Note: This file was created by printing Word for Windows document files to an ASCII file, using a Generic/Plain Text printer driver. Line breaks and some formatting characteristics weren't preserved very well in this conversion. The author can be reached at the following email address: rberry@vnet.ibm.com FREE SPEECH IN CYBERSPACE FREE SPEECH IN CYBERSPACE FREE SPEECH IN CYBERSPACE The First Amendment and the Computer Hacker The First Amendment and the Computer Hacker The First Amendment and the Computer Hacker Controversies of 1990 Controversies of 1990 Controversies of 1990 by by by ROBERT R. BERRY ROBERT R. BERRY ROBERT R. BERRY A Thesis submitted to the faculty of The University of North Carolina at Chapel Hill in partial fulfillment of the requirements for the degree of Master of Arts in the School of Journalism and Mass Communication. Chapel Hill 1991 Approved by: Cathy L. Packer, Advisor Ruth Walden, Reader John Semonche, Reader Copyright (c) 1991 by Robert R. Berry Table of Contents Chapter 1. New Questions for a New Medium..................1 Chapter 2. The Net........................................28 Chapter 3. Hackerphobia...................................52 Chapter 4. Operation Sun Devil............................79 Chapter 5. Conclusions...................................115 Bibliography.............................................128 CHAPTER ONE: CHAPTER ONE: CHAPTER ONE: New Questions for a New Medium New Questions for a New Medium New Questions for a New Medium Introduction Introduction Introduction In the spring of 1990, a 20-year-old student at the University of Missouri in Columbia was prosecuted in a federal court because of something he published. The information he published was true, it was of public concern, and it had come to him through legal channels. Nonetheless, the government charged that his publication was part of a conspiracy to commit fraud and that his information- gathering activities and publication amounted to interstate transportation of stolen property. Shouldn't the First Amendment have protected Craig Neidorf from prosecution? Unfortunately, the answer to that question is unclear because of the technology he used to deliver his message. Neidorf's publication was electronic. He created it as text on his computer and distributed it over a network to other computer users who read it on their video screens. It went from author to audience without ever existing in tangible form. And the information whose publication led to his prosecution -- a document describing a telephone system -- came to him through the same channels. For the first time, a federal court confronted this question: How does the First Amendment apply to computer- based communication? Craig Neidorf's prosecution was only one part of a crackdown on computer crime that in 1990 aroused widespread concern over civil liberties and computer use. In another case, Steve Jackson Games, a small publishing company in Austin, Texas, found itself nearly put out of business when the Secret Service raided its premises and confiscated its computers -- all because the agency suspected it might find contraband information on the computers.1 Was the government casting its net too broadly in its campaign against computer crime, infringing on free speech in the process? The events of 1990 demonstrated better than any before the confused and uncertain state of the law as it applied to computer-based communication. The Problems of a New Medium The Problems of a New Medium The Problems of a New Medium Advances in computer technology over the past decade have made computers available to a vast number of people and irrevocably changed the way most work is done in this country. The United States Department of Commerce estimated in 1988 that as many as 38 million personal computers would be installed by 1991, with 28 percent of all American households computer-equipped.2 But computers have proved to be more than tools for word processing and math; increasingly, the computer is a communication tool. 1See, e.g., Costikyan, "Closing the Net," Reason, Jan. 1991, at 22; Kapor, "Civil Liberties in Cyberspace," Scientific American, Sept. 1991, at 116. 2National Technical Information Service, U.S. Dept. of Commerce, NTIA Information Services Report (1988), at 27. 2 Today, anyone with a computer and a modem3 -- and an estimated 19 million modems are currently installed4 -- possesses the means to communicate with thousands of other computer users. Available services include hundreds of commercial online information services such as CompuServe and Prodigy.5 These services provide electronic access to major news services such as USA Today, Dow Jones and the Associated Press. They also provide their own news, advice columns, movie and music reviews, and hundreds of other features online. Syndicated columns from writers such as Dave Barry and Mike Royko are available by electronic subscription for users who have electronic mail addresses on any of the major national computer networks.6 And a probably uncountable number of amateur newsletters and magazines produced by individuals are distributed electronically via computer networks to small lists of subscribers. Electronic bulletin boards7 number as many as 3A modem is a device used to translate digital computer data into electrical signals capable of transmission over telephone lines. 4NTIA Report, supra note 2, at 29. 5One directory lists 718 online informations services worldwide. Cuadra/Elsevier, Directory of Online Databases (vol. 12, nos. 1 and 2 (Jan. 1991)). 6Online advertisement from ClariNet, a service that distributes syndicated publications electronically (April 9, 1991). 7Bulletin boards are "computer systems that function as centralized information sources and message switching systems for a particular interest group. Users dial up the 3 100,000.8 Available to an increasing number of people at constantly shrinking expense, the computer and modem may be the 1990s equivalent of the mimeographed handbill. Clearly, "the press" no longer requires ink or paper. Some of these publications9 are direct electronic analogues of magazines, newspapers, newsletters and pamphlets, while others are entirely new forms; but none need ever exist on paper. A new medium of mass communication, distinct from print but sharing many of its essential characteristics, is spreading, and as computers become ever more accessible, its continued spread is inevitable. Because these forms of communication may be well on their way to becoming the dominant ones, it is important that the law be ready to accommodate them. But the existing models of media law are inadequate to the task. Today's system divides technologies of communication into essentially three tiers of First Amendment protection.10 Most protected are traditional print media, newspapers and magazines, which bulletin board, review and leave messages for other users as well as communicate to other users attached to the system at the same time." Freedman, The Computer Glossary 80 (4th ed. 1989), at 80. 8L. Wood, D. Blankenhorn, "State of the BBS Nation," Byte, Jan. 1990, at 298. 9Although the technology is new, there can be no doubt that these activities are indeed publishing. Black's Law Dictionary defines publish as "[t]o make public; to circulate; to make known to people in general. To issue; to put into circulation." 10See, e.g,, De Sola Pool, infra note 18; Becker, infra note 73, at 829-30. 4 enjoy great, though not absolute, freedom from government control under the First Amendment.11 The middle ground is occupied by the broadcast media, radio and television. Although the First Amendment still protects broadcast journalists from governmental interference with day-to-day editorial decision-making,12 broadcasters are nonetheless subject to government licensing and many other requirements dictated by the FCC and Congress.13 Least protected by the First Amendment -- or most regulated -- are common carriers, telephone and other wire communication systems operated by companies such as AT&T. Common carriers operate under strict guidelines governing access, rates, even content. Because common carriers have almost no control of how their facilities are used, however, they are generally immune from liability for misuse.14 None of these legal models can comfortably encompass computer-based communication. The content of such communication -- written text -- is most analogous to print, 11See, e.g., Near v. Minnesota, 283 U.S. 697 (1931); New York Times Co. v. Sullivan, 376 U.S. 254 (1964), New York Times Co. v. United States, 403 U.S. 713 (1971), Miami Herald Publishing Co. v. Tornillo, 418 U.S. 241 (1974). 12See, e.g., CBS v. Democratic National Committee, 412 U.S. 94 (1973). 13See, e.g., Red Lion Broadcasting Co. v. FCC, 395 U.S. 367 (1969); FCC v. Pacifica Foundation, 438 U.S. 726 (1978). 14The history of common-carrier regulations, rather than being derived from First Amendment law, is descended from the regulation of railroads in the nineteenth century. See De Sola Pool, infra note 18, at 75-107. 5 but because computer networks rely on telephone lines, its technological foundation is that of the common carrier. Perhaps even more problematic, though, is that this new technology just doesn't look like print, and policymakers may therefore be hesitant to afford it the same protection.15 Such problems may prevent a major new outlet for free expression from achieving its potential. But the danger may be even more significant. If more traditional technologies such as print are replaced by electronic delivery, the First Amendment will no longer protect "the press" as it does today. Literature Review Literature Review Literature Review The difficulties associated with fitting a new communication technology such as computer-based communication into existing legal frameworks has not escaped legal commentators. "Electronic publishing," writes former White House policymaker Richard Neustadt, "provides square pegs to fit into the round holes of old regulatory categories."16 And Kim Uyehara writes, "Lawmakers are 15See, e.g., De Sola Pool, infra note 18, at 197. 16R. Neustadt, G. Skall, M. Hammer, "The Regulation of Electronic Publishing," 33 Fed. Comm. L.J. 331, 332 (1981). 6 having a hard time keeping legislation current with the technical explosion."17 Most writers have taken either a broad approach -- discussing very generally the legal and social problems of new communication technology -- or a very narrow one, asking and answering very specific legal questions. The most significant entry in the former category is by Ithiel de Sola Pool, whose book Technologies of Freedom,18 cited frequently by other authors, seems to be the seminal work in the field. The book is slightly dated as far as the technology goes -- 1983 is a long time ago in the world of computers -- but its discussion of the underlying issues is insightful. De Sola Pool's book is more descriptive than analytical, concentrating on elucidating the legal problems of new communication technology rather than solving them. It opens with a warning: For five hundred years a struggle was fought, and in a few countries won, for the right of people to speak and print freely, unlicensed, uncensored, and uncontrolled. But new technologies of electronic communication may now relegate such old and freed media such as pamphlets, platforms, and periodicals to a corner of the public forum. Electronic modes of communication that enjoy lesser rights are moving to center stage. The new communication technologies have not inherited all the legal immunities that were won for the old.... And so, as speech increasingly flows over those electronic 17K. Uyehara, "Computer Bulletin Boards: Let the Operator Beware," 14 Student Lawyer, April 1986, at 30. 18I. de Sola Pool, Technologies of Freedom (1983). 