riggs_~1.txt

黑客培训教程

                          CASE COMMENT
                         --------------
                     UNITED STATES v. RIGGS:
     JACKING INTO THE NET WITH THE ILLINOIS DISTRICT COURT

                          -by Jay Wood


*********************************************************************
The following article is a candidate for publication in the Rutgers
Computer and Technology Law Journal, therefore it is (c) copyright
1992 by the author. You may re-post this file freely (as long as
you don't make any changes), but you may not publish the text or a
substantial portion thereof in any form (i.e., print it up and sell
it, include it in your newsletter, etc.). If you mention this article,
you must mention that it is a candidate for publication in the Rutgers
Computer and Technology Law Journal (for the 1992-93 academic year);
if you wish to quote from or reproduce a substantial part of the
article, please contact me.

Comments on the text are extremely welcome.

-Jay Wood            InterNet:    jwood@andromeda.rutgers.edu
                     CompuServe:  70540,1252
                     AOL:         JayW9
**********************************************************************

                (FOOTNOTES ARE AT END OF TEXT)


I.	INTRODUCTION

      The rapid pace of technological innovation has given many
creative individuals the ability to work mischief without
violating any statutes. The range of possible "offenses" often
exceeds the imagination of the legislature. Prosecutors and courts
who are faced with these individuals must make a difficult choice:
they must either let these "criminals" go free, or attempt to
stretch existing laws to cover the (purportedly) culpable conduct.
Efforts to avoid this dilemma have frequently focused on
criminalizing activities at the periphery of the undesirable
conduct. Some legislatures have approached the problem (in the
area of narcotics) with so-called "designer drug" laws.\1\ A United
States District Court presented its solution to the problem in the
area of "computer crime" in the case of United States v. Riggs.\2\

     The facts of the case are deceptively simple. Robert Riggs was
a computer enthusiast (a "hacker") who was able to gain access to
a computer that was owned and operated by the Bell South telephone
company. He accomplished this feat from his home, using a personal
computer and a modem to connect with the Bell South computer over
ordinary telephone lines.\3\ His access, although unauthorized, went
undetected by the phone company, and he was able to find and copy
a text file detailing the operations and maintenance of Bell
South's Emergency 911 response system to a disk in his home.\4\

     While pursuing his interest in computer and communication
technology, Riggs had become acquainted with Craig Neidorf, an
amateur journalist whose magazine "Phrack"\5\ was distributed by
modem to computer and telecommunications hobbyists through an
informal network of computer bulletin boards.\6\ Riggs and Neidorf
agreed that the Emergency 911 information would be of interest to
Phrack's readers, and made plans to include it in an upcoming
issue.\7\ So that the document could be readied for publication,
Riggs uploaded (transferred) a copy of the text file from his home
in Georgia to a bulletin board system in Illinois, enabling
Neidorf to retrieve it in his home in Missouri.\8\ Neidorf edited the
report to remove features that would identify it's source, and
sent the edited document (via telephone) to the Illinois BBS for
Riggs' approval.\9\

     At some point during this transaction, the operator of the
Illinois bulletin board became concerned that potentially
sensitive information was being exchanged through his equipment.
Fearing that this might subject him to some sort of liability, he
notified the appropriate authorities.\10\ As a reward for his
diligence, his computer was confiscated by the Secret Service and
his bulletin board was shut down.\11\ Neidorf and Riggs were located,
and the instant prosecution began.

     The pair was charged with wire fraud,\12\ Interstate
Transportation of Stolen Property,\13\ and one violation of the
Computer Fraud and Abuse Act.\14\ Robert Riggs plead guilty to the
charge of wire fraud, on the basis of his activities in gaining
the unauthorized access to Bell South's computer.\15\ Craig Neidorf
challenged the validity of the charges against him, and moved that
they be dismissed.\16\ His challenge cited several grounds for
dismissal, relying principally on the contention that he could not
be charged under the National Stolen Property Act when nothing
tangible had ever been removed from Bell South's possession, and
nothing tangible had moved in interstate commerce.\17\ Based on its
reading (by analogy) of the relevant precedents,\18\ the court found
that the indictment was valid and denied Neidorf's motions for
dismissal.\19\ Although the charges were dropped only a few days into
the trial (when it became apparent that the document in question
was neither very secret nor very valuable),\20\ the Riggs court's
holdings (that the National Stolen Property Act and wire fraud
statutes can apply to the computerized acquisition and
dissemination of text information) remain good law and are likely
to be persuasive to other judges as they attempt to map out the
contours of criminal sanctions for computer activity.

