated that
test as follows: "[T]he constitutional guarantee of free
speech and free press do not permit a State to forbid or
proscribe advocacy of the use of force or of law violation
except where such advocacy is directed to inciting or
producing imminent lawless action and is likely to incite or
produce such action."110
The Court Responds The Court Responds The Court Responds
The United States District Court for the Northern
District of Illinois, where the case went to trial,
recognized that with the Neidorf case it was plotting "a
course on uncharted waters."111 In his decision ruling on
109395 U.S. 444 (1969).
110395 U.S. 444, 447.
111U.S. v. Riggs, 739 F.Supp. 414, 419 (N.D. Ill. 1990).
111
the first of two motions by the defendants to have the
charges dismissed,112 Judge Nicholas Bua wrote:
Over the course of the past decade, advances in
technology and growing respect and acceptance for
the powers of computers have created a true
explosion in the computer industry. Quite
naturally, the growth of computer availability and
application has spawned a host of new legal
issues. This case requires the court to wrestle
with some of these novel legal issues which are a
product of the marriage between law and
computers.113
In responding to the EFF's arguments, however, the court
stayed within familiar territory, avoiding the more
difficult questions of First Amendment applicability to a
new medium. The First Amendment, Judge Bua ruled, would not
be a defense in any case. "[T]he law is clear," he wrote,
"that where an individual violates an otherwise valid
criminal statute, the First Amendment does not act as a
shield to preclude the prosecution of that individual simply
because his criminal conduct involves speech."114 Chief
support for this position came from United States v.
Rowlee,115 a Second Circuit case that upheld the defendant's
conviction for mail fraud based upon his activities in a
society devoted to promoting tax evasion. Rowlee's conduct,
112The first motion to dismiss was not on constitutional
grounds, but rather alleged insufficiency of the indictment
under the statutes involved.
113739 F.Supp. 414, 416.
114Id. at 559-560.
115899 F.2d 1275 (2d Cir. 1990).
112
the circuit court had written, "was not protected by the
First Amendment merely because, in part, it may have
involved the use of language."116 If Neidorf had indeed
participated in the scheme to defraud as alleged, Bua wrote,
"then he is criminally responsible for his conduct in
furtherance of the scheme, and the First Amendment does not
shield him from that responsibility."117 According to
Rowlee, Bua wrote, "the Brandenburg test cannot be
reasonably applied to violations of the mail fraud or wire
fraud statutes, which usually 'involve long-term, slowly-
developing wrongs, not "imminent lawless action."'"118
With the EFF's motions all denied by the court, Neidorf's
trial began on July 23, 1990. Within four days, testimony
had revealed the E911 file to be largely in the public
domain, and the charges against Neidorf were dropped.119
Summary Summary Summary
The explosive controversies of 1990, resulting from the
Secret Service's crackdown on computer hackers, revealed the
changing roles of some of the players in the regulatory
process and the emergence of an entirely new player.
116Id. at 1278.
117743 F.Supp. 556, 562.
118Id. (quoting U.S. v. Rowlee, 899 F.2d 1275, 1280 (2d
Cir. 1990)).
119Markoff, supra note 35.
113
Where it had previously remained quietly on the
sidelines, law enforcement agencies, particularly the Secret
Service, initiated the controversies over free speech and
computers in the process of executing computer crime laws.
The hacker community continued to act chiefly as catalyst,
but by necessity found itself taking a more active role in
the debate. And in response to the evident disregard by law
enforcement of the civil liberties of those it was
investigating, the Electronic Frontier Foundation appeared
to raise awareness of the civil-liberties issues that law
enforcers appeared to be missing.
114
CHAPTER FIVE: CHAPTER FIVE: CHAPTER FIVE:
Conclusions Conclusions Conclusions
The events of 1983-1990, beginning with the release of
the movie WarGames and culminating in Operation Sun Devil
and the legal controversies surrounding Craig Neidorf and
Steve Jackson, reveal a chaotic interplay of political
forces, some of them new to the scene. With a new and still
largely unfamiliar technology, such chaos is understandable,
and it is possible that expressions of fear for the future
of the First Amendment have been overstated.
