All files are for educational and/or historic purposes only. [back to library]

                                   Computer Crime:

                  Current Practices, Problems and Proposed Solutions

          Second Draft
          Brian J. Peretti

               It would have been surprising if there had been satisfactory
          road traffic legislation before  the invention of the  wheel, but
          it would also have been surprising  if the law on the passage  of
          laden  donkeys  proved  entirely  satisfactory  when  applied  to

          I.  Introduction
               Within   recent   years,   computer  crime   has   become  a
          preoccupation with law  enforcement officials.  In  California, a
          group of  West German  hackers2 using  phone lines  and satellite
          hookups, gained  unauthorized access into  civilian and  military
          computers and  stole sensitive documents  that were  sold to  the
          Soviet  Union.3    A  young  New York  programmer  broke  into  a
          Washington computer to  run a program that he could  not run from
          his personal  computer.4  After  Southeastern Bell Stated  that a
          document  published in an  electronic publication5 was  valued at
          more than $75,000 the publisher was arrested and brought to trial
          before the discovery that  the document could be publicly  bought
          from the company  for $12.6  The Chaos Computer  Club, a Hamburg,
          Germany,  club,  went   into  government  computers   and  access
          information and gave it to reporters.7  In May,  1988, the United
          States government launched Operation Sun Devil, which lead to the
          seizure  of  23,000   computer  disks  and  40  computers.8    In
          addition,  poor police  performance9  has  also  been  blamed  on
               Since  its  creation,  the computer  has  become  increasing
          important in society.10   The law, as  in the past, has  not been
          able   to  evolve   as   quickly   as   the   rapidly   expanding
          technology.11  This  lack of movement on the  part of governments
          shows a lack  of understanding with the area.  The need to create
          a  comprehensive  regulation   or  code  of  ethics   has  become
          increasing necessary.
               Due   to  the   nature  of   computer   systems  and   their
          transnational   connections   through   telephone   lines12,   an
          individual  state's action will only stop the problems associated
          with computer crime if many  states join together.  The patchwork
          of  legislation that  exists  covers  only a  small  part of  the
          problem.  To  adequately address computer crime,  greater efforts
          must   be  made  within  the  computer  community  to  discourage
          unauthorized computer access, countries must strengthen and
             co-ordinated  their computer related  laws, as well  as proper
          enforcement mechanism created, computer program copyright laws be
          enhanced  and computer systems  should be created  to allow those
          who wish to  explore computer systems which will  not disrupt the
          users of computer systems.
               This paper will first set out a definition of computer crime
          and  why laws  or regulation  by the  computer community  must be
          created.   Section  II will  then discuss  the United  States law
          concerning  computer crime and  why it needs  to be strengthened.
          Section  III will  discuss the  proposed  Israeli computer  crime
          bill, Britain's  Computer Misuse  Act and  Ghana's proposed  law.
          Section IV will  discuss what can be done by  both the government
          and  computer  owners  and  users  to  make  computer  crime less

          II.  Computer crime
               The definition of what constitutes a computer crime has been
          the  subject of  much controversy.    A computer  crime has  been
          defined as  "any  illegal act  for  which knowledge  of  computer
          technology  is  used  to  commit  an  offense."13    The  typical
          computer criminal has  been described as between 15  and 45 years
          old, usually male, no previous contact with law enforcement, goes
          after both government and business, bright, motivated, fears loss
          of status  in computer community  and views his acts  as games.14
          For the  purposes of  this article, this  will be  the definition
          used because of its broad reach.
               Estimates regarding how much is lost to computer  crime very
          widely15.   In  the only  authoritative  study, the  loss due  to
          computer crime  was given  at $555,000,000,  930 personnel  years
          lost  and 153 computer  time years lost.16   The  amount of total
          incidents for  1988 was 485  resulting in 31 prosecutions17.   In
          1987,  there were 335  incidents with 8  prosecutions.18 Security
          spent   on  prevention  of   computer  crime  is   becoming  more
               The   most  publicized   danger  to  computer   systems  are
          viruses20  and worms.    A virus  is a  code segment  which, when
          executed,  replicates  itself   and  infects  another  program.21
          These  viruses may  be created  anywhere in  the world22  and may
          attack anything.23   A virus may be transmitted  through a trojan
          horse24  program.  A  worm exists as  a program in  its own right
          and  may spread over  a network via  electronic mail25.   A virus
          attacks a program while  a worm attacks the computer's  operating
          system.26      The  most  notorious  computer  worm  brought  the
          Internet computer network to a halt.27
               Computer  virus attacks  may  be overrated.28    It is  said
          that the  biggest threat  to computing includes  "not backing  up
          your  data, not  learning the  ins and  outs of  your application
          programs,  not  putting  enough  memory  in  your  computer,  not
          organizing your  hard  disk, [and]  not upgrading  to the  latest
          version of  your applications.29   These  computer programs  have
          been compared  to the AIDS virus.30   One author has  stated that
          the  viruses are used  to both increase the  amount of profits of
          computer program producers and anti-virus computer programs.31
               Computer  viruses may  also  be  used  to  benefit  computer
          systems,  by either  detecting  flaws  in  security  measures  or
          detecting other  viruses.32   Virus are  very dangerous,  though.
          The effects of a virus called Datacrime, activated on October 13,
          1989, brought  down 35,000  personal computers  within the  Swiss
          government and several companies in Holland.33
               With the opening up of  Eastern Europe, the virus problem is
          expected to  increase.34  In  Bulgaria, a country which  does not
          have any laws  against computer  viruses, one  new virus  appears
          week.35   Computer  viruses  are created  in  countries like  the
          Soviet Union  as a way to punish  computer pirates because of the
          lack of copyright laws.36
               Perhaps  the most dangerous  threat to information contained
          in a  computer is  the "leakage" of  radiation from  the computer
          monitors.37   With inexpensive  equipment38 a  person can  "read"
          the information  off the computer  screen and then  replicate the