II.	BACKGROUND

     For their efforts in making the Bell South documents available
to the world, Robert Riggs and Craig Neidorf were charged with
violating the Computer Fraud and Abuse Act of 1986,\21\ the National
Stolen Property Act,\22\ and the wire fraud statute.\23\ No previous
case had ever applied these statutes to a purely electronic
transaction of the sort engaged in here. The closest analogies the
court was able to find in the area of electronic communications
were those dealing with the wire transfer of illegally acquired
funds.\24\ Another sstrain of cases on which the court relied for
guidance related to the theft of trade secret information.\25\ The
trade secret cases are similar in that the value of the item
stolen is frequently negligible (often nothing more than a sheet
of paper), although the value of the information may be quite
significant.

     In addition to these parallels, the court drew support from its
understanding of the legislative intent behind the statutes under
which Riggs and Neidorf were charged, and the appropriate
construction that implies.\26\ A proper understanding of the history
and purpose of these acts is therefore required in order to
effectively evaluate the court's decision.

A.   The Computer Fraud and Abuse Act of 1986

     The Computer Fraud and Abuse Act of 1986\27\ is an amended version
of a 1984 statute entitled the Counterfeit Access Device and
Computer Fraud and Abuse Act of 1984.\28\ The 1984 Act was intended
to protect consumer credit records and computers in which the
government had an interest, and proscribed the unauthorized access
or use of a computer operated by or on behalf of the government of
the United States.\29\ The amendment was occasioned by the great
volume of criticism which the 1984 Act received, both for its
narrowness and for what was perceived as poor drafting.\30\ Harsh
criticism was leveled at the 1984 Act for its failure to define a
number of key terms, such as "access," "authorization," and
"use."\31\ It was also strongly suggested by the Justice Department
and the National District Attorney's Association that a fraud
offense (modelled after the federal mail and wire fraud statutes)
be included in any amendment to the Act.\32\ This was attributable to
a belief that existing statutes were insufficiently adaptable to
many computer-related crimes,\33\ as well as to concerns, similar to
those which motivated the passage of the National Stolen Property
Act, that jurisdictional problems would prove insurmountable for
states that are attempting to address these problems through local
legislation.\34\

     The 1986 Act attempted to address these concerns by defining
some of its more ambiguous terms and expanding the scope of the
prohibited activities.\35\ Congress refused, however, to include the
fraud offense urged by the District Attorneys\36\ or to fully
federalize computer-related crime.\37\ The most important change in
the 1986 Act, as it relates to Riggs, is the addition of a
provision prohibiting the trafficking in computer passwords.\38\ This
section of the statute, intended to address the perceived problem
of computer hackers trading passwords over "pirate bulletin
boards,"\39\ directly implicated the questions that arose in applying
the National Stolen Property Act to Riggs. In other words, does
the electronic transmission of information to individuals in other
states constitute interstate commerce? Apparently, by passing this
Act, Congress intended to answer that question in the affirmative.

B.   The National Stolen Property Act

     The National Stolen Property Act (or NSPA) finds its origin in
the National Motor Vehicle Theft Act,\40\ a 1919 law designed to fill
the jurisdictional gap that is created when a criminal takes a
stolen car to another state for its ultimate disposal.\41\ Because an
automobile is a valuable thing that is uniquely suited for removal
to another jurisdiction,\42\ it was felt that special federal
legislation (based on the commerce clause power) was needed to aid
the states in what are otherwise essentially local efforts at law
enforcement.\43\

     Demonstrating their continued concern that "criminals have
made full use of the improved methods of transportation and
communication, and have taken advantage of the limited
jurisdiction possessed by State authorities in pursuing fugitive
criminals,"\44\ Congress extended the NMVTA in 1934 to include
property other than vehicles. The National Stolen Property Act\45\
prohibited the transportation in interstate commerce of "any
goods, wares, merchandise, securities or money, of the value of
$5,000 or more, knowing the same to have been stolen, converted or
taken by fraud."\46\