Computer-based communication is, however, a troubled
medium, and it is by no means certain that it will receive
the First Amendment protection it deserves. That it
deserves First Amendment protection should not be doubted.
The broad availability of the technology and the freedom and
diversity of the content make computer-based communication
possibly the purest expression of the First Amendment in
existence today. If, as A.J. Liebling said, freedom of the
press belongs to those who own one, then thanks to computers
and networking, today anyone with a few hundred dollars can
own one and can have access to a broader audience than any
mimeographed newsletter or handbill could ever reach. A
threat to the freedom of computer-based communication does
indeed represent a threat to the very heart of the First
Amendment.
Threats to the medium's freedom have resulted not from
affirmative governmental desires to censor so much as from
governmental failure to fully consider and recognize the
nature of the medium. An examination of the contribution of
each of the important players considered in this thesis
reveals a need to raise awareness of First Amendment issues
and educate the uneducated about the powers (and
limitations) of computer technology.
Congress Congress Congress
By and large, Congress did not intend the Counterfeit
Access Device and Computer Fraud and Abuse Act of 1984 and
the Computer Fraud and Abuse Act of 1986 laws to be aimed
primarily at hackers. Although deterrence and "sending a
message" were part of their purpose, Congress realized that
hackers were a minor threat at best to well-maintained
computer systems. Furthermore, witnesses and legislators
seemed quite cautious about targeting only truly malicious
criminals -- those who intended damage or sought financial
gain -- rather than the merely mischievous.
The primary thrust of this legislation was economic; it
was to provide prosecutors the means to pursue white-collar
criminals, usually insiders, whose crimes were strictly
financial in nature. These laws ultimately had little to do
with the hacker subculture and certainly did not call for a
wholesale persecution of hackers.
Nonetheless, the hearings did demonstrate a fear of
computers and of hackers. The "hacker problem" was often
exaggerated, and legislators tended to focus more upon the
116
mysterious technology rather than the act itself. This may
explain why it was felt prosecutors needed new laws
explicitly covering computer crime despite the fact that
they had evidently not had great difficulty prosecuting
computer criminals under the old laws.
Perhaps because the 1984 and 1986 laws were narrowly
tailored to apply to computer criminals, Congress apparently
did not perceive a First Amendment concern connected with
computer communication. There did appear to be a
recognition among some legislators and experts that the
field was complicated, and that the question of placing
monetary value upon information was a tricky one. But the
First Amendment did not itself appear to be implicated.
That Congress failed to consider the First Amendment may
have contributed to subsequent problems, because prosecutors
and courts were left with no clear idea of legislative
intent in that area. Furthermore, although Congress was
concerned with computer crime rather than speech, its
emphasis upon the technology of an act (the computer) rather
than upon the act itself may be symptomatic of the same
conceptual problems facing computer communication. By
singling out computers for special legal treatment, even
though the crime may be the same as one committed with a pen
and paper, Congress has set a precedent that could deny
computer-based communication the constitutional protection
other media receive.
117
Law Enforcement Law Enforcement Law Enforcement
The early role of law enforcement agencies was largely to
tell Congress what it wanted to hear: that it would be happy
to have a new weapon to use in the fight against white-
collar crime. But enforcers were chiefly concerned with
financial crimes such as embezzlement and fraud, crimes
committed almost universally by "insiders" rather than
hackers. It is also significant that despite their
willingness to add another statute to their arsenal,
enforcers generally reported universal success in
prosecuting computer crime under existing laws.
Armed with the Counterfeit Access Device and Computer
Fraud and Abuse Act of 1984 and the Computer Fraud and Abuse
Act of 1986, however, law enforcement agencies in the United
States -- particularly the Secret Service -- apparently
interpreted these laws as a mandate to eradicate computer
hackers of every stripe. The sweeping crackdown of
Operation Sun Devil and particularly the cases of Craig
Neidorf and Steve Jackson Games suggest that in their zeal
to root out the Legion of Doom, enforcers may have taken
their authority beyond what Congress intended or the
Constitution should allow.