7 media, the five-century growth of an unabridged right of citizens to speak without controls may be endangered.19 De Sola Pool provides a history of communication technology, starting with the origins of print20 and covering the emergence of electronic media.21 He also summarizes the history and current state of modern media law, dividing media into regulatory categories; one chapter each is devoted to print,22 common carriers,23 and broadcasting.24 Additional chapters address the newer technologies of cable25 and -- most significantly for the purposes of this thesis -- electronic publishing.26 It is here that de Sola Pool warns that regulations driven by technology may eventually undermine the First Amendment: If computers become the printing presses of the twenty-first century, will judges and legislators recognize them for what they are?... Practices are now being canonized in regard to cable television, computer networks, and satellites which may someday turn out to be directly relevant to publishing. People then may ask in puzzlement where protections of the free press have gone.27 19 Id. at 1. 20 Id. at 12-14. 21 Id. at 23-54. 22Id. at 55-74. 23Id. at 75-107. 24Id. at 108-150. 25Id. at 151-188. 26Id. at 189-225. 27Id. at 189. 8 De Sola Pool makes no specific policy recommendations for dealing with these new problems. Instead, having sounded the alarm, he suggests general principles to guide policymakers. He suggests that the First Amendment applies equally to all media, that all communication should be unfettered by government restriction, and that regulation -- including common-carriage rules -- should be a last resort reserved only for cases of true physical monopoly.28 De Sola Pool's main message, though, seems to be that vigilance may be required to safeguard the First Amendment into the future. "Lack of technical grasp by policy makers and their propensity to solve problems of conflict, privacy, intellectual property, and monopoly by accustomed bureaucratic routines are the main reasons for concern," he writes. "But as long as the First Amendment stands ... the loss of liberty is not foreordained."29 A similarly broad -- and cautionary -- approach is taken by law professor M. Ethan Katsh.30 Katsh suggests that new communication technologies not only present novel legal problems, but "are likely to affect both how we think about 28Id. at 246. 29Id. at 251. 30M.E. Katsh, "The First Amendment and Technological Change: The New Media Have a Message," 57 Geo. Wash. L. Rev. 1459 (1989). 9 information and what the relationship is between citizen and government."31 Katsh argues that electronic communication not only provides a new physical channel for speech, but changes the nature of the information itself: Electronic information is even more active and more easily manipulable, revisable, and changeable [than print]. It is changeable in ways that print is not and, by its very nature, moves much faster. One who looks at words on a computer screen or even at words on paper that have emerged from a "printer" may think that he or she is seeing print, but the static or fixed quality of print is gradually being lost as information is encoded in electronic form.32 Katsh is not optimistic about the future of First Amendment law. "[D]ifferences in treatment among media can be expected to multiply," he writes. "It is even possible that 'full' First Amendment protection, whatever that may mean in the future, will not be enjoyed by any medium other than, perhaps, the spoken word."33 But he argues that despite greater legal restrictions, the power of new technologies will diminish the ability of the state to impede the flow of information.34 Prior restraint, for example, may become virtually impossible as means of 31Id. at 2. 32Id. at 13. 33Id. at 17. 34Id. at 17. 10 publication proliferate.35 Katsh sees in the future a "new communications environment," an environment characterized by a vigorous system of expression but an unstable and confused First Amendment framework.36 Apart from de Sola Pool and Katsh, few authors appear to have tackled the broad issues associated with computer communication. Most have concentrated instead on specific legal questions associated with specific media. Almost universally, the authors ask which model of media law can apply to these new technologies. But their analyses generally concentrate on very narrow regulatory and liability issues rather than the larger First Amendment issues involved. The question of legal models is generally answered only to the extent necessary to resolve the narrow questions they have tackled. Also, most of the existing literature is devoted to analysis of one specific form of computer communication, the electronic bulletin board system or BBS. The discussion of BBSs is further limited to one particular legal question, the liability of the BBS's system operator, or sysop, for messages posted by users on the BBS. 35Id. at 21. 36Id. at 23. 11 Attorney Robert Charles examines the question of sysop liability for defamation posted on a BBS.37 Charles uses the analogy technique used by virtually every other author writing on this subject. "This question may be answered by looking to the standards of liability that have been applied to other communication technologies," he writes.38 He then divides existing media into two categories based upon their legal status in defamation cases: print media, which are generally held accountable for defamation, and common carriers, which generally are not.39 The exception to that common carrier rule is when a common carrier is a "knowing" participant in the defamation.40 Charles ultimately recommends the formulation in explicit detail of a new, clear standard "tailored specifically to computer bulletin boards," incorporating the "knowing" test used for common carriers.41 Most writers tackling the sysop liability question discuss not defamation but messages related to criminal action, mainly computer hacking and other forms of computer 37R. Charles, "Computer Bulletin Boards and Defamation: Who Should Be Liable? Under What Standard?" 2 J. of Law and Technology, Winter 1987, at 121. 38Id. at 123. 39Id. at 132. 40Id. at 132-3. 41Id. at 147. 12 crime.42 In particular, phreaking, the theft of long- distance telephone service -- usually closely associated with hacking -- has been a popular subject of discussion. "While bulletin boards are usually not directly involved in any of these crimes, they are used to receive and distribute information by the computer enthusiasts who commit the illegal acts," writes attorney Eric Jensen, who also includes distribution of pornography and the formation of pedophilia rings among the potential abuses of BBSs.43 Jensen similarly asks whether earlier models of media law can accommodate BBSs. Dividing older media into the categories of publishers, republishers, and common carriers -- and choosing republishers as the best analogy to BBSs -- Jensen ultimately reaches a conclusion much like Charles', that sysop liability should be based upon the degree of the sysop's participation in the illegal actions.44 He cautions that direct regulation of BBSs, because of their nature, 42The term hacker originally meant a person with great technical expertise with computers -- particularly with programming -- and for whom computing was an end in itself, even an art form. However, it has popularly come to mean a person who, through stealing passwords and otherwise exploiting security holes, gains unauthorized access to computer systems, either maliciously or mischievously. See Chapter 2, notes 36-38 and surrounding text. 43E. Jensen, "An Electronic Soapbox: Computer Bulletin Boards and the First Amendment," 39 Fed. Comm. L.J. 217, 224-226 (1987). 44Id. at 257. 13 would be unenforceable. Hobbyists could easily "go underground," concealing their activities from regulators.45 Jensen provides one original analogy, what he calls "the BBS as an association,"46 a place where "people from all across the country gather electronically and exchange views, recipes, or epithets, just as would the local Jaycees."47 Citing NAACP v. Alabama,48 he writes, "As an association engaged in speech, a bulletin board is entitled to constitutional protection."49 A slightly different approach to the sysop liability question is taken by Edward Di Cato,50 who discusses a more recent addition to the list of BBS hazards: the distribution of computer viruses.51 Di Cato reaches a familiar conclusion -- that a sysop would be liable only for "recklessly" allowing a computer virus to spread through a 45 Id. at 232-3. 46Id. at 252. 47Id. 48357 U.S. 449 (1958). 49Id. 50E. Di Cato, "Operator Liability Associated With Maintaining a Computer Bulletin Board," 4 Software L.J. 147 (1990). 51A virus is a computer program that is designed to replicate itself by attaching itself surreptitiously to other programs. Viruses may be fairly harmless, perhaps popping up a mischievous message on the screen, or destructive -- erasing files from a hard disk or perhaps scrambling the disk's data irretrievably. 14 BBS.52 He also suggests that sysops could protect themselves by exercising tight control over their BBSs, verifying users' identities before giving them access.53 He further suggests that a disclaimer clearly specifying the responsibilities of users and specifically repudiating sysop responsibility might further protect sysops from liability.54 The sysop liability question has also been tackled by John T. Soma, Paula J. Smith and Robert D. Sprague.55 Their article, however, consists mostly of an extensive survey of "computer crime" laws, engaging in little First Amendment analysis. One commentator reaches a conclusion quite different from most others on the subject of BBS regulation. Robert Beall examines the liability of sysops for the posting of illegally obtained information by phone phreakers.56 In asking which model of media law will apply, Beall forces a choice between the laws covering newspapers or the laws 52Di Cato, supra note 50, at 155. 53Id. at 156. 54Id. at 157. 55J. Soma, P. Smith, R. Sprague, "Legal Analysis of Electronic Bulletin Board Activities," 7 W. New Eng. L. Rev. 571 (1985). 56R. Beall, "Developing a Coherent Approach to the Regulation of Computer Bulletin Boards," 7 Computer/Law Journal 499 (1987). 15 covering telephone service;57 he ends up choosing elements of each. He agrees with other commentators that a sysop may not be liable without affirmative involvement in the illegal activity.58 While he seems to favor strong First Amendment protection for BBSs, he is not satisfied with the resulting lack of protection against phreaking activity. He therefore proposes a full-fledged system of licensing of BBSs by the FCC, with licensees required to adhere to certain rules in order to retain or renew their licenses.59 However, he would rely upon the private sector for enforcement of these rules; telephone companies, for instance, would be expected to monitor BBSs for stolen credit card numbers.60 Besides the BBS, the only other related communication media that have received significant attention in the legal literature are the similar technologies of teletext and videotex. Teletext is a form of electronic text delivered by television stations to subscribers' TV sets, either via broadcasting or cable hookups but as part of a conventional television signal. Teletext presents a series of pages, or frames, of text, from which the subscriber may select using a special keypad.61 Videotex is a similar service, 57Id. at 509-10. 58Id. at 504-5. 59Id. at 513-15. 60Id. at 516. 61Freedman, supra note 7, at 689. 