closing the net.txt

黑客培训教程

       The computer nets do need policing.  Computer crooks can steal and
have stolen millions of dollars.  But a balance must be struck between
civil liberties and the legitimate needs of law enforcement.  The laws as
currently constituted are inadequate from both perspectives, and the Secret
Service seems determined to interpret them with a callous disregard for
civil liberties.
       To attack computer crime, prosecutors primarily use the statutes
dealing with wire fraud and interstate transportation of stolen goods, the
Computer Fraud and Abuse Act of 1986, and the Electronic Communication
Privacy Act of 1986.  The wire fraud statute prohibits the use of the
telephone, wire services, radio, and television in the commission of fraud.
The courts have, logically, interpreted it to apply to electronic
communications as well.
       The interstate transportation statute prohibits transportation of
stolen goods valued at $5,000 or more across state lines.  Neidorf's lawyer
moved to dismiss those counts, claiming that nothing tangible is
transported when a document is uploaded or downloaded.	The judge ruled
that tangibility was not a requirement and that electronic transmission
could constitute transportation.  The Computer Fraud and Abuse Act
prohibits knowingly, and with intent to defraud, trafficking in information
that can be used to gain unauthorized access to a computer.
       The Electronic Communications Privacy Act makes it a crime to
examine private communications transmitted electronically.  Among other
things, it requires law enforcement agencies to obtain search warrants
before opening electronic mail.  It is unclear whether electronic mail
files on a BBS's hard drive are covered by a warrant that permits seizure
of the hard drive, or whether separate warrants are needed for each
recipient's mail.
       The reliance on fraud statutes to fight computer crime presents
problems.  Fraud is the use of chicanery, tricks, or other forms of
deception in a scheme to deprive the victim of property.  Most attempts by
hackers to gain illegal access to a computer do involve chicanery or
tricks, in some sense -- the use of other people's passwords, the use of
known bugs in systems software, and so on.  Much of the time, however, a
hacker does not deprive anyone of property.
       If the hacker merely signs on and looks around, he deprives the
computer operators of a few dollars of computer time at worst.	If he
downloads a file, the owner still has access to the original file.  If the
file's confidentiality has value in itself -- as with a trade secret --
downloading it does deprive the owner of something of value, but this is
rarely the case.
       We need a "computer trespass" statute, with a sliding scale of
punishments corresponding to the severity of the violation.  Just as
burglary is punished more severely than trespass, so a hacker who steals
and uses credit card numbers ought to be punished more severely than one
who does nothing more than break into a computer and examine a few public
files.	In the absence of such a scheme, law enforcement personnel
naturally try to cram all computer violations into the category of fraud,
since the fraud statutes are the only laws that currently permit
prosecution of computer crimes.  As a result, petty crimes are charged as
felonies -- as with Neidorf and Riggs.