The actions of law enforcers during the events of 1990
again reveal a basic fear and misunderstanding of computers
and computer hackers. This fear is almost certainly a
result of simple ignorance. Familiarity with computers and
network technology reveals material such as the E911 file,
118
GURPS Cyberpunk or Loyd Blankenship's comments about the
Kermit protocol to be harmless. Yet the Secret Service
evidently believed each of these to be dangerous -- and in
the case of the E911 file and Blankenship's Kermit comments,
these beliefs led the agency to take disruptive action that
deprived Craig Neidorf and Steve Jackson of their rights.
However, despite the sinister images painted by some in
the computer underground, law enforcement agencies such as
the Secret Service have acted not out of any desire to
abridge First Amendment rights, but out of ignorance. The
errors made by the agents who raided Steve Jackson Games,
like the confusion of the FBI agent who visited John Perry
Barlow, are indeed "in microcosm, the entire law enforcement
structure of the United States" -- they are struggling to
enforce laws regarding a technology that is, by and large,
alien to them. Where they have overreacted with
exaggeration and fear, it is ultimately because they do not
understand.
Electronic Frontier Foundation Electronic Frontier Foundation Electronic Frontier Foundation
The Electronic Frontier Foundation, then, appears to be
on the right track with its stated goals to "engage in and
support educational activities that increase popular
understanding of the opportunities and challenges posed by
computing and telecommunications" and "develop among policy-
makers a clear understanding of the issues underlying free
119
and open telecommunications."1 While coming to the legal
defense of people like Craig Neidorf and Steve Jackson is a
worthy goal -- and probably necessary if formal legal
safeguards are to be put in place -- such legal struggles
cannot alone solve the underlying problem.
Indeed, the EFF's most important role in 1990 may have
been that of educator and consciousness-raiser rather than
litigator, as some of its legal arguments in the Neidorf
case left something to desired. For instance, its amicus
brief asserted without support that information-gathering
activity (such as Neidorf's receipt of the E911 file) enjoys
the same First Amendment status as publication, a suggestion
that would make a sweeping change in First Amendment law. A
long list of cases (chiefly Branzburg v. Hayes2 and Zemel v.
Rusk3) shows that information gathering has never received
1"Goals of the Electronic Frontier Foundation," Effector,
Sept. 1991, at 4.
2"It is clear that the First Amendment does not
invalidate every incidental burdening of the press that may
result from the enforcement of civil or criminal statutes of
general applicability." 408 U.S. 665, 682 (1971) (opinion of
Justice White).
3"There are few restrictions on action which could not be
clothed by ingenious argument in the garb of decreased data
flow. For example, the prohibition of unauthorized entry
into the White House diminishes the citizen's opportunities
to gather information he might find relevant to his opinion
of the way the country is being run but that does not make
entry into the White House a First Amendment right. The
right to speak and publish does not carry with it the
unrestrained right to gather information." 381 U.S. 1, 16-17
(1964).
120
the First Amendment protection given to publication.
Equally questionable is the EFF's reliance on Smith v. Daily
Mail and Landmark Communications v. Virginia to support the
requirement of an overriding governmental interest. These
cases provide shaky support in a case such as Neidorf's,
where the legality of the information gathering is in
dispute, because both cases are explicitly limited to
publication of information obtained legally.4
Although Neidorf was vindicated, the outcome of his case
was not the victory sought by the EFF. Neidorf did not win
his case by virtue of First Amendment protection, nor did he
win it by virtue of innocence; the prosecution dropped the
case primarily because it had received incorrect information
from Bell South about the availability of the E911 file.5
The case raised questions to which it provided no answers.
Could publication of confidential information really be
transporting stolen goods? What liability was faced by the
republisher of information that had been obtained illegally
by someone else?
4"If the information is lawfully obtained, as it was
here, the state may not punish its publication except when
necessary to further an interest more substantial than is
present here." Smith v. Daily Mail, 443 U.S. 97 (1979)
(emphasis added); "We are not here concerned with the
possible applicability of the statute to one who secures the
information by illegal means and thereafter divulges it."
Landmark Communications v. Virginia, 435 U.S. 829 (1978).