16 delivered to customers' TV sets via telephone lines.62 Neither service has been implemented on a large scale in the United States, but despite their obscurity, they have received much attention from legal commentators. Jeffrey Hurwitz devotes his attention to teletext, particularly broadcast teletext.63 He suggests that the FCC's 1983 decision not to regulate teletext -- reasoning that it is an "ancillary service" not subject to the regulations applied to regular TV programming -- was incorrect.64 Teletext, like traditional broadcasting, he felt should be content regulated -- subject to the Fairness Doctrine,65 the "equal opportunity" rule and the "reasonable access" rule.66 Exempting teletext from such content regulations provides an easy avenue for circumventing the purpose of such regulations as applied to broadcasting, he writes.67 Perhaps most troubling, however, is his argument that the FCC, more than anything else, has simply misconstrued the clear language of the statutes and 62Id. at 735. 63J. Hurwitz, "Teletext and the FCC: Turning the Content Regulatory Clock Backwards," 64 Boston Univ. L. Rev. 1057 (1984). 64Id. at 1057. 65The Fairness Doctrine, no longer FCC policy, was still applied to broadcasters when Hurwitz wrote his article. 66Hurwitz, supra note 63, at 1083. 67Id. at 1098. 17 regulations in question.68 Hurwitz's arguments suggest that the existing statutes could pose a threat to the freedom of computer communication. Another writer, Richard Hindman, has a markedly different view of teletext.69 "The first amendment," he writes, "protects the right of every person to participate in the marketplace of ideas."70 Most of Hindman's article is devoted to an analysis of a consent decree that currently bars telecommunications giant AT&T from entering the teletext business.71 However, Hindman's comments about the First Amendment issues underlying teletext regulation are insightful: The history of broadcast and cable regulation suggests that as new communication technologies become available Congress and the courts will fail to fully comprehend how the first amendment limits government authority to regulate. In fact, at first, the courts will attempt to characterize users of the new medium as someone other than a speaker entitled to full first amendment protection or, as a speaker entitled to some lessor [sic] protected right.... [U]ntil a new technology becomes familiar in its own right, courts generally attempt to impute the regulatory baggage of an existing medium, leaving unresolved the difficult constitutional issues.72 68Id. at 1083-1094. 69R. Hindman, "The Diversity Principle and the MFJ Information Services Restriction: Applying Time-Worn First Amendment Assumptions to New Technologies," 38 Catholic Univ. L. Rev. 471 (1989). 70Id. at 471. 71U.S. v. AT&T, 552 F.Supp. 131 (D.C. Cir. 1982). 72Id. at 494-5. 18 Lynn Becker, in her survey of the confused state of the law regarding teletext and videotex, agrees that the technology of delivery should not be the decisive factor in deciding its regulatory status.73 "A preferable alternative," she writes, "would be to view all electronic publishing as a single communications medium regardless of the method of transmission.... The basis for distinguishing between typeset and electronically transmitted communications is not viable in 1985. The regulatory underpinnings are without merit."74 Instead, she calls for the design of a new legal framework designed to accommodate the new media and to recognize their true nature. "[T]he new media must be viewed according to their function rather than through their methods of distribution.... When viewed in this manner, the regulatory mandate is clear: Congress shall make no laws abridging ... the freedom of the press."75 What conclusions emerge from this body of literature? It is clear that analogy to older media has been the method of choice for deciding the legal status of computer communication, whether BBS, teletext or videotex. Almost every author divides existing media into regulatory 73L. Becker, "Electronic Publishing: First Amendment Issues in the Twenty-First Century," 13 Fordham Urban L.J. 801 (1985). 74Id. at 866. 75Id. at 868. 19 categories, generally classifying print media as most immune to regulation but most vulnerable in liability cases and common carriers as most regulated but generally immune to liability, with broadcasters in the middle. With only a couple of exceptions -- Beall's scheme of licensing BBSs and Hurwitz's argument in favor of content regulation for teletext -- the authors are opposed to governmental regulation of electronic publishing. However, the authors devote themselves to answering narrow questions, questions either of BBS sysop liability or of the regulatory status of two obscure technologies, teletext and videotex. In the literature there seems to be agreement on several specific questions. First, BBS sysops should be held liable for messages on their boards only when they are in some way involved with or aware of the illegality. Second, a new legal framework may be necessary to accommodate these media. And third, the First Amendment does apply to computer-based communication. Missing from most of the literature is recognition of a serious First Amendment threat or an attempt to discover the specific sources of that threat. With the exception of De Sola Pool's forward-looking book and Katsh's philosophical article, most authors seem to perceive only technical legal difficulties. While most authors conclude, or even assume, that the First Amendment applies to computer communication, they do not seem to see implications for the mainstream of First Amendment law. Computer-based communication is 20 portrayed either as something still far in the future or as a "niche" medium of interest only to computer hackers and scientists. It is depicted as only peripheral to the speech the First Amendment is intended to protect. In fact, however, such electronic communication is in use today by a vast number of people with diverse interests, using inexpensive and readily available technology. It is already a significant and important forum for speech on almost every conceivable topic. The way in which this medium is used indicates that it is not peripheral to First Amendment "core speech." It should be considered in the mainstream of First Amendment-protected expression. If computer-based media are to become a dominant channel for information delivery in the future, it is vitally important that the decisions made today regarding the treatment of these media be the right ones. Objectives Objectives Objectives Perceptions of a threat to the First Amendment freedoms of computer-based communication have come not from codified policies -- of which there are few -- but from de facto policies emerging from an unsettled and chaotic area of law. These de facto policies are, in turn, the product of precedent-setting events such as the Craig Neidorf and Steve Jackson cases and other controversies of 1990. Krasnow, Longley and Terry, in their book The Politics of Broadcast Regulation, begin their analysis with the idea 21 that "there is no such thing as 'government regulation'; there is only regulation by government officials."76 In other words, particularly with a medium as new as this one, attention is best directed not toward codified regulations but rather toward the attitudes and agendas of the people who will create them -- people both in and out of the government. The legal treatment of any new technology will ultimately be a product of political pressures, different players with different agendas pushing in different directions. The result will depend upon whose voice is heard most strongly. The embryonic field of computer-communication law is characterized by several different facets of government and the private sector influencing policy formation. These include Congress, which has responded primarily to economic pressures related to computer crime, but has passed statutes incidentally affecting computer communication; the courts, which only recently and at the lowest levels have been asked to recognize constitutional protection for computer communication; and law enforcement agencies, which have caused the most visible controversies by enforcing computer crime laws zealously and without evident regard for free speech. Other entities exerting an influence on the policymaking process include the computer-user community, 76Krasnow, Longley, and Terry, The Politics of Broadcast Regulation 9 (citing Loevinger, The Sociology of Bureacracy, 24 Business Lawyer 9 (1968)) (3d ed. 1982). 22 particularly the "computer underground" and the hacker subculture, which have been the focus of the recent controversies; and the Electronic Frontier Foundation, a political action group founded to protect the civil liberties of computer communicators. This thesis will examine the political development of de facto policies affecting the First Amendment freedoms associated with computer-based communication, particularly during the important events of 1990. It will examine the legislative history of the relevant federal statutes and the events surrounding the important cases, including those of Craig Neidorf and Steve Jackson, and the Secret Service's "Operation Sun Devil," and attempt to identify the roles of the major players in this process. Research Questions and Methodology Research Questions and Methodology Research Questions and Methodology The specific research questions addressed by this thesis are: 1) Does a threat to the freedom of computer-based 1) Does a threat to the freedom of computer-based 1) Does a threat to the freedom of computer-based communication represent a threat to the core meaning of the communication represent a threat to the core meaning of the communication represent a threat to the core meaning of the First Amendment? First Amendment? First Amendment? In order to answer this question, this thesis will first explore the nature of computer-based communication as it is used today. After an overview of the technology that makes such communication possible, it will examine the way in which this medium is used. It will demonstrate that computer-based communication is a vital and important 23 medium, and that users of this medium are members of a community engaged in "core speech" deserving of the highest constitutional protection. 2) Who are the important players involved in the 2) Who are the important players involved in the 2) Who are the important players involved in the controversies of 1990 and the formation of computer- controversies of 1990 and the formation of computer- controversies of 1990 and the formation of computer- communication policy and what are their roles? communication policy and what are their roles? communication policy and what are their roles? The thesis will then examine in detail the important cases of 1990 and the events surrounding them in an attempt to discover the role of each major player involved. The players themselves will be identified, and the contribution of each will be evaluated. This will include an exploration of the legislative history of the statutes involved in these cases, as well as factual accounts from news media and other sources of the events surrounding the 1990 controversies. Source documents, including legislative debates, indictments, written court opinions, search warrant affidavits, briefs and policy statements will provide insight into the motives and objectives of each player. 