          information  from the screen in a readable manner.39
               The threat of attack on a computer system can also come from
          a  hacker.   A  hacker  is  a  person  who breaks  into,  whether
          maliciously  or not, computers  or computer systems.40   A hacker
          can, if the system is not adequately secured, cause havoc  in the
          computer  by either  deleting  or altering  programs  or data  or
          planting  logic  bombs  or  viruses  in  the  computer  system.41
          Threats  from hackers  to plant  viruses  have been  made in  the
          past.42  The  threat from computer hackers, as  with viruses, has
          been said to be overrated.43
               The issues surrounding computers still have not been decided
          by those within  the computer community.  Whether  or not persons
          should  be   allowed   to   access   computer   systems   without
          authorization  is still a subject  of debate within the computing
          community.    A West  German  Computing  Club, called  The  Chaos
          Computing Club, holds the belief that it is not improper to enter
          any system  which they can  gain access to  and to "look"  around
          inside of  the  system as  much as  they wish.44    They do  not,
          however,  condone destroying or  altering any of  the information
          within  the  system.45      On the  other  side,  represented  by
          Clifford Stoll, when individuals break into computer systems they
          disrupt the trust  that the computer system is  based on.46  This
          breach of trust  not only makes operating the  system tougher for
          the manager in control  of the system, but also will decrease the
          amount  of  use  of  the  system  so  less  information  will  be
          transferred within the system.47
               There is also conflicting views as to whether the authors of
          computer  viruses should  be punished.    Marc Rotenberg48  holds
          the  belief  that  a  virus  should be  granted  first  amendment
          protection  in some  instances.49   In  response to  the Internet
          worm, there were 21 editorials that stated that the attack showed
          the  need for  more security  in  computers while  there were  10
          letters  to  editors  that  stated that  the  creator  should  be
          applauded rather  then punished.50   They argue  that this  was a
          good way to  raise consciousness concerning computer  security.51
          Alan Solomon, a consultant who specializes in virus detection and
          eradication,   believes   that   viruses   are,   at   most,   an

          III.United States Computer Legislation
               The  United  States  government53  and  most  states54  have
          computer crime laws.   In 1979, only six states had  such laws.55
          Almost every  computer  crime will,  in addition  to violating  a
          state and/or  federal law,  can  also be  prosecuted under  other
               A.   Computer Fraud and Abuse Act.
               Congress originally  enacted the  Counterfeit Access  Device
          and  Computer Fraud and  Abuse Act57   to address  the problem of
          computer crime.  Understanding that the scope of the original law
          was  too narrow,58  in 1986  Congress enacted  amendments  to the
          Computer Fraud  and Misuse  Act of 1984.59   The  Act essentially
          lists  acts that if  done with a  computer are illegal.   The Act
          also  makes individuals  culpable  for  attempting  to  commit  a
          computer crime.60

               In order to commit any  of the crimes mentioned in  the act,
          the actor must  have acted either "intentionally"  or "knowingly"
          when committing  the act.   The law  addresses national  security
          issues  by making a  crime of anyone  using a  computer to obtain
          information and  giving the  information to  foreign countries.61
          The penalty  for this crime  or its attempt  is 10 years  for the
          first offense62  and 20  years for subsequent  offenses63.   If a
          person   intentionally   accesses  a   computer   either  without
          authorization or in excess  of his authorization and obtains  and
          acquires information in  a financial record of  an institution or
          information contained in  a financial record of  an individual64,
          the person  will  have  committed  a misdemeanor  for  the  first
          offense65 and  a  felony for  subsequent  offenses66.   A  person
          intentionally   accessing    a   government    computer   without
          authorization  which  affects  the   government's  use  of   that
          computer67  will have  committed  a  misdemeanor  for  the  first
          offense68 and  a felony  for the second  offense.69   Accessing a
          computer with  knowledge and  intent to  defraud  and without  or
          exceeding authority is a crime  if the person obtains anything of
          value  other  than  use  is  a felony70.    Accessing  a  federal
          interest computer  without  authorization  and  either  modifying
          medical records or causing $1,000  or more worth of damage within
          a one year  period71 is  punishable with  up to 5  years for  the
          first offense72 and 10 years for any subsequent offense.73
               The Act  also criminalizes  trafficking in  passwords.74   A
          person  who knowingly  and with intent  to defraud  traffics75 in
          passwords or similar  information may be sentenced for  up to one
          year  for the first offense76  and up to  10 years for subsequent
          offenses77 if the  computer is used by  or for the  Government of
          the   United   States78   or   affects   interstate  or   foreign