5"Enforcement Questions Raised After Hacker Case
Dismissed," Washington Post, Aug. 2, 1990, at C13, col. 1.
121
Hackers Hackers Hackers
From the very beginning, computer hackers, a group that
shuns attention, took on a central role in the controversy
over computer security. At first, their role was mainly
that of catalyst. The exploits of fictional hacker David
Lightman in WarGames, given an air of authenticity by the
subsequent arrests of the 414s, called public attention to
the problems of computer security and the vulnerability of a
computer-dependent society. A few hackers, such as Neal
Patrick of the 414s, did play a direct role in the early
policymaking process by testifying before Congressional
committees. But such testimony -- which attempted to calm
the hysteria by downplaying the danger and mystery of
hacking -- had less of an effect on Congressional attitudes
than did the perceived threat of an "electronic Messiah" or
a "WarGames scenario."
Later, it became clear that hackers, like the other
players in this process, do have an agenda. Actions such as
Craig Neidorf's redistribution of the E911 file are not
mindless vandalism, but are part of the hacker quest for a
sort of ultimate "freedom of information," part of Levy's
"Hacker Ethic." Neidorf did not stand to gain anything
personally -- except perhaps an enhanced reputation among
hackers -- from his actions. He sought merely to further
the goals of decentralization and shared information.
Whether or not these goals are wise, their advocacy is a
122
position entitled to the opportunity to compete in the
marketplace of ideas. Neidorf's alleged advocacy of hacking
in Phrack was not in furtherance of any scheme to defraud,
as the government alleged; it was in pursuit of political,
social and economic change, based on the belief that all
information should be free. Brandenburg v. Ohio explicitly
affirmed that the First Amendment does not permit government
to forbid advocacy even of violence to effect social
change.6 Can the government forbid advocacy of unauthorized
access to computers in pursuit of such goals?
The Courts The Courts The Courts
Although courts will likely have a strong influence upon
the formation of policy regarding the freedom of computer-
based communication -- as they have for other media -- the
events of 1990 do not provide an adequate sample by which to
judge what this influence will be. The only judicial
opinion addressing the First Amendment issues connected to
the Secret Service's hacker crackdown was that of Judge Bua
in the Neidorf case, an opinion in which the First Amendment
questions were sidestepped. Because a trial court's opinion
carries no precedential weight and the subsequent dropping
of the charges against Neidorf left no opportunity for
6395 U.S. 444, 447-448 (1969).
123
appeal, the courts have yet to speak decisively in this
matter.
Recent Developments Recent Developments Recent Developments
Two recent events may have significant implications for
the future of computer-communication law. On May 1, 1991,
Steve Jackson Games and the Electronic Frontier Foundation
filed a lawsuit against the United States Secret Service,
citing, among other offenses, violations of the First and
Fourth Amendments to the Constitution.7 The First Amendment
charges were based upon the prior restraint that resulted
from the confiscation of the GURPS Cyberpunk materials and
from the seizure of SJG's BBS system. Among many other
charges, the lawsuit alleges that the Secret Service's
affidavit was invalid because it swept within its scope
numerous forms of First-Amendment-protected expression.
Perhaps most significantly, the lawsuit specifically
includes in that category "a BBS that was a forum for speech
and association protected by the First Amendment."8
The lawsuit, filed in the U.S. District Court for the
western district of Texas, was hailed by EFF attorney Mike
Godwin as "the most important case brought to date to
7Electronic Frontier Foundation, Press Release, May 1,
1991.
8Complaint and Demand for Jury Trial, Steve Jackson Games
Inc. et al. v. U.S. Secret Service et al., U.S. District
Court, Western District of Texas, Austin Division.
124
vindicate the Constitutional rights of the users of
computer-based communication technology."9 The SJG lawsuit
may succeed where the Neidorf trial failed: It may provide
the watershed case in which a court could define the First
Amendment's applicability to computer-based communication.
In an unrelated case, on October 29, 1991, the U.S.
District Court for the Southern District of New York handed
down a ruling that may prove to be a significant development
in the law regarding computer communication. In Cubby v.