3) Based upon the roles of the players involved, what is 3) Based upon the roles of the players involved, what is 3) Based upon the roles of the players involved, what is the general direction of the law? the general direction of the law? the general direction of the law? From this analysis should emerge an overall picture of the regulatory atmosphere, the degree of the First Amendment threat and what the future may hold for these new media. Organization Organization Organization Chapter Two will describe the technological foundation of today's computer-based communication media in order to 24 define terms and concepts important to this topic. It will briefly describe the way in which these media are used, in order to establish that a genuine outlet for First Amendment-protected speech is involved. It will also introduce the culture of computer hackers, which plays an important part in events described later. Chapter Three will examine the legislative history of the computer crime laws that served as the authority for the hacker crackdown of the late 1980s and 1990. This chapter will study the role of Congress as a regulatory player and will also reveal the early involvement of two other players that figure prominently in later events: computer hackers and law enforcement. Chapter Four will discuss in detail the major cases of 1990 and the surrounding events that have been the focus of the recent controversies over First Amendment freedoms and computer communication. These events demonstrate the involvement of four important players in this regulatory process: computer hackers, law enforcement agencies, the courts and the Electronic Frontier Foundation. Chapter Five will summarize and discuss the preceding material and will attempt to identify the direction of the law based upon the roles of the involved players. Limitations Limitations Limitations Some legal aspects of this new communication technology, while important, will not be included in this thesis. 25 First, any examination of computers and civil liberties seems to include a discussion of privacy. Computers provide new ways of collecting and retrieving information about individuals, and many civil libertarians see this use of computers as a threat to privacy. However, privacy law will not be a part of this thesis. Second, the communication of data by electronic transmission introduces a host of new and difficult questions of copyright and patent. While these questions are intriguing, they could themselves be the basis of another thesis. While the law of intellectual property plays a part in some of the cases involved in this area, extended discussion of copyright or patent law is beyond the scope of this thesis. Third, where this thesis discusses computer-crime laws, it will limit such discussion to the federal statutes involved in the hacker-crackdown controversies of 1990. Consequently, state computer-crime laws, of which there are many, will not be discussed. A Note About Sources and Citations A Note About Sources and Citations A Note About Sources and Citations Because of the nature of this topic, a large number of the sources used in this thesis are themselves electronic publications, or are source documents made available through electronic means. Citation of such documents is problematic, as conventional citation forms are not readily adaptable to nonprinted sources. In this thesis, citation 26 of an electronic document will provide complete identification of the publication and the source through which it was obtained. Because electronic publications do not generally have page numbers, citation to a specific passage in an electronic document will give the line number in the file. 27 CHAPTER TWO: CHAPTER TWO: CHAPTER TWO: The Net The Net The Net This chapter will explore the nature of today's computer- based media, both technological and cultural, in order to lay the foundation for the discussion that follows. The first section will describe the technological foundation of computer-based communication. In order to understand many aspects of this topic, and to appreciate the culture of computer users, it is necessary first to understand the media through which communication takes place. Such an understanding requires a certain amount of technical explanation. However, the minute technical details of computer networking are less important than an appreciation of the vast variety and immense power of the technology. The second section will examine the way in which these media are used today. This will include general descriptions and examples of the types of communication that take place via computer-based media. The final section will be a brief introduction to the culture of computer hackers, a group that has played a continuing and important role in the development of policy in this area. The Technology The Technology The Technology1 Several kinds of technological media exist through which computer-based communication takes place. These can generally be grouped into three categories: the computer bulletin board system (BBS), the online information service and the computer network. There is considerable overlap between these categories, and within each category there is much variation in implementation. Nonetheless, meaningful distinctions can be made between these types of systems and the way in which they operate. Bulletin Board Systems (BBSs) Bulletin Board Systems (BBSs) Bulletin Board Systems (BBSs) At the low end of the technological and economic scale is the computer bulletin board system or BBS. Typically, a BBS is operated on a single personal computer, often in a spare bedroom or corner of the home of the system operator (sysop). Such a BBS is usually operated strictly as a hobby, and no fee is charged for access (though some BBSs may charge a small fee to help defray costs). The only equipment required to operate a BBS is a computer, BBS software,2 a modem and a telephone line. In some cases the 1Much of the information in this section comes from the author's own experience. Where this information has been supplemented by external sources, or where such sources might provide additional useful information, citations are given. 2BBS packages include TBBS (The Bread Board System), Wildcat! and Searchlight. Many BBS packages are shareware (see infra note 7), bringing the cost of operating a BBS even lower. 29 BBS will not even have its own telephone line but will share the sysop's home or business line (and consequently may be available only during certain hours). The idea of a computer system publicly available for posting messages goes back at least to 1973 when a project called Community Memory went online in San Francisco. A project of a group of progressive computer enthusiasts, Community Memory was a system consisting of a mainframe3 computer connected to a dedicated teletype terminal placed in a record store (a second terminal was added later). The system functioned much like the message base of a modern BBS, allowing anyone who wanted to use it to leave a message that could be viewed by others.4 The first true BBS appeared in January of 1978 when two members of a Chicago computer club called CACHE (Chicago Area Computer Hobbyist Exchange) came up with the idea of using a computer to help the club members share information that had previously been posted on a real bulletin board. The system, called the CACHE Bulletin Board System/Chicago or CBBS/Chicago, was strictly a message board and ran on 3A mainframe is a large computer with abundant processing power. The term is usually used to distinguish such large computers from personal computers such as the IBM PC or the Apple Macintosh. Technically, before the advent of such small computers in the late 1970s, all computers were mainframes. See Freedman, The Computer Glossary 434 (4th ed. 1989). 4S. Levy, Hackers 155-58, 167-80 (Paperback ed. 1984). 30 software the two men, Randy Seuss and Ward Christensen, designed over a weekend. The program was freely distributed and widely adapted, and before long BBSs sprang up all over the country.5 Today, many different BBS software packages offer different features, but certain functions are common to virtually all BBSs. After logging on to the BBS by providing a user name and a password,6 a caller is usually presented with a menu of BBS functions from which to choose. These generally include bulletins, electronic mail (e-mail), message areas, file downloads and perhaps other features such as online games. Bulletins, e-mail and the message areas are all forms of electronic communication between BBS users. Bulletins are text files, usually prepared by the sysop and usually containing information about the operation of the BBS itself. They inform the user of BBS rules and regulations, the history of the BBS, scheduled down time and other 5Petersen, "Whether for Gabbing or Gobbling Facts, Computer Bulletin Board Systems Have Taken Wing," Chicago Tribune, Mar. 16, 1989, at sec. 5, p. 2; Balz, "Signing On to the World of Computer Bulletin Boards," Chicago Tribune, May 30, 1986, at 53. 6The user name or user ID may be the caller's real name or a "handle." Systems that allow handles will usually also require the user to provide his real name so the sysop can verify his identity, even though the handle may be all that other users will see. The password, chosen by the user, is the BBS's primary means of maintaining security. Users are usually advised to select a password that would not be easy to guess and not to write the password anywhere. 31 information of general interest. Bulletins are often displayed automatically to first-time callers, and some BBSs require that callers read certain bulletins before full access is granted. E-mail is a private form of communication between two users. An e-mail note will be addressed to a specific person, using that person's user name, and will not be visible to anyone else (except perhaps the sysop). When the user to whom the note is addressed logs on, he will usually be notified right away that he has mail waiting. He can then read any e-mail notes waiting for him and reply if he chooses to. The heart of most BBSs is the "message base." Generally, a BBS will have a number of message areas divided by topic. Unlike e-mail notes, these messages are visible to any caller. These message areas are public discussion forums where any reader is free to jump in at any time. In addition to these forms of communication, information may also be published via the file download section. Ordinarily, a BBS's file collection consists mostly of public-domain and shareware7 software, but it may also 7Shareware is a method of software distribution in which copies of a software product may be freely distributed through BBSs and other means, allowing users to try the software before deciding to buy it. If the user chooses to continue using the software beyond a certain trial period, he is expected to register it by sending a fee to the program's author. In exchange for registering, the user will typically receive printed documentation, upgrade 32 contain text files. These files might be extracts from threads8 in the message areas, instructional articles, electronic newsletters, fiction, poetry or virtually any other form of written material. Information Services Information Services Information Services Similar in concept to the BBS, but very different in scale, is the online information service. Unlike most BBSs, the information service is a commercial enterprise, operating on a subscription or membership basis and charging a fee for access, usually an hourly rate. Such a service is much larger than a BBS, operating on a mainframe computer (or even an array of mainframe computers). Furthermore, the information service supports hundreds or even thousands of simultaneous callers and is available nationally, or even internationally, through local telephone calls. Major online information services in the United States include CompuServe, Prodigy, GEnie, The Source and BIX. Of these, the largest and most familiar is probably CompuServe, a subsidiary of H&R Block. CompuServe has over half a notices, technical support and perhaps a more fully functional version of the software. 8A thread is "a more or less continuous chain of postings on a single topic." Online Jargon File, version 2.9.6 (distributed via the Internet, Aug. 16, 1991), at line 15707. 