ABSTRACT Computer crimes seem to be an increasing problem in today's society. The main aspect concerning these offenses is information gained or lost. As our government tries to take control of the information that travels through the digital world, and across networks such as the InterNet, they also seem to be taking away certain rights and privileges that come with these technological advancements. These services open a whole new doorway to communications as we know it. They offer freedom of expression, and at the same time, freedom of privacy in the highest possible form. Can the government reduce computer crimes, and still allow people the right to freedom of expression and privacy? INFORMATION CONTROL IN THE DIGITIZED WORLD In the past decade, computer technology has expanded at an incredibly fast rate, and the information stored on these computers has been increasing even faster. The amount of money, military intelligence, and personal information stored on computers has increased far beyond expectations. Governments, the military, and the economy could not operate without the use of computers. Banks transfer trillions of dollars every day over inter-linking networks, and more than one billion pieces of electronic mail are passed through the world's networks daily. It is the age of the computer network, the largest of which is known as the InterNet. A complex web of communications interlinking millions of computers together -- and this number is at least doubling every year. The computer was originally designed as a scientific and mathematical tool, to aid in performing intense and precise calculations. However, from the large, sixty square foot ENIAC (Electronical Numerical Integrator and Calculator) of 1946, to the three square foot IBM PC of today, their uses have mutated and expanded far beyond this boundary. Their almost infinite capacity and lightning speed, which is increasing annually, and their low cost, which is decreasing annually, has allowed computers to stabilize at a more personal level, yet retain their position in mathematical and scientific research1 . They are now being used in
almost every aspect of life, as we know it, today. The greatest effect of computers on life at this present time seems to be the InterNet. What we know now as the InterNet began in 1969 as a network then named ArpaNet. ArpaNet, under control by the pentagon's Defense Advanced Research Projects Agency, was first introduced as an answer to a problem concerning the government question of how they would communicate during war. They needed a network with no central authority, unlike those subsequent to this project. A main computer controlling the network would definitely be an immediate target for enemies. The first test node of ArpaNet was installed at UCLA in the Fall of 1969. By December of the same year, three more nodes were added, and within two years, there was a total of fifteen nodes within the system. However, by this time, something seemed to be changing concerning the information traveling across the nodes. By 1971, government employees began to obtain their own personal mail addresses, and the main traffic over the net shifted from scientific information to personal mail and gossip. Mailing lists were used to send mass quantities of mail to hundreds of people, and the first newsgroup was created for discussing views and opinions in the science fiction world. The networks decentralized structure made the addition of more machines, and the use of different types of machines very simple. As computer technology increased, interest in ArpaNet seemed only to expand. In 1977, a new method of transmission was put into effect, called TCP/IP. The transmission control protocol (TCP) would convert messages into smaller packets of information at their source, then reassemble them at their destination, while the InterNet protocol (IP) would control the addressing of these packets to assure their transmission to their correct destinations. This newer method of transmission was much more efficient then the previous network control protocol (NCP), and became very popular. Corporations such as IBM and DEC began to develop TCP/IP software for numerous different platforms, and the demand for such software grew rapidly. This availability of software allowed more corporations and businesses to join the network very easily, and by 1985, ArpaNet was only a tiny portion of the newly created InterNet. Other smaller networks are also very widely used today, such as
