Computer Crime: Current Practices, Problems and Proposed Solutions Second Draft Brian J. Peretti It would have been surprising if there had been satisfactory road traffic legislation before the invention of the wheel, but it would also have been surprising if the law on the passage of laden donkeys proved entirely satisfactory when applied to vehicles.1 I. Introduction Within recent years, computer crime has become a preoccupation with law enforcement officials. In California, a group of West German hackers2 using phone lines and satellite hookups, gained unauthorized access into civilian and military computers and stole sensitive documents that were sold to the Soviet Union.3 A young New York programmer broke into a Washington computer to run a program that he could not run from his personal computer.4 After Southeastern Bell Stated that a document published in an electronic publication5 was valued at more than $75,000 the publisher was arrested and brought to trial before the discovery that the document could be publicly bought from the company for $12.6 The Chaos Computer Club, a Hamburg, Germany, club, went into government computers and access information and gave it to reporters.7 In May, 1988, the United States government launched Operation Sun Devil, which lead to the seizure of 23,000 computer disks and 40 computers.8 In addition, poor police performance9 has also been blamed on computers. Since its creation, the computer has become increasing important in society.10 The law, as in the past, has not been able to evolve as quickly as the rapidly expanding technology.11 This lack of movement on the part of governments shows a lack of understanding with the area. The need to create a comprehensive regulation or code of ethics has become increasing necessary. Due to the nature of computer systems and their transnational connections through telephone lines12, an individual state's action will only stop the problems associated with computer crime if many states join together. The patchwork of legislation that exists covers only a small part of the problem. To adequately address computer crime, greater efforts must be made within the computer community to discourage unauthorized computer access, countries must strengthen and co-ordinated their computer related laws, as well as proper enforcement mechanism created, computer program copyright laws be enhanced and computer systems should be created to allow those who wish to explore computer systems which will not disrupt the users of computer systems. This paper will first set out a definition of computer crime and why laws or regulation by the computer community must be created. Section II will then discuss the United States law concerning computer crime and why it needs to be strengthened. Section III will discuss the proposed Israeli computer crime bill, Britain's Computer Misuse Act and Ghana's proposed law. Section IV will discuss what can be done by both the government and computer owners and users to make computer crime less possible. II. Computer crime The definition of what constitutes a computer crime has been the subject of much controversy. A computer crime has been defined as "any illegal act for which knowledge of computer technology is used to commit an offense."13 The typical computer criminal has been described as between 15 and 45 years old, usually male, no previous contact with law enforcement, goes after both government and business, bright, motivated, fears loss of status in computer community and views his acts as games.14 For the purposes of this article, this will be the definition used because of its broad reach. Estimates regarding how much is lost to computer crime very widely15. In the only authoritative study, the loss due to computer crime was given at $555,000,000, 930 personnel years lost and 153 computer time years lost.16 The amount of total incidents for 1988 was 485 resulting in 31 prosecutions17. In 1987, there were 335 incidents with 8 prosecutions.18 Security spent on prevention of computer crime is becoming more commonplace19. The most publicized danger to computer systems are viruses20 and worms. A virus is a code segment which, when executed, replicates itself and infects another program.21 These viruses may be created anywhere in the world22 and may attack anything.23 A virus may be transmitted through a trojan horse24 program. A worm exists as a program in its own right and may spread over a network via electronic mail25. A virus attacks a program while a worm attacks the computer's operating system.26 The most notorious computer worm brought the Internet computer network to a halt.27 Computer virus attacks may be overrated.28 It is said that the biggest threat to computing includes "not backing up your data, not learning the ins and outs of your application programs, not putting enough memory in your computer, not organizing your hard disk, [and] not upgrading to the latest version of your applications.29 These computer programs have been compared to the AIDS virus.30 One author has stated that the viruses are used to both increase the amount of profits of computer program producers and anti-virus computer programs.31 Computer viruses may also be used to benefit computer systems, by either detecting flaws in security measures or detecting other viruses.32 Virus are very dangerous, though. The effects of a virus called Datacrime, activated on October 13, 1989, brought down 35,000 personal computers within the Swiss government and several companies in Holland.33 With the opening up of Eastern Europe, the virus problem is expected to increase.34 In Bulgaria, a country which does not have any laws against computer viruses, one new virus appears week.35 Computer viruses are created in countries like the Soviet Union as a way to punish computer pirates because of the lack of copyright laws.36 Perhaps the most dangerous threat to information contained in a computer is the "leakage" of radiation from the computer monitors.37 With inexpensive equipment38 a person can "read" the information off the computer screen and then replicate the information from the screen in a readable manner.39 The threat of attack on a computer system can also come from a hacker. A hacker is a person who breaks into, whether maliciously or not, computers or computer systems.40 A hacker can, if the system is not adequately secured, cause havoc in the computer by either deleting or altering programs or data or planting logic bombs or viruses in the computer system.41 Threats from hackers to plant viruses have been made in the past.42 The threat from computer hackers, as with viruses, has been said to be overrated.43 The issues surrounding computers still have not been decided by those within the computer community. Whether or not persons should be allowed to access computer systems without authorization is still a subject of debate within the computing community. A West German Computing Club, called The Chaos Computing Club, holds the belief that it is not improper to enter any system which they can gain access to and to "look" around inside of the system as much as they wish.44 They do not, however, condone destroying or altering any of the information within the system.45 On the other side, represented by Clifford Stoll, when individuals break into computer systems they disrupt the trust that the computer system is based on.46 This breach of trust not only makes operating the system tougher for the manager in control of the system, but also will decrease the amount of use of the system so less information will be transferred within the system.47 There is also conflicting views as to whether the authors of computer viruses should be punished. Marc Rotenberg48 holds the belief that a virus should be granted first amendment protection in some instances.49 In re...
kopia23