33 million members9 who pay an hourly rate ($12.50 in 1991) to use the service. Like a BBS, CompuServe features e-mail, file libraries and message areas organized by topic. However, these areas are so large and so numerous that books exist for the sole purpose of helping one navigate them. CompuServe also offers many special online services (some of which cost an additional surcharge); users can make airline reservations, search online databases, invest in the stock market and shop in an "electronic mall" while online.10 Other online information services offer similar assortments of services. The Internet and Usenet The Internet and Usenet The Internet and Usenet In terms of the number of users and the volume of traffic, the largest component of the online community is probably the international network of mainframe computers generally referred to as the Internet. Originally called ARPANet, this "network of networks" was originally developed in 1969 by the U.S. Defense Advanced Research Projects Agency (DARPA) to connect university computers to one another. The first national computer network, it was intended as a means of sharing resources among academic researchers. During its first year the network had only 9CompuServe Inc., CompuServe Information Manager Users Guide 2 (1989). 10See Compuserve Inc., Compuserve Almanac (5th ed. 1989). 34 four nodes,11 a number that grew to 25 by 1973. By the 1980s, however, the network had begun to grow exponentially, and as access became more widely available its usage broadened to include general-purpose communication.12 As of July 1991, 535,000 nodes were connected to the Internet.13 Estimates suggest that the network serves as many as two million individual users.14 Connected to the Internet is another international network, the diverse and vital Usenet. Usenet is a "volunteer" network in that it has no central authority or governing body. The only requirement for operating a Usenet node is finding another node willing to provide a connection.15 Usenet began as the idea of two students at Duke University in 1979, and the first two Usenet sites were 11A node is "a computer system used as a junction or connection point in a communication network." Freedman, supra note 3, at 482. In simple terms, a node is simply one of the computers connected to a network. In the case of the Internet, however, an individual node may actually be a gateway to another entire network. See infra note 24. 12Hafner and Markoff, Cyberpunk: Outlaws and Hackers on the Computer Frontier 278-80 (1991). 13"ACM Forum," Communications of the ACM, Nov. 1991, at 21-22 (letter from Mark Lottor, SRI International, Network Information Systems Center). 14Hafner and Markoff, supra note 12, at 280. 15Cerf, "Networks," Scientific American, Sept. 1991, at 50. 35 called unc (at the University of North Carolina) and duke.16 As of October 1991 Usenet had an estimated 40,000 sites and served 1,902,000 active users.17 Usenet provides e-mail services as well as a set of public discussion forums called newsgroups. A newsgroup is simply a series of messages, called articles, related to a particular topic. A user with access to Usenet can post an article to a newsgroup, and that article will then be propagated to all other Usenet sites carrying that newsgroup. Although there is no authority mandating adherence to any rules regarding newsgroup administration, a set of conventions has emerged regarding the creation of newsgroups and their arrangement within standard hierarchies. Any newsgroup created without adherence to these conventions is unlikely to be carried by other sites.18 The standard newsgroup hierarchies include, among others, rec, for recreational topics; comp, for computer-related 16Each node on a network must have a unique name to identify it. This name is used as part of the network addressing used to route e-mail and other data to the node. Network convention is to give the name of a node in lower case. 17Usenet Readership Summary Report for October 91 (text file distributed via Usenet, Nov. 2, 1991). 18G. Spafford, What Is Usenet? (text file distributed via Usenet, Sept. 9, 1991), at line 243. 36 topics; and soc, for social topics.19 Hence a newsgroup for discussing dogs is called rec.pets.dogs. There are also a number of "alternative" newsgroup hierarchies that do not generally follow the standard rules, but are nonetheless carried by a large number of systems (though not universally).20 Other national or international mainframe networks include Bitnet, which connects educational institutions, and Milnet, which connects American military installations. BBS Networks BBS Networks BBS Networks In addition to the nationwide (and worldwide) mainframe networks, the 1980s also saw the emergence of several networks connecting small BBS systems to one another. The oldest and largest is FidoNet, which began as a pair of BBSs in Baltimore that had the capability of exchanging messages. As other systems were added, it grew into a nationwide network.21 Today FidoNet has more than 11,000 nodes.22 A caller to a FidoNet BBS will usually find two different groups of message areas. One contains the local message 19G. Spafford, List of Active Newsgroups (text file distributed via Usenet, July 25, 1991). 20G. Spafford, Alternative Newsgroup Hierarchies, (text file distributed via Usenet, Sep. 9, 1991). 21Dvorak and Anis, Dvorak's Guide to PC Telecommunications 96-7 (1990). 22"FidoCon91 -- 408 Attend Biggest BBS Bash Ever," Boardwatch Magazine, Oct. 1991, at 13. 37 base, those messages available only to callers of the same BBS. The other area contains the FidoNet message areas, or echoes, which are the messages shared through the FidoNet network. Generally, a FidoNet BBS will go offline once per day, usually at night, and during that time will connect to neighboring FidoNet boards. The BBSs will exchange messages, and in that way a message posted to a FidoNet echo will eventually be propagated to every FidoNet board. Other BBS networks include Alternet, Eggnet and PCBoard.23 Gateways Gateways Gateways As systems become more interconnected, the distinctions between BBSs, information services and national networks become less important to the user. Today gateways24 exist between virtually all of these networks and information services. A user with an account on any of these systems, therefore, can send electronic mail through these gateways to a user on any of the others. A CompuServe subscriber, for instance, can address an e-mail message in such a way that it will be transmitted through an Internet gateway to a FidoNet node. 23Dvorak and Anis, supra note 21, at 100. 24A gateway is "a computer that connects two different communication networks together. The gateway will perform the protocol conversions necessary to go from one network to the other." Freedman, supra note 3, at 307. 38 The effect of this is the creation of a single, vast network, connecting users from all walks of life and virtually every geographic location. Indeed, many users do not distinguish between the Internet, Usenet and other networks; instead, the entire global complex of interconnected computer networks is often referred to simply as "The Net."25 A computer hobbyist with an account on a FidoNet BBS or a privately-owned Usenet node can participate in an online community populated by scientists, college students, professionals, government employees and others across the globe. This virtual world,26 existing not in physical space but in the electronic realm of computer networks, is sometimes called cyberspace.27 The Culture The Culture The Culture Originally, mainframe networks such as the Internet were created to provide a means by which scientists could share technical information.28 Likewise, BBSs originally existed to provide specialized groups of people with a medium through which they could exchange information. But the way 25E.g., Godwin, "The First on a New Frontier," The Quill, Sept. 1991, at 19. 26In computer science, virtual describes a "simulated or conceptual environment and, as a result, may refer to 'virtually' anything." Freedman, supra note 3, at 735. 27Hafner and Markoff, supra note 12, at 9. 28Id. at 280. 39 in which these media are used today goes far beyond mere information sharing. Instead, computer networks and the systems they comprise have become a means of association, a community not bound by geography. In this virtual community, people from all over the world meet and associate with others who share their interests, all without ever seeing one another. Naturally, much of the discussion that takes place through these media is on the subject of computers. But a surprising amount is nontechnical in nature. On Usenet, for instance, none of the five most popular newsgroups are computer-related.29 Instead, Usenet newsgroups provide a forum for discussing sex, Star Trek, movies, Indian culture, cooking, politics, law, country music, and any other topic of enough interest to inspire the creation of a newsgroup.30 A thread on a Usenet newsgroup might begin with an article like this one from rec.music.country.western: From: uuwayne@venus.lerc.nasa.gov (Wayne Stopak) Newsgroups: rec.music.country.western Subject: Keith Whitley Date: 7 Nov 1991 12:44 EDT 29The five most popular newsgroups as of October 1991 were alt.sex, rec.humor.funny, misc.jobs.offered, rec.humor and rec.arts.erotica. Top 40 Newsgroups In Order By Popularity, text file distributed via Usenet, November 2, 1991. 30As of July 25, 1991, there were 569 newsgroups in the standard hierarchies, as well as 655 in "alternative" hierarchies, for a total of 1,224. Spafford, supra notes 19 and 20. 40 I have only been listening to country music for a little while now on W.G.A.R. in Cleveland. They play some Keith Whitley that I like, namely, I'M NO STRANGER TO THE RAIN and DON'T CLOSE YOUR EYES. I know that he is no longer alive. Does anyone know when or how he died? How old was he?31 To which the following response might appear: From: warnock@nssdca.gsfc.nasa.gov (Archie Warnock) Newsgroups: rec.music.country.western Subject: Re: Keith Whitley Date: Fri, 8 Nov 1991 14:15:00 GMT <'scuse me, guys - I'll handle this...> Keith died of alcohol poisoning in May of 1989 at the age of 34. "Don't Close Your Eyes" was the song of the year for 1988, and just a glimmer of what we'd have gotten from him, had he lived.32 Of course, Usenet newsgroups are not limited to recreational topics. Many newsgroups are devoted to political discussions,33 as shown by these examples from two threads in the newsgroup talk.politics.misc: From: enbal@tamu.edu (James L. Heilman) Subject: Pat Buchanan and David Duke Date: 18 Nov 91 21:42:06 GMT 31Article posted to Usenet newsgroup rec.music.country.western on November 7, 1991. Newsgroup articles have been edited slightly for cosmetic reasons, but errors in grammar and spelling -- arguably part of the unique flavor of Usenet -- have been left intact. 32Article posted to Usenet newsgroup rec.music.country.western on Nov. 8, 1991. 33These include talk.politics.drugs, talk.politics.mideast, talk.politics.soviet, talk.politics.theory, soc.politics, alt.politics.homosexuality, and others. 