       Legitimate users and operators of computer networks need to be
protected from arbitrary seizures and guilt by electronic association.	The
criminal code permits law enforcement personnel to seize equipment used in
a crime or that might provide criminal evidence, even when the owner has no
knowledge of the crime.  But the purpose of such seizures is to allow the
authorities access to evidence of criminal activity, not to shut down
businesses.  Searchers need not remove computer equipment to inspect the
files it contains.  They can sit down and make copies of whatever files
they want on the spot.	Even if they expect some piece of incriminating
material to be hidden particularly well -- for example, in a specially
protected file or in a ROM chip -- it is unreasonable to hold onto the
seized equipment indefinitely.
       And it's clearly wrong to seize equipment that cannot, by any
stretch of the imagination, contain incriminating data.  In both the Steve
Jackson and Ripco cases, the Secret Service seized laser printers along
with other equipment.  Laser printers have no permanent memory (other than
the factory-supplied ROM chips that tell them how to operate).	They print
words on paper, that's all.  They cannot contain incriminating information.
       Even computers themselves cannot possibly constitute evidence.  When
you turn off a computer, its memory dies.  Permanent data exist only on
storage media -- hard drives, floppy disks, tape drives, and the like.
Even if law enforcement personnel have some compelling reason to take
storage media away to complete a search, they have no reason to take the
computers that use those media.
       Just as a computer is not evidence because it once carried
incriminating information, a network is not a criminal enterprise because
it once carried data used in or derived from fraudulent activity.  Yet
under current law, it seems that the operator of a bulletin board is liable
if someone posts an illegal message on it.  Say I run a BBS called Mojo.
You dial Mojo up and leave Mario Cuomo's MasterCard number on the board,
inviting anyone to use it.  Six people sign on, read the message, and fly
to Rio courtesy of the governor before I notice the message and purge it.
Apparently, I'm liable -- even though I had nothing to do with obtaining
Cuomo's credit card number, never used it, and strenuously object to this
misuse of my board.
       Such an interpretation threatens the very existence of the academic
and commercial nets.  A user of UseNet, for instance, can send a message to
any other user of UseNet.  The network routes messages in a complex fashion
-- from Computer A to Computer B to Computer C, and so on, depending on
what computers are currently live, the volume of data transmitted among
them, and the topography of the net itself.  The message could pass through
dozens of computers before reaching its destination.  If someone uses the
message to commit fraud, the system operators of every computer along its
path may be criminally liable, even though they would have no way of
knowing the contents of the message.
       Computer networks and BBSes need the same kind of "common carrier"
protection that applies to the mails, telephone companies, and wire
services.  Posting an illegal message ought to be illegal for the person
who posts it -- but not for the operator of the board on which the message
appears.
       The main function of the Net is to promote communication.  People
use it to buy goods, research topics, download software, and a myriad of
other things as well, but most of their computing time is spent
communicating:	by posting messages to bulletin boards, by "chatting" in
real time, by sending electronic mail, by uploading and downloading files.
It makes no sense to say that discussion of a topic in print is OK, but
discussion of the same topic via an electronic network is a crime.
       Yet as currently interpreted, the law says that mere transmission of
information that someone _could_ use to gain access to computers for
fraudulent purposes is itself fraud -- even if no fraudulent access takes
place.	The Secret Service, for instance, was willing to indict Neidorf for
publishing information it thought could be used to disrupt the 911 network
-- even though neither Neidorf nor anyone else actually disrupted it.  We
must clearly establish that electronic communications are speech, and enjoy
the same protections as other forms of speech.
       The prospects for such legal reform are not bright.  Three times in
this century, technological developments have created new venues for
speech:  with radio, with television, and with cable.  On the grounds of
scarcity, government restricts freedom of speech on radio and television;
on the grounds of natural monopoly, government regulates speech on cable.
Recent events, such as the conviction of former Cornell graduate student
Robert T. Morris for introducing a virus into the nationwide ARPANet, have
aroused worry about hacker crimes.  But concern for the rights of
legitimate users of computer nets has not received that same level of
publicity.  If anything, recent trends lean toward the adoption of more
draconian laws -- like the Computer Fraud and Abuse Act, which may make it
illegal even for computer security professionals to transmit information
about breaches of security.


       The Net is vast -- and growing fast.  It has already changed the
lives of thousands, from scientists who learn of new breakthroughs far more
quickly than if they had to wait for journal publication, to stay-at-home
writers who find in computer networks the personal contact they miss
without office jobs.  But the technology is still in its infancy.  The Net
has the capacity to improve all our lives.
       A user of the Net can already find a wide variety of information,
from encyclopedia entries to restaurant reviews.  Someday the Net will be
the first place citizens turn to when they need information.  The morning
paper will be a printout, tailored to our interests and specifications, of
articles posted worldwide; job hunters will look first to the Net; millions
will use it to telecommute to work; and serious discussion will be given to
the abolition of representative government and the adoption of direct
democracy via network voting.
       Today, we are farmers standing by our country lanes and marveling as
the first primitive automobiles backfire down the road.  The shape of the
future is murky.  We cannot know what the Net will bring, just as a farmer
seeing a car for the first time couldn't possibly have predicted six-lane
highways, urban sprawl, the sexual revolution, and photochemical smog.
Nonetheless, we can see that something remarkable is happening, something
that will change the world, something that has the potential to transform
our lives.  To ensure that our lives are enriched and not diminished, we
must ensure that the Net is free.


-- Greg Costikyan is a writer of fiction and nonfiction who has designed 23
   commercially published games.