Hackers steal legislators' attention

The flurry of recent, highly publicized incidents involving young systems hackers accessing government and commercial data bases has refocused attention on a variety of proposed and recently enacted computer crime laws, both state and federal.

Some 20 states have passed computer crime laws, and the federal statute, languishing on Capitol Hill since the late 1970s, is receiving new interest among legislators who previously considered computer crime an esoteric subject of the future.

The slow development of state laws until now has been little more than an academic undertaking, as forward-looking legislators sought to persuade their colleagues it was necessary to prepare for a growing criminal problem in the information society. Now, criminal justice authorities in several states are scrambling to bring those laws to bear or identify existing laws that will aid the prosecution of the growing number of apprehended hackers.

The '414s' Strike

The most notorious group of hackers of recent note are the so-called "414s," named after their Milwaukee area code, who have been at the center of the "computer crime wave" of recent months. Numbering only a handful, this group has been charged with unauthorized access of computer systems at the Los Alamos National Laboratory in New Mexico, the Memorial Sloan-Kettering Cancer Center in New York and several Milwaukee-area schools.

New Mexico and Wisconsin have computer crime laws that can be used by prosecutors, who so far are taking a get-tough approach to this mini crime wave. New York does not, but there are other laws that can be used, according to Susan Nycum, a Palo Alto, Calif., attorney specializing in computer law, who has looked into the case.

Nycum, of the law firm Gaston Snow & Ely Bartlett, said wire fraud statutes apply in this case, but the prosecutors will have to show that "a scheme or artifice to defraud" was involved. She noted the hackers probably did not intend to steal any information in the systems they attacked, but she said theft of the computer time involved would qualify.

Also, in the Los Alamos incident, she said "there is a whole body of law directed at federal enclaves. It's my understanding [prosecutors] will try to rely on that" in their attempts to gain convictions of the "414" group.

Nycum said she talked to one of the defense attorneys in the case and was told the hackers "didn't have any malicious intent," that would probably be a major line of defense in any court proceeding arising from the incidents. "I'm frankly very concerned about [that line of reasoning] " she said. "Some of [the hackers] don't understand what they've done."

She added she is appalled at press accounts that seem to be "making folk heroes out of some of them."

She also said most states have "joyriding" laws that, differentiating between out-right theft and theft without intent to keep, could provide a precedent for prosecution of hackers.

Asked if she believes the recent publicity of hackers will lead to more state laws or enactment of the pending federal bill, Nycum said, "We'd have to find out they could not be prosecuted under the laws that do exist."

She did say she is confident the publicity will increase pressure on data base developers and managers to protect their systems better.

If the Federal Computer Systems Protection Act were already in force, the legal discussion would be much more straightforward in that it would outlaw the activities of these and other hackers. The bill would provide penalties for "whoever uses, or attempts to use, a computer . . . [that] operates in or uses a facility of interstate commerce."

Telephone System Qualifies

An aide to Rep. Bill Nelson (D-Fla.), the House sponsor of the bill, said the national telephone system, used by the hackers to gain access to systems across the country, qualifies as a facility of interstate commerce.

While the law would be subject to court interpretation, the aide added that the recently publicized hacking is one of the activities at which the bill was aimed.

If enacted, those convicted of hacking activites under the federal statute would be liable for fines up to $50,000 and up to five years in jail. The bill, if passed, would not automatically bring these activities under federal jurisdiction; they could still be prosecuted locally under existing state laws, but the federal law would be available if needed.

FREE Computerworld Insider Guide: IT Certification Study Tips
Join the discussion
Be the first to comment on this article. Our Commenting Policies