41 Newsgroups: talk.politics.misc Given the fact that Pat Buchanan and David Duke will likely run for president, a columnist recently wrote that for George Bush to get elected, he must run to the right of Buchanan and to the left of Duke. Sounds like a Bozo sandwich to me. As to the remarkably high voter turnout in Louisiana, George Will stated on This Week With David Brinkley that the way to increase voter turnout in the U.S. is to run a crook against a Nazi. From: bard@cutter.ssd.loral.com (James Woodyatt) Newsgroups: talk.politics.misc,alt.censorship Subject: Re: Censorship of 'Doonesbury' Date: 19 Nov 91 01:43:37 GMT In article <1991Nov17.014025.527@desire.wright.edu>, demon@desire.wright.edu (Enemy of Totalitarianism) writes: > Great, if you want to play word games, then we'll play along: > Newspapers have every right to censor their publication. > Newspapers are exercising their right to censor their > publication. Newspapers ARE NOT CENRSORING Mr. Trudeau. > In the context of the censorship of Mr. Trudeau, there is no > censorship. He can continue to spout his views, he can talk to > people in the street, pass out leaflets, get published in > sympathetic newspapers, but freedom of speech does not garauntee > access to any and all printed material. It protects individuals > and organizations from being prevented from airing their > views in a public forum, which is not happening to Mr. Trudeau. > He can not force people to listen to him, or to print his views. > Let him start his own newspaper if he wants to repeat lies. Oh, if only it were so bloody simple. It's not. 42 The San Jose Metro wanted to print the strips that the San Jose Mercury News wouldn't run, so they went to United Press Syndicate and told them what they wanted to do. UPS said it was fine with them as long as the Merc, which has exclusive rights to print Doonesbury in the South Bay Area here, signed a waiver allowing the Metro to print the strips that the Merc wouldn't. The Merc refused saying that their intention was to prevent the strip from being read in the South Bay. Tell me with a straight face that is not censorship. It is not illegal. It can be argued that it is not even immoral on its face. But it is certainly censorship. > But they do not send people around to the sources saying "don't > try to publish anywhere else, either". That's why this form of > "censorship" is more commonly known as "editing". The S.J. Mercury News effectively "edited" the strips out of all the papers in the South Bay area.34 The decentralized and uncontrolled nature of Usenet permits disagreements between participants to become quite heated. This is probably exacerbated by the fact that posters may forget social niceties when communication is not face to face. A personal attack on another poster is called a flame, and flaming is one of the hazards of life on the network. 34Articles posted to Usenet newsgroup talk.politics.misc on Nov. 18 and 19, 1991. In a reply to another article, net convention is to place the ">" symbol to the left of quoted passages from the article being replied to. 43 Electronic Magazines Electronic Magazines Electronic Magazines BBS message areas and Usenet newsgroups are propagated to many people and are themselves a form of publishing. But even closer analogies exist to conventional, printed media such as newsletters and magazines. Numerous electronic magazines and newsletters are published regularly and distributed to subscribers via computer. Bitnet, the mainframe network connecting educational institutions, features a number of electronic journals and magazines. These include academic journals covering topics such as computers, psychology, medicine and education; they also include magazines of fiction, music reviews and environmental issues.35 BBSs also feature a number of online publications. Boardwatch, a magazine devoted to news related to BBSs and online services, is published monthly in both printed and online formats; it can be found both on newsstands and on BBSs that subscribe to it. Another magazine, Info-Mat, is published only electronically and covers general computer- industry news. FidoNet BBSs carry Fido News, a newsletter covering FidoNet and BBS topics. 35Bitnet Servers (text file distributed via Bitnet); see also E. Parker, "Computer Conferencing Offers Boundless Geography, Time," Journalism Educator, Winter 1991, at 49. 44 The Hacker Culture The Hacker Culture The Hacker Culture An important subset of the culture of "the Net" is what has been called the computer underground, particularly the "hacker" subculture. Chiefly because of its prominent involvement in cases and controversies that have contributed to the development of policies affecting free speech, this part of the online community warrants special consideration. To discuss computer hackers, it is necessary first to explain what is meant by the term. The word hacker has many different meanings and is used differently by different groups. The online Jargon File, an extensive lexicon of hacker slang distributed via computer networks, defines the word hacker thus: [originally, someone who makes furniture with an axe] n. 1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary. 2. One who programs enthusiastically (even obsessively) or who enjoys programming rather than just theorizing about programming. 3. A person capable of appreciating {hack value}. 4. A person who is good at programming quickly. 5. An expert at a particular program, or one who frequently does work using it or on it; as in 'a UNIX hacker'. (Definitions 1 through 5 are correlated, and people who fit them congregate.) 6. An expert or enthusiast of any kind. One might be an astronomy hacker, for example. 7. One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations. 8. [deprecated] A malicious meddler who tries to discover sensitive information by poking around. Hence 'password hacker', 'network hacker'.36 36Jargon File, supra note 8, at line 8397. 45 The word hacker originated in the early computer labs at MIT in the late 1950s. Originally, it did not even necessarily involve computers but referred generally to a person who derived pleasure from mastering complex technological systems (such as the telephone network or even a subway system). Soon, however, the word came to mean a person who compulsively programmed a computer, usually ingeniously, and did so for its own sake rather than to achieve any goal (other than the program itself).37 More recently, however, the word has most commonly been understood to mean a person who gains unauthorized access to computer systems. This has been the preferred usage in the mainstream media, although in computer-enthusiast circles this meaning is often frowned upon. The word cracker, according to the Jargon File, was coined in the mid-1980s to take this meaning in an attempt to stave off the distortion of hacker brought about by the popular press.38 Cracker is not widely understood outside hacker circles but is used within that culture. To some degree, the ambiguity of the word hacker is unavoidable. The two senses are not mutually exclusive: An "unsavory" hacker (a cracker) is also a hacker in the classic sense, a person who enjoys exploring and mastering 37See generally Levy, supra note 4. 38Jargon File, supra note 8, at line 4725. 46 the complex systems of computers and telecommunications. Therefore, while all hackers might not break into computer systems, it is not generally inaccurate to apply the word hacker to someone who does. Despite the potential ambiguity, this thesis will use the word hacker mainly in its popular sense: a person who, using stolen passwords or other security breaches, gains unauthorized access to a computer system. Most available sources use the word in this sense, and continual shifting of terminology would not be useful. However, it is necessary first to discuss the elements of hacker culture that are common to all hackers, crackers and "classic" hackers alike. In this context, where such distinctions are necessary, the word cracker will be used to specify a hacker who breaks into computer systems. That computer hackers have a culture all their own seems beyond question. The introduction to the Jargon File explains the justification for a lexicon of hacker terminology: The 'hacker culture' is actually a loosely networked collection of subcultures that is nevertheless conscious of some important shared experiences, shared roots, and shared values. It has its own myths, heroes, villains, folk epics, in-jokes, taboos, and dreams. Because hackers as a group are particularly creative people who define themselves partly by rejection of 'normal' values and working habits, it has unusually rich 47 and conscious traditions for an intentional culture less than 35 years old.39 The history and evolution of this culture was traced by Steven Levy in his book Hackers: Heroes of the Computer Revolution (1984). The beliefs and values of the hacker culture Levy summed up in what he called the "Hacker Ethic": Access to computers -- and anything which might teach you something about the way the world works -- should be unlimited and total.... All information should be free.... Mistrust Authority -- Promote Decentralization....40 Ideas such as these help to explain the motivations of modern crackers as they break in to computer systems "just to look around" and attempt to wrest control of large systems away from their owners. More recently Gordon Meyer, a sociology student at Northern Illinois University, examined the social organization of the computer underground.41 Meyer defines the computer underground as including not only hackers (crackers) but also phone phreaks, people who obtain and use unauthorized information about the telephone system, and pirates, people who collect and trade illegitimate copies of 39Id. at line 55. 40Levy, supra note 4, at 40-41. 41G. Meyer, The Social Organization of the Computer Underground, unpublished master's thesis, Northern Illinois University, Aug. 1989. 48 commercial software.42 These groups are related and, especially in the case of phone phreaks and hackers, overlapping.43 While the ethics of hackers and phreakers might be questioned, their attitudes seem clearly descended from Levy's "Hacker Ethic" and motivated not by malice, but by a desire for knowledge: The phone system is the most interesting, fascinating thing that I know of. There is so much to know.... Phreaking involves having the dedication to commit yourself to learning as much about the phone system/network as possible. Since most of this information is not made public, phreaks have to resort to legally questionable means to obtain the knowledge they want.44 Meyer's study demonstrates that the computer underground exhibits characteristics of a loosely organized social group, including association, sharing of information and socialization, all through the media of BBSs and computer networks.45 This degree of contact between individuals, together with the existence of specialized language and conduct, indicate clearly that the computer underground is 42Id. at 25. 43Id. at 28. 44Phreaker quoted by Meyer, id. at 29. 45Id. at 63. 49 truly a culture.46 But this culture is dependent upon computer-based communication for its existence. Conclusions Conclusions Conclusions It is beyond question that this medium falls squarely within the Supreme Court's definition of "the press": "The press in its historical connotation comprehends every sort of publication which affords a vehicle of information and opinion."47 Rather than a "niche" medium of interest only to scientists, or a medium of only potential value to society at large, computer-based communication is used today by countless thousands of people to engage in speech at the very heart of that protected by the First Amendment. Furthermore, the ready availability of the technology means that anyone with a few hundred dollards and the desire to do so can become a "publisher" with a potential audience of vast size. "The new computer-based forums for debate and information exchange," writes attorney Mike Godwin, "are perhaps the greatest exercise of First Amendment freedoms this country has ever seen."48 Unencumbered by the governmental regulation and financial barriers associated 46Id. at 76. 47Lovell v. City of Griffin, 303 U.S. 444, 452 (1938). 48Godwin, supra note 25, at 18. 50 with other media -- few people can afford to own a newspaper or broadcast station -- computer-based communication represents the epitome of a "robust and wide-open" debate.49 It is also a medium that has spawned its own unique culture, and it is that culture's primary means of First-Amendment- protected communication and association. 49"[W]e consider this case against the background of a profound national commitment to the principle that debate on public issues should be uninhibited, robust, and wide-open, and that it may well include vehement, caustic, and sometimes unpleasantly sharp attacks on government and public officials." New York Times Co. v. Sullivan, 376 U.S. 254 (1964), at 270. 