     The statute has been successfully applied in several cases to
criminalize the wire transfer of stolen funds.\47\ The statute has
also been applied in cases where the bulk of the value of the
stolen property comes from its status as a trade secret (e.g.,
stolen geophysical maps, the intrinsic value of which (the paper
and ink) is negligible).\48\ No court, however, had ever held that
section 2314 was applicable when nothing tangible had been taken
from the possession of the "crime victim." Indeed, the Court of
Appeals for the Second Circuit noted that "where no tangible
objects were ever taken or transported, a court would be hard
pressed to conclude that 'goods' had been stolen and transported
within the meaning of  2314"\49\ and suggested that "the statute
would presumably not extend to the case where a carefully guarded
secret formula was memorized, carried away in the recesses of a
thievish mind and placed in writing only after a boundary had been
crossed."\50\ Such a case had never reached the bar, and the Riggs
court appears to have been unconvinced by the Second Circuit's
reasoning.

C.   Wire Fraud

     As the NMVTA begat the NSPA, the laws prohibiting frauds
through the mail grew to produce the wire fraud statutes.\51\ The
original impetus for the mail fraud legislation appears to have
been the fear that the increased accessibility of remote and
innocent country dwellers (resulting from the efficient national
mail routes) would dramatically multiply the opportunities for
unscrupulous inhabitants of large cities to prey upon them.\52\ As
the technology of communication advanced, however, the mail was no
longer the most efficient means of contacting remote citizens. The
number of activities that the legislature wished to proscribe
increased, and the wire fraud statute\53\ was born.

     Somewhere in the process, the rationale for the prohibitions
seemed to change. Although the mail fraud statutes were originally
justified as a way to prevent "thieves, forgers, and rapscallions
generally"\54\ from exploiting the "innocent people of the country,"\55\
the prohibitions against using the interstate wire system for
fraudulent purposes are generally accepted for reasons similar to
those underlying the NSPA. Criminals, it is argued, have made such
excellent use of the advances in technology that "new law
enforcement tools" are required to combat their increasingly
sophisticated crime. As a result, the statute requires a very
minimal use of the wire system to become applicable.\56\ The primary
importance of the use of interstate wires is that it provides a
mechanism (through the commerce clause) for the Federal government
to gain jurisdiction over the offense. Wire communication has
never been held to be an integral part of the offense itself.\57\
Of course, the government may not simply rest after showing
that a defendant used the interstate wire system. If their
application of the statute is to be successful, the prosecution
must demonstrate that the use of the wires was in furtherance of a
scheme to defraud.\58\ However, that requirement has never been very
demanding. Fraud, defined broadly, includes "anything calculated
to deceive,"\59\ and the term has been construed quite liberally in
the context of mail and wire fraud statutes.\60\

III.	ANALYSIS

     The Riggs court approached the issues in this case
sequentially, addressing the application of each statute in turn
as they were listed in the indictment. In the interest of clarity
and consistency, the discussion below will be arranged in the same
manner.

A.	Wire Fraud

     In Neidorf's motion for the dismissal of the charges against
him, he argued that the wire fraud claim was defective because it
failed to allege the existence an actual scheme to defraud.\61\ The
allegations that Neidorf received and later transferred a computer
text file did not show proof of a scheme to defraud, he argued,
and in the absence of a fiduciary relationship between himself and
Bell South, Neidorf could not be held to have violated any of the
telephone company's intangible rights.\62\ Furthermore, Neidorf
claimed, his role in the situation was more akin to that of an
"innocent tippee" in a securities case than to that of a
coconspirator.\63\ This argument, if accepted, would mean that the
only relevant question should have been whether or not he had a
duty to disclose the proprietary information which he had (through
no wrongdoing of his own) come into possession of.\64\

     Not surprisingly, considering the broad sweep of section 1343,
the court gave little credence to either of these arguments.
Neidorf's role in formulating a plan to publish the E911 document,
and his efforts at editing it to disguise its source, were
themselves acts taken in furtherance of a scheme to defraud,
according to the court.\65\ This scheme, as described by the court,
was the plan "to steal the E911 text file from Bell South and to
distribute it to others via the PHRACK newsletter."\66\  The fraud
was nothing more than a "wronging [of] one in his property
rights."\67\ The wrong in this case, apparently, was the
dissemination of proprietary information without it's owners
consent.

     In rejecting Neidorf's arguments, the court held that the fraud
statute did not require a fiduciary relationship between Neidorf