"A Little Perspective, Please" by Mitchell Kapor

[David Farber <farber () central cis upenn edu>]

"A Little Perspective, Please"

by Mitchell Kapor
Forbes Magazine
Junr 21, 1993

(Permission granted for electronic redistribution)

In Its Dec.21, 1992 cover story, headlined "The playground bullies are
learning how to type,"  FORBES perpetuated a dangerous myth.  This magazine
blamed a new generation of "hacker hoods" for an epidemic of computer
crime.  It grates on me to see these two words- hacker and hood - used
together.

        I'll begin by agreeing that computer crime is a real and serious
problem. 
But the FORBES cover seemed to blur the distinction between theft and free
speech, between adventuresome teenagers and crooks.  Most hackers are just
playing around or swapping information; only a minority are out to steal
it.  Hackers are not hoods, though a few may be.

        If I sound sensitive on this point, I have good reason.  In the
summer of
1990 John Perry Barlow and I founded the Electronic Frontier Foundation to
challenge Secret Service seizures of computer bulletin board systems.  Our
goal was simple enough.  We wanted to establish that the Bill of Rights
applies in cyberspace as well as on Main Street.  We wanted to help assure
that law enforcement people, while fighting crime, do not violate the free
speech and privacy rights of computer bulletin board users.  We made one
principle clear from the start: "Unauthorized entry into computer systems
is wrong and should be illegal."

        Big high-tech rip-offs these days have to do with the theft of cellular
and PBX codes.  These can run up victims' phone bills into the hundreds of
thousands of dollars.  According to Donald Delaney, a New York State Police
investigator who specializes in this area, major telecom fraud is typically
committed by career criminals in their 30s, many of whom see it as more
lucrative and safer than the drug business.  Hardly your typical hacker.

        If the typical 17- year old hacker, gets caught stealing small
amounts of
phone service or breaking into a computer system where he has no business
being, he's scared as hell, and ready to confess.. He's highly unlikely to
do it again.  These first-time offenders don't usually end up ever again on
the business end of one of Dectective Delaney's warrants.  There is no
reason for bringing the full force of the law down on kids like this.

        So I was peeved at a FORBES cover that seemed to lump these kid
pranksters
in with hardened crooks.  Such broad bracketing leads to excesses like
those of the Secret Service in the recently decided Steve Jackson Games
case.  Federal Judge Sam Sparks found that the Secret Service illegally
seized the private electronic mail of users of a customer relations
bulletin board system operated by the Jackson firm.. At the trial, Judge
Sparks roasted Secret Service agent Tim Foley for not making a simple
investigation in advance that would have shown there was no cause to snoop
on E-mail.  The case demonstrates that accusations of computer crimes
should be limited to cases involving seriously harmful behavior and
injurious intent, not the mere suspicious use of a computer or a network.

        In Massachusetts, efforts to put such a balanced perspective into
law are
now under way.  Governor William Weld has submitted computer crime
legislation based on a report of his Commission on Computer Technology &
Law, which I chaired.  Commission members included law enforcement
officials, such as a bulletin board-system literate district attorney,
representatives from the computer and telecommunications industries and
civil libertarians.

        The commission determined that much of what is labeled "Computer crime"
would constitute a crime regardless of the particular means of
accomplishment.  Theft of a lot of money funds through manipulation of
computer accounts is grand theft.  Does the computer make it any grander?

        Our commission reported, and Governor Weld agreed, that changes to the
law, where needed to plug gaps, are best accomplished by modifying existing
law and building off familiar legal principles, not by passing overly broad
and untested laws specifically covering computer crime.

        We found, for instance, that unauthorized access to a computer system is
not, by itself, a violation of Massachusetts law.  It should be.  We
therefore recommended an addition to the criminal law covering electronic
trespass with penalties of up to $1,000 in fines or 30 days in jail.  The
proposed statute states that the requirement of a password constitutes the
equivalent of a posted "No Trespassing" sign.

        The Massachusetts experience shows that it's possible for civil
libertarians, law enforcers and industry experts to find common ground;
they can address problems created by the spread of computers without
compromising rights.  This is the stroy the media ought to pay more
attention to.  Enough of these fantasies about dangerous teenagers stealing
big money and compromising national security.
------------------------------------------------------------------------------
                Mitchell Kapor, Electronic Frontier Foundation
     Note permanent new email address for all correspondence as of 6/1/93
                              mkapor () kei com