51 CHAPTER THREE: CHAPTER THREE: CHAPTER THREE: Hackerphobia Hackerphobia Hackerphobia Recent controversies involving computers and the First Amendment have been the culmination of a conflict that has been building since at least the early 1980s. It was then that the activities of computer hackers first came to the attention of Congress, leading eventually to the passage of laws addressing the perceived problem and opening the door to the kind of zealous prosecution that came later. The important computer crime legislation passed by Congress during the 1980s consisted of the Counterfeit Access Device and Computer Fraud and Abuse Act of 1984, later amended by the Computer Fraud and Abuse Act of 1986.1 The 1984 act, part of an omnibus crime bill, was aimed primarily at credit card fraud, but also established new computer crime offenses. It created several new offenses for unauthorized access to a "federal interest computer"2 resulting in at least $5,000 or more in illegal gains, unauthorized access to classified government data, or unauthorized access to confidential financial data. The 1986 act made some technical adjustments to the wording of 118 U.S.C. S1029, 1030 (1988). 2A federal interest computer is defined in the act as a computer used by the government or a federally insured financial institution or a computer used in committing an offense involving computers in more than one state. 18 U.S.C. S1030(e)(2) (1988). these offenses and added two new ones: one for "malicious damage" involving access to a federal interest computer, and one proscribing trafficking in stolen passwords. These laws only incidentally affected free speech by providing law enforcement agencies with broad new authority to prosecute computer crime. In order to understand whether that authority has been abused, it is necessary first to identify Congress's intentions. By examining the committee hearings held throughout the 1980s on the subject of computer crime, this chapter will identify the attitudes and concerns that contributed to these computer crime laws. It will examine the roles not only of the legislators themselves, but also of witnesses from the industry, law enforcement community and hacker culture. Government Takes Notice Government Takes Notice Government Takes Notice The number and variety of information services and other forms of computer-based communication available in this country suggest a vigorous and almost totally free medium of expression. But this freedom has been the freedom of a frontier -- only fairly recently have government regulators begun to notice what goes on in the virtual world. Writer John Perry Barlow (a cofounder of the Electronic Frontier Foundation) has drawn comparisons between the "electronic frontier" of cyberspace and the Old West: 53 Cyberspace, in its present condition, has a lot in common with the 19th Century West. It is vast, unmapped, culturally and legally ambiguous, verbally terse (unless you happen to be a court stenographer), hard to get around in, and up for grabs. Large institutions already claim to own the place, but most of the actual natives are solitary and independent, sometimes to the point of sociopathy. It is, of course, a perfect breeding ground for both outlaws and new ideas about liberty.3 It was only a matter of time before government at some level became interested in the activities associated with computer communication. In the words of policy analyst Eli Noam, "The problems involving the increased computerization of society are somewhat analogous to those that occurred with the advent of the automobile. The car was a wonderful thing until we discovered that it produced something called pollution. Then we had to do something about it, or we were going to choke on its fumes."4 In the case of computer communication, the "pollution" that first drew the attention of regulators was computer hacking. WarGames WarGames WarGames Widespread public awareness of computer hacking can be traced to 1983 and the release of the movie WarGames, which tells the story of David Lightman, a high-school student who breaks into a military computer and nearly starts World War 3Barlow, "Crime and Puzzlement," Whole Earth Review, Fall 1990, at 45. 4Daly, "Group Tries Taming 'Electronic Frontier,'" Computerworld, Mar. 25, 1991, at 77. 54 III.5 Lightman, trying to reach a game company's system, accesses a fictitious Defense Department computer called the WOPR (War Operations Planned Response, pronounced "whopper"), which has just been given direct control of the nation's nuclear missiles. Playing what he thinks is a game, Lightman initiates a program that brings the world to the brink of nuclear war. The movie, while entertaining, depicts events ranging from highly unlikely to utterly impossible -- in the words of one expert, "nothing more than very interesting fantasy."6 Despite its implausibility, however, the movie contributed to a heightened awareness of computer security issues.7 Only months after the release of WarGames, the FBI, with much publicity, arrested a group of young computer hackers from Minneapolis who called themselves the 414s (after their telephone area code). Over the course of several months, they had broken into numerous computer systems ranging from military computers at the Los Alamos National Laboratory to 5MGM/UA 1983. 6Computer and Communications Security and Privacy: Hearings Before the Subcommittee on Transportation, Aviation and Materials of the Committee on Science and Technology, House of Representatives, 98th Cong., 1st Sess. (1983) (statement of Stephen Walker, president, Trusted Information Systems, Inc.) 7See, e.g., McLellan, "The Hacker's Bane," Inc., Dec. 1983, at 55; Heins, "Foiling the Computer Snoops," Forbes, Nov. 21, 1983, at 58. 55 a medical records system at the Memorial Sloan-Kettering cancer research hospital.8 The hackers had apparently been inspired at least partly by WarGames, although their activities had begun prior to the film's release.9 They had done no damage to most of the systems they had infiltrated, though files were erased on a few. Certainly no real danger of the sort depicted in WarGames ever existed.10 Nonetheless, the arrests seemed to confirm the fears that movie had created. The cumulative effect of WarGames and the arrests of the 414s was to catapult hacking into the public eye. It seemed that hacking -- which had, in one form or another, been around for decades -- was no longer as harmless as it may once have been. Society's increasing dependence on computers was a new vulnerability. Arizona prosecutor Gail Thackeray, a key player in the later Operation Sun Devil, returned to the Old West analogy to describe this feeling: Out here in the Wild West, when it was just a few settlers on the land, frontier justice had its place.... You could rustle up wild horses, have Saturday night shoot-'em-ups, do whatever you wanted. But as the West became more settled, there were still a few guys who wanted to go out 8See, e.g., Markoff, "Teen Hackers' Antics Prompt House Hearing," InfoWorld, Nov. 7, 1983, at 26; DeWitt, "The 414 Gang Strikes Again," Time, Aug. 29, 1983, at 75. 9Gillard and Smith, "Computer Crime: A Growing Threat," Byte, Oct. 1983, at 398. 10See, e.g., Alpern and Lord, "Preventing WarGames," Newsweek, Sep. 5, 1983, at 48. 56 and have shoot-'em-ups on Saturday night. But now they also wanted to shoot at the telegraph poles. And as the shooters began to attack things the community valued, the community acted to protect its rights.11 It was not long before Congress responded to this sudden awareness of the threats of hacking in a computer-dependent society. Several committees in the House of Representatives and the Senate began holding hearings on computer crime.12 All shared a recognition of the pervasiveness of computers in American society and the drawbacks associated with that pervasiveness, as illustrated by Rep. Dan Glickman's (D- Kansas) remarks at one of the earliest hearings, in the fall of 1983: We are in an era where we cannot live without computers. Now, of course, we must learn to live with them. But have we lost control? Have we created a monster? Are we, in effect, the modern- day Dr. Frankenstein? Do we have a technical problem or is there an ethical problem? And I suspect the answer is probably both.13 11Bromberg, "In Defense of Hackers," The New York Times Magazine, April 21, 1991, at 45. 12These included the Subcommittee on Civil and Constitutional Rights and the Subcommittee on Crime of the House Judiciary Committee, the Subcommittee on Transportation, Aviation and Matterials of the House Committee on Science and Technology, the Subcommittee on Health and the Environment of the House Energy and Commerce Committee, and the Subcommittee on Oversight of Government Management of the Senate Governmental Affairs Committee. 13Computer and Communications Security and Privacy, supra note 6, at 2. 57 To illustrate the danger, the subcommittee then proceeded to watch an excerpt from WarGames.14 When that subcommittee issued its report a few months later, among its findings were that computers were pervasive in American society; that they represented "assets of incalculable value"; and that their vulnerability presented "a problem of national significance."15 But its recommendations were not drastic: It suggested that Congress charter a national commission to gather more information on the subject and to ultimately recommend a policy framework.16 And seemingly recognizing that more was at stake than just computer crime, the report said that the commission should consider not only the vulnerabilities of "critical national systems," but should also take into account "the implications of technological innovation on government, society and the individual."17 The Subcommittee on Civil and Constitutional Rights of the House Judiciary Committee held a hearing in late 1983 to explore the question of whether a federal law would be an 14Id. at 13. 15Computer and Communications Security and Privacy: Report Prepared by the Subcommittee on Transportation, Aviation and Materials, Transmitted to the Committee on Science and Technology, House of Representatives, 98th Cong., 2d Sess. (1984), at 1. 16Id. 17Id. 58 appropriate remedy to this potential epidemic of computer crime.18 Rep. Glickman advised the committee members that the subject was more complicated than they thought, though he stopped short of suggesting a First Amendment problem: [This subject] goes far beyond the issue of whether there ought to be a Federal crime against accessing illegally a computer of somebody else's system. It involves privacy issues, it involves management questions both in the private sector and in the Federal Government.... I would tell you that with technology changing so dramatically, electronic mail, a variety of things, I would just urge you to be somewhat cautious in how you proceed in this area.19 The onward march of technology was at the heart of the problem: It was evident that the government was ill-equipped to deal with a technology it didn't understand. Rep. Dan Mica (D-Florida) reported that the committee's legislative drafting service was having difficulty drafting a computer- crime bill because it didn't have any attorneys knowledgeable about computers.20 "We have to grope and we have to patch and paste from [existing law], and there isn't much," he said. "It is all new ground."21 18Computer Crime: Hearing Before the Subcommittee on Civil and Constitutional Rights of the Committee on the Judiciary, House of Representatives, 98th Cong., 1st Sess. (1983). 19Id. at 3. 20Id. at 10. 