FidoNet. These networks serve the same purpose as the InterNet, but are on a much smaller scale, as they have less efficient means of transferring message packets. They are more localized, in the sense that the information travels much more slowly when further distances are involved. However, the ease of access to these networks and various computers has allowed computer crimes to increase to a much higher scale. These computers and networks store and transfer one thing -- information. The problem occurs when we want to determine the value of such information. Information lacks physical properties, and this intangible aspect of data creates problems when developing laws to protect it. The structure of our current legal system has, to this point, been based on ascertainable limits. Physical properties have always been at its main core2 . In the past, this information, or data, has been 'converted' into tangible form to accommodate our system. A prime example is the patent, which is written out on paper. Today, however, it is becoming much more difficult to 'convert' this data into a physical form, as the quantity is increasing so rapidly, and this quantity of information is being stored in a virtual, digitized space3 . It is very important to realize and emphasize that computers and networks store and transfer only information, and that most all of this information can be altered, in some way, undetectably. For example, when a file is stored in the popular DOS environment (and also in environments such as Windows, OS/2, and in similar ways, UNIX), it is also stored with the date, time, size, and four attributes -- readonly, system, hidden, and archive. One may consider checking the date at which the document, or information stored on the computer, was saved to determine if it was modified. However, this is also digital information, and easily changed to whatever date or time the operator prefers. One may also consider the attributes stored with the file. If a file is flagged as 'read-only,' then perhaps it cannot be overwritten. This is surely the case -- however, this attribute is easily turned off and on, as it is also information in a digitized sense, and therefore very easily changed. This is the same case when a file is 'hidden'. It may very well be hidden to the novice user, but it is easily seen to anyone who has even a
slight knowledge of the commands of the system. One may also consider moving this information to a floppy disk in order to preserve its originality; but we are once again giving it a physical aspect, which we earlier addressed as being a close to impossible task when involved with the amount of information involved in this area today. Digital information is infinitely mutable, and the information that protects this information is infinitely mutable4 . In order to understand how to control this information, we must first understand what information and it's value -- especially that of a digital nature -- is. One cannot specifically define information in a whole. In today's society, 'knowledge is power' seems to be a common phrase, and a quite true one. It would be even more true to say 'knowledge can be power.' It's how we use this knowledge that determines it's power. In the same sense, it is how we use and distribute this knowledge that determines it's value. Information can be used in so many ways that it is virtually impossible to value it. What information is of value to one person may be completely worthless to another. The availability of this knowledge also determines it's worth. If information is as free as air, it has virtually no worth5 . Therefore, it is also a privacy issue. We can now base the value of information on three things: it's availability, it's use, and it's user. In order to protect information in our current government, we must first value it. Those three aspects of information can be so differentiated, that this is close to impossible to do so. In addition to this, how do we determine who "owns" the information? Information itself is not a physical thing which only one person has in their possession at any time. If information is given away, it is still held by the giver, as well as the taker. It is impossible to determine exactly who has this information. If someone steals information, we cannot take it away from them -- it is intangible in almost every aspect. We must also understand the way in which our government, and most governments, create laws and attempt to desist illegal actions. As stated earlier, the American government, and many other governments, are based on a physical center, which I exemplified with the case of the US patent. When our government creates laws, the subjects of the laws are given a
definable, ascertainable limit. When someone commits grand theft auto, breaking and entering, or murder, we understand what has occurred and have definite ways to prove what has occurred, where and when it has occurred, how it has occurred, and, if applicable, what has been harmed and what is its value. However, when we look at computer crimes, such as unauthorized access, we cannot be as clear on these aspects, and we do not have definite ways to prove the crime, or who committed it, nor do we have a way in which to define the value of anything damaged, if it had even been damaged. It is hard to convict a person when all they did was slow down a computer network for a few days, or look at a credit profile on John Doe. Problems also occur because people, including those in the legal profession as well as jurors, do not always understand technology. They do not always understand how mutable digital information can be, and how easily accessible and distributed it can be. When a jury does not understand, one cannot truly be