CompuServe, Inc.,10 Judge Peter K. Leisure dismissed a libel
suit against the CompuServe information service regarding
allegedly defamatory statements posted in one of its many
forums, tackling the sticky question of sysop liability:
The requirement that a distributor must have
knowledge of the contents of a publication before
liability can be imposed for distributing that
publication is deeply rooted in the First
Amendment....
While CompuServe may decline to carry a given
publication altogether, in reality, once it does
decide to carry a publication, it will have little
or no editorial control over that publication's
contents....
CompuServe has no more editorial control over
such a publication than does a public library,
book store, or newsstand, and it would be no more
feasible for CompuServe to examine every
publication it carries for potentially defamatory
statements than it would be for any other
distributor to do so.11
9Press Release, supra note 7.
101991 U.S. Dist. LEXIS 15545 (unreported as of November
1991, retrieved from the LEXIS online database).
11Id. at 9-11.
125
Judge Leisure's reliance upon the First Amendment seems a
clearer affirmation than ever that the First Amendment
applies unequivocally to computer-based media (though it
remains unclear which existing model, if any, is the best
fit). The decision seems to adopt the "knowing" test for
sysop liability: that the sysop can only be held responsible
if he is aware, or could reasonably be expected to be aware,
of the defamatory material.
The Direction of the Law The Direction of the Law The Direction of the Law
Concerns over the First Amendment rights of computer
communicators are legitimate. But the overall direction of
the law leaves room for optimism. The Secret Service's
crackdown on hackers in 1990 served to bring the questions
of free speech and computer media into the public eye, and
it was directly responsible for the creation of the
Electronic Frontier Foundation. Although individuals such
as Steve Jackson and Craig Neidorf may have been injured by
the persecution they endured, their cases demonstrated the
need for greater understanding of computers and computer-
based communication. The controversies of 1990 have
ensured that the formation of policy regarding computer
communication will receive the attention it deserves from
not only special-interest groups like the Electronic
Frontier Foundation, but from the mainstream legal community
as well. Noted constitutional scholar Laurence Tribe has
126
gone so far as to propose a constitutional amendment
explicitly protecting computer communication:
If my own life as a lawyer and legal scholar
could leave just one legacy, I'd like it to be the
recognition that the Constitution as a whole
"protects people, not places." If that is to come
about, the Constitution as a whole must be read
through a technologically transparent lens. That
is, we must embrace, as a rule of construction or
interpretation, a principle one might call the
"cyberspace corollary." It would make a suitable
Twenty-seventh Amendment to the Constitution, one
befitting the 200th anniversary of the Bill of
Rights....
The Twenty-seventh Amendment, to be proposed
for at least serious debate in 1991, would read
simply:
"This Constitution's protections for the
freedoms of speech, press, petition, and assembly,
and its protections against unreasonable searches
and seizures and the deprivation of life, liberty,
or property without due process of law, shall be
construed as fully applicable without regard to
the technological method or medium through which
information content is generated, stored, altered,
transmitted, or controlled."12
Such a proposal, along with recent events such as Cubby
v. CompuServe and the potential of Steve Jackson Games v.
United States Secret Service, show that some of the
strongest regulatory players may be on the side of freedom
in cyberspace.
12L. Tribe, "The Constitution in Cyberspace," prepared
remarks, keynote address at the First Conference on
Computer, Freedom and Privacy, Mar. 26, 1991.
127
BIBLIOGRAPHY BIBLIOGRAPHY BIBLIOGRAPHY
Books Books Books
De Sola Pool, Technologies of Freedom (1983)
Krasnow, Longley, and Terry, The Politics of Broadcast
Regulation (3d. ed. 1982).
Levy, Hackers (Paperback ed. 1984).
Freedman, The Computer Glossary (4th ed. 1989)
Hafner and Markoff, Cyberpunk: Outlaws and Hackers on the
Computer Frontier (1991).
Dvorak and Anis, Dvorak's Guide to PC Telecommunications
(1990).
Magazine Articles Magazine Articles Magazine Articles
Costikyan, "Closing the Net," Reason, Jan. 1991, at 22.
Kapor, "Civil Liberties in Cyberspace," Scientific American,
Sept. 1991, at 116.