21Id. 59 "Falling Through The Cracks" "Falling Through The Cracks" "Falling Through The Cracks" What were the objectives of legislators as they approached this new form of crime? Why did they feel that a new federal law was called for? The basic idea seemed to be that computer criminals would somehow "fall through the cracks" between existing laws covering fraud, theft and embezzlement.22 Rep. Bill Nelson (D-Florida) summed up the concern: [T]here is [a] new kind of criminal that is lurking in the shadows of criminal activity. He is a highly sophisticated criminal. He is a high- technology criminal, and he is one who, when faced by the Nation's prosecutors, often find they do not have the adequate tools to prosecute.23 Support for this statement, however, seemed lacking. Prosecutors at several hearings testified about their experience with computer crime, and universally, they had succeeded in prosecuting every case they had pursued. An FBI witness listed crimes committed by computer in terms of the existing statutes under which they were already being prosecuted: wire fraud, interstate transportation of stolen property, bank fraud and embezzlement, destruction of government property, and theft of government property.24 22Computer Crime, supra note 18, at 3-5. 23130 CONG. REC. H7632 (daily ed. July 24, 1984) (statement of Rep. Nelson). 24Id. at 24 (statement of Floyd I. Clarke, Deputy Assistant Director, Criminal Investigative Division, Federal Bureau of Investigation). 60 "We in the FBI have not had, to date, any significant problems in prosecution of computer related crime under already existing statutes over which we have jurisdiction, such as the Fraud by Wire Statute."25 Indeed, although prosecutors expressed fears about the difficulty of prosecuting computer crime under existing laws, there were many examples provided at the hearings of computer crimes that had been successfully prosecuted.26 Nonetheless, the FBI and other law-enforcement witnesses went on record as supporting new laws to prevent potential future problems. One prosecutor who had been involved in successful computer-crime prosecutions summed up this attitude: "It is my view that any additional tool that can assist the prosecutor, albeit one that has not so far been needed, is not something that I would turn down."27 Victoria Toensing, a federal deputy assistant attorney general, explained in more detail: I am quite certain that sooner or later, we are going to run into some factual situations where we cannot slip the step-sister's foot into 25Ibid. 26See, e.g., Computer Crime, supra note 18, at 15-17 (statement of Rep. Coughlin) (youths who stole $100,000 in merchandise by computer and were successfully prosecuted); at 18-19 (statement of John Keeney, Deputy Assistant Attorney General, Criminal Division, Department of Justice) (two "difficult" cases nonetheless prosecuted under existing law). 27Id. at 25 (statement of William Block, Assistant U.S. Attorney for the District of Columbia). 61 Cinderella's slipper, and we will need a statute that really covers computer fraud.... I stress that this is a potential problem because so far at least we have been able to prosecute computer fraud cases under existing statutes.28 The "Hacker Threat" The "Hacker Threat" The "Hacker Threat" The hearings also revealed that, despite the excitement caused by WarGames and the 414s, the hacker threat was not great. Several witnesses, including 414 hacker Neal Patrick,29 testified that the most rudimentary of security precautions would have prevented their break-ins. Asked if it was possible for hackers to do extensive damage, Patrick responded, "I think it is. But I also think it's very easy to prevent that. There is no need for million-dollar security measures, but just commonsense ideas and attitudes would prevent most of this, if not all of this, from happening."30 Robert Morris, a prominent computer security expert who had worked with the National Security Agency, agreed: The notion that we are raising a generation of children so technically sophisticated that they can outwit the best efforts of the security 28Computer Fraud Legislation: Hearing Before the Subcommittee on Criminal Law of the Committee on the Judiciary, U.S. Senate, 99th Cong., 1st Sess. (1985), at 34- 5 (statement of Victoria Toensing, Deputy Assistant Attorney General, Criminal Division, Department of Justice). 29Computer and Communications Security and Privacy, supra note 6, at 17. 30Id. at 19. 62 specialists of America's largest corporations and of the military is utter nonsense. I wish it were true. That would bode well for the technological future of the country.... These kids appear to be having fun and, in most cases, the techniques involved, the techniques required have almost no sophistication whatever. They are the moral equivalent of stealing a car for joy riding purposes when the keys have been left in the ignition.31 By and large, most legislators seemed to understand this -- that the success of hackers such as the 414s was due almost entirely to poor password control and other lax security procedures.32 And they were reassured by government witnesses that rigorous security measures made sensitive national-security data such as that at Los Alamos impervious to access by outsiders.33 Nonetheless, many seemed to favor a "brute force" approach to solving the immediate problem: I have learned that this problem is largely the result of poor and/or lax computer security. However, until computer security is improved and installed I believe we owe it to our citizenry to protect those records and the vital information which is so stored. This protection can best be afforded with a federal statute ...34 31Computer and Communications Security and Privacy, supra note 6, at 507 (statement of Robert Morris). 32See, e.g., Computer Crime, supra note 18, at 7 (statement of Rep. Glickman). 33Computer and Communications Security and Privacy, supra note 6, at 34 (statement of Jimmy McClary, Division Leader for Operation Security and Safeguards Division, Los Alamos National Laboratory). 34Computer Crime, supra note 18, at 17 (statement of Rep. Coughlin (R-Pennsylvania)). 63 Others continued to believe that hackers were a serious threat to American businesses and to national security. Legislators spoke of the "underground culture of people known as computer hackers who continuously try to defeat the security measures programmed into modern computers."35 But attempts to uncover a hacker conspiracy capable of bringing down the entire national infrastructure were unsuccessful. Rep. William Carney (R-New York) asked hacker Neal Patrick if he was aware of any "professional groups" of hackers who worked to break into computers for personal gain. When Patrick said no, Carney reminded him of TAP, which he described as "an organization [with] bulletins, letters, and communications back and forth."36 In fact, TAP was not an organization at all, but a four-page newsletter (Technological Assistance Program) providing technical information of interest to hackers.37 Rep. Glickman asked witness Donn Parker, who described himself as a hacker (but not of what he called the "unsavory" variety), if there was a "hackers organization,"38 to which Parker said no. Parker went on to say that he had been approached by military 35Computer and Communications Security and Privacy, supra note 6, at 2. 36Id. at 21. 37Hafner and Markoff, Cyberbunk: Outlaws and Hackers on the Computer Frontier 20-21 (1991). 38Computer and Communications Security and Privacy, supra note 6, at 81. 64 officials who were also concerned about organized hacker conspiracies: I was paid a visit by some of the Office of Special Investigations of the Air Force on this exact concern of theirs.... [I]n the future what they were concerned about was sort of a type of an electronic Messiah, a charismatic figure being able to rally the unsavory hacker forces together, and in effect direct them towards the penetration -- organized penetration -- of computer systems.39 The potential danger from such an "electronic Messiah" -- or in Rep. Glickman's words, "a 21st century Adolf Hitler"40 -- was evidently perceived as great. One study cited by Parker had tackled the question of whether computer crime could bring about "national collapse" in the United States. While the study's conclusion was negative, it said that great damage could still be done; and Parker added that many experts disagreed with the conclusion and felt that the nation had already reached "a critical stage of vulnerability."41 Despite these fears, it became clear as the hearings progressed that hackers generally were merely mischievous rather than malicious. As one witness cautioned, "You don't want to lock up some kid who is just fooling with his computer and all of a sudden he is guilty of a felony and 39Id. 40Id. 41Id. at 77. 65 you have an obligation to go after him, like in that movie we saw."42 Most legislators seemed ultimately to conclude that the real threat was not from hackers at all, but from a less spectacular source: employees and others who already had authorized access and misused it.43 Exaggerated Fears: The "WarGames Scenario" Exaggerated Fears: The "WarGames Scenario" Exaggerated Fears: The "WarGames Scenario" There remained those, however, whose fear of computers and of mysterious, shadowy hackers -- perhaps reinforced, or even caused, by WarGames -- led to a tendency to exaggerate the danger of hackers. Legislators couldn't resist the temptation to compare real-life hacking incidents to WarGames, despite assurances that the events in the film were impossible. While certainly there may have been a real computer-crime problem, that problem -- fraud perpetrated by insiders -- was in reality less spectacular and exciting. And legislators tended to see grave problems where there were, at best, only potential problems. This tendency is perhaps best illustrated by the hearings and debates surrounding one of the post-WarGames computer- 42Computer Crime, supra note 18, at 28 (statement of Mr. Edwards). 43See, e.g., Computer Crime, supra note 18, at 49-50 (statement of James F. Falco, Assistant State Attorney, Consumer Fraud and Economic Crime Division, Eleventh Judicial Circuit of Florida); Computer and Communications Security and Privacy, supra note 15, at 4. 66 crime bills. The Medical Computer Crime Act of 198444 was a response to the 414s' computer break-in at the Memorial Sloan-Kettering cancer research center45 and was designed to provide medical institutions specific legal recourse to help protect their computerized medical records. This break-in was a popular example of the "hacker problem," and it was frequently cited as having been a "life-threatening" incident.46 At a hearing in April 1984,47 the Subcommittee on Health and the Environment of the Committee of Energy and Commerce of the House of Representatives explored the supposedly pervasive problem of illegal access to medical records. Despite this supposed pervasiveness, however, witness Robert Coburn -- whose company provided computer services to hospitals -- could cite only two examples of illegal access to hospital computers. One was the 414s' Sloan-Kettering 44H.R. 4954, 98th Cong. (1984). 45132 CONG. REC. H9262 (daily ed. Oct. 6, 1986) (statement of Rep. Wyden). 46See, e.g., Computer Crime, supra note 18, at 12 (statement of Rep. Mica). 47Health and the Environment Miscellaneous -- Part 4: Hearings Before the Subcommittee on Health and the Environment of the Committee of Energy and Commerce, House of Representatives, 98th Cong. (1984). 67 break-in. The other was in an episode of the television show St. Elsewhere.48 Furthermore, while the St. Elsewhere break-in did result in a patient's death, the Sloan-Kettering incident was decidedly less exciting. "This situation demonstrated the potential for a War Games scenario to occur, albeit on a less dramatic scale in the hospital setting," Coburn testified. "We understand that the data base that was accessed and tampered with at Sloan Kettering was actually billing data, and therefore probably did not pose a life- threatening situation."49 When asked if he was aware of any other s