declared guilty "beyond a reasonable doubt". "Technically, I didn't commit a crime. All I did was destroy data. I didn't steal anything.6 " How can this be argued? Crimes committed in the computer world do not exactly adhere with current laws that address physical crimes. We cannot adapt current laws to those involving information crimes, and trying to do that will cause too many problems and confusions because of the variety, extent, and value of information as a whole. However, this is exactly what the government is trying to do. It must also be considered that this information is not strictly a US problem, nor is it more geared towards the US. Although started by the United States government, the InterNet has grown world wide, reaching over seventy countries. Since the InterNet has such a decentralized structure, one cannot say that the US is "in charge" of the network. The problem is, the US government does not see this themselves. The United States government wants to censor the information traveling across the InterNet and other telecommunication services, but this cannot be the case any longer because of this situation. We cannot expect other countries to adhere to the laws of the United States, just as most Americans would not expect to have to agree to laws set by other countries. Therefore, it could be
easily said that the government would be invading privacy if they were to attempt to censor the information which travels these networks. Individual computers, are, of course, an individuals property, and it would, without a doubt, be an invasion of privacy if the government wanted to, at any given time, search your hard drive without just cause. I feel that the government wants too much power this time. It would seem that they want to have access to and control all digital information in America for their own benefit. The US government created an encryption device called the Clipper chip, which was to insure digital privacy among it's users. However, our government seems to only define privacy to an extent. They had also planned to keep, in their possession, a duplicate of each chip. So much for total privacy. The government seems to be on a quest for total control over it's citizens, and the citizens of the world. This may seem extreme at the present time, but our current legal system does not allow for the undefinable limits that information control presents, especially on a world wide basis. If the government tries to gain too much control, it could very well lead to it's failure. Control -- the control we need -- is not a legal problem at all. It is a social, moral, and technological problem7 . What is needed is a type of 'information ethics'. A set of morals and customs must be slowly adapted, and not pounded into the digital world by the government. Virtual laws must be formed by a virtual government. Information cannot be controlled by our government in it's current form. In order to control information, the government would have to induce a drastic change. The first amendment, in reality, is the foundation of the rights of the citizens of this country. This amendment, in it's most basic form, guarantees our right to inform and be informed. The government can not and will not be able to control digital information as a whole, or govern the right to this information without sacrificing the keystone of our nation and of our rights as Americans. 1 We see about 50-70% more computing power per year, and hardware prices drop about 25-50% per year. Since 1978, raw computing power has increased by over 500 times. "80x86 Evolution," Byte, June 1994, pp. 19. 2 Curtis E.A. Karnow, Recombinant Culture: Crime In The Digital Network. (Speech, Defcon II, Los Vegas), 1994.
3 S. Zuboff, In the Age of the Smart Machine, New York; 1992.Michael Gemignani, Viruses And Criminal Law. Reprinted in Lance Hoffman, Rogue Programs: Viruses, Worms and Trojan Horses, New York, 1990.4 Lauren Wiener, Digital Woes, 1993.5 John Perry Barlow, "The Economy of Ideas", Wired, March 1994.6 Martin Sprouse, "Sabotage in the American Workplace: Anecdotes of Dissatisfaction, Mischief, and Revenge", New York; 1992. (Bank of America Employee who planted a logic bomb in the company computer system). 7 Curtis E.A. Karnow, Recombinant Culture: Crime In The Digital Network. (Speech, Defcon II, Los Vegas), 1994. -----------------Works Cited Addison-Wesley, Bernard. Vinton Cerf, 1993. How the Internet Came to Be. New York: February
Communications Decency Act. 1, 1996.
Enacted by the U.S. Congress on
Computer Fraud and Abuse Statute. Section 1030: Fraud and related activity in connection with computers. Denning, Dorothy. "Concerning Hackers Who Break into Computer Systems". Speech presented at the 13th National Computer Security Conference, Washington, DC, 1990. Gates, Bill. 1995. The Road Ahead. New York: Penguin Books USA, inc, Phrack. Issue 33,
The Gatsby. "A Hackers Guide to the Internet". File 7; 15 September 1991. Icove, David, Karl Seger, and William VonStorch. Crime. USA: O'Reilly Books, 1996. Time Life Books. inc., 1987. Revolution in Science.
Wallich, Paul. pp. 31.
"A Rouge's Routing."