Barlow, "Crime and Puzzlement," Whole Earth Review, Fall
1990, at 45.
Law Review Articles Law Review Articles Law Review Articles
R. Neustadt, G. Skall, M. Hammer, "The Regulation of
Electronic Publishing," 33 Fed. Comm. L.J. 331 (1981).
K. Uyehara, "Computer Bulletin Boards: Let the Operator
Beware," 14 Student Lawyer, April 1986, at 30.
M. E. Katsh, "The First Amendment and Technological Change:
The New Media Have a Message," 57 Geo. Wash. L. Rev. 1459
(1989).
R. Charles, "Computer Bulletin Boards and Defamation: Who
Should Be Liable? Under What Standard?" 2 J. of Law and
Technology, Winter 1987, at 121.
E. Jensen, "An Electronic Soapbox: Computer Bulletin Boards
and the First Amendment," 39 Fed. Comm. L.J. 217 (1987).
E. Di Cato, "Operator Liability Associated With Maintaining
a Computer Bulletin Board," 4 Software L.J. 147 (1990).
J. Soma, P. Smith, R. Sprague, "Legal Analysis of Electronic
Bulletin Board Activities," 7 W. New Eng. L. Rev. 571
(1985).
R. Beall, "Developing a Coherent Approach to the Regulation
of Computer Bulletin Boards," 7 Computer/Law Journal 499
(1987).
J. Hurwitz, "Teletext and the FCC: Turning the Content
Regulatory Clock Backwards," 64 Boston Univ. L. Rev. 1057
(1984).
R. Hindman, "The Diversity Principle and the MFJ Information
Services Restriction: Applying Time-Worn First Amendment
Assumptions to New Technologies," 38 Catholic Univ. L.
Rev. 471 (1989).
L. Becker, "Electronic Publishing: First Amendment Issues in
the Twenty-First Century," 13 Fordham Urban L.J. 801
(1985).
Congressional Hearings and Reports Congressional Hearings and Reports Congressional Hearings and Reports
Computer and Communications Security and Privacy: Hearings
Before the Subcommittee on Transportation, Aviation and
Materials of the Committee on Science and Technology,
House of Representatives, 98th Cong., 1st Sess. (1983).
Computer and Communications Security and Privacy: Report
Prepared by the Subcommittee on Transportation, Aviation
and Materials, Transmitted to the Committee on Science
and Technology, House of Representatives, 98th Cong., 2d
Sess. (1984).
Computer Crime: Hearing Before the Subcommittee on Civil and
Constitutional Rights of the Committee on the Judiciary,
House of Representatives, 98th Cong., 1st Sess. (1983).
Computer Fraud Legislation: Hearing Before the Subcommittee
on Criminal Law of the Committee on the Judiciary, U.S.
Senate, 99th Cong., 1st Sess. (1985).
Health and the Environment Miscellaneous -- Part 4: Hearings
Before the Subcommittee on Health and the Environment of
the Committee of Energy and Commerce, House of
Representatives, 98th Cong. (1984).
Counterfeit Access Device and Computer Fraud and Abuse Act:
Hearings Before the Subcommittee on Crime of the
129
Committee on the Judiciary, House of Representatives,
98th Cong., 1st and 2d Sess. (1983-84).
Computer Fraud and Abuse Act of 1986: Hearing Before the
Committee on the Judiciary, U.S. Senate, 99th Cong., 2d
Sess. (1986).
Use of Computers to Transmit Material Inciting Crime:
Hearing Before the Subcommittee on Security and Terrorism
of the Committee on the Judiciary, United States Senate,
99th Cong., 1st Sess. (1985).
Cases Cases Cases
U.S. v. Riggs, 739 F.Supp. 414 (N.D. Ill. 1990).
U.S. v. Riggs, 743 F.Supp. 556 (N.D. Ill. 1990).
Online Sources Online Sources Online Sources
Jargon File version 2.9.6 (Aug. 16, 1991), distributed via
the Internet.
G. Spafford, What Is Usenet? (Sept. 9, 1991), distributed
via Usenet.
Computer Underground Digest, published every two to three
weeks via Usenet.
130
0 comments:
Post a Comment