               B.   Criticisms
               It is  important to note  that this statute only  applies to
          "Federal interest computers"  as defined by  this section.80   If
          a computer is  not this type of  computer, then any of  the above
          mentioned crimes  will not  be prosecutable  under this  section.
          Congress  intentionally  made the  scope  of the  law  narrow.81
          This  section  has  been criticized  as  not  inclusive enough.82
          Individual and  corporate computers  which do not  fall into  the
          restrictive  definition83 may not  receive the protection  of the
               The  problem  of  computer  viruses  are  not  addressed  by
          Act.84  The act  does not punish  those who add information  into
          a computer, even though this may do more harm then just accessing
          information.   The Congress has  attempted to address  this issue
          under two bills85, but neither one has been enacted.
               Unauthorized access where there is no theft or damage to the
          system  is  not  covered.86    For example,  a  person  access  a
          computer  system and looks  at information contained  therein, he
          has not committed a punishable crime under the Act.87
               Questions have also been brought  up concerning many of  the
          undefined terms  within the Act.88  Terms  such as "intentionally
          access" and "affects interstate commerce" are among the terms not

          defined.89   The  need to  clarify  these terms  is important  so
          that an individual will know what action will constitute a crime.

          IV.  Legislation From Around The World
               A.   Israel Proposed Computer Law
               In March 1987, the Israeli Ministry of Justice distributed a
          draft of  a comprehensive  computer bill.90   This bill  covers a
          wide range of  areas concerning computers91.  The  Act first sets
          out  a  list  of  proposed  definitions  for  computer,  program,
          software,  information,  thing and  act.   Each  of  these, while
          short, are concise and attempt  to give a brief but comprehensive
               Chapter 2 sets  out a list of offenses  which, if committed,
          are punishable.93   A authorized  person commits an act  upon any
          computer and knows that the  act will prevent or cause disruption
          of   the   proper   operation   is   subject   to   seven   years
          imprisonment.94   A  person who,  without  authority, commits  an
          act  which precludes  a person  from using  a computer  system or
          deprives a person  of using that  system is  punishable by up  to
          seven years  imprisonment.95  If  a person  prepares or  delivers
          or  operates  software  knowing that  the  software  will produce
          faulty results  and "having  reasonable grounds  to assume",  the
          person  is punishable  for up  to seven  years.96   The  Act also
          addresses those who supply, deliver  or  operates a computer with
          faulty data.97
               Section 5 applies to those who use a computer to  attempt to
          obtain  some "thing"98  or  with  intent  prevents  another  from
          obtaining some "thing".99   A  person who  prevents another  from
          obtaining  a  "thing"  by  the   use  of  software  may  also  be
          punished.100  A  person who deprives a  person of an object  that
          contains  software, data or  information and obtaining  a benefit
          for himself.101   All of  these crimes contain a  prison sentence
          of five years.
               A professional who relies on computer outputs that they know
          which  are false  is also  subject to  punishment.102   The crime
          carries a sentence of five years.103
               This chapter does not apply to  all computers, software data
          or  information.104   It  only applies  to those  computers, data
          or information which  are used, designated to  be used by  or for
          (1) the state  or a corporation that is supplying  service to the
          public105  or   (2)  "business,  industry,   agriculture,  health
          services, or for scientific purposes."106
               Perhaps the most novel provision of this proposed law is the
          section governing the reporting of  the offenses.  Any person who
          is  in  charge  of another  and  has  reason to  believe  that an
          individual has committed an offense under the Act, he must report
          this to police  as soon as possible.107   If the person  does not
          do so, he may be imprisoned for up to one year.
               B.   Analysis
               The Israeli computer  crime bill is more  comprehensive then
          the America bill.  By creating a law which will apply not only to
          government computers, but  also to those of  "business, industry,
          agriculture, health  services  or  for  scientific  purposes,"108

          the  law  essentially  covers all  computers  in  the country.109
          By creating such broad coverage, the law will be able to make the
          users of computers in Israel  more secure in their knowledge that
          their systems are safe.                 B.   Analysis
               The Israeli computer  crime bill is more  comprehensive then
          the America bill.  By creating a law which will apply not only to
          government computers, but  also to those of  "business, industry,
          agriculture,  health  services  or  for scientific  purposes,"110
          the  law  essentially  covers all  computers  in  the country.111
          By creating such broad coverage, the law will be able to make the
          users of computers in Israel  more secure in their knowledge that
          their systems are safe.
               The  most controversial provision in the act is the proposal
          requiring  that individuals that may  know of computer crime must
          report the  crime or  face fines themself.   As  Levenfeld points
          out112,  this  will  mean  that  employers  will have  to  impose
          internal  spy rings  to be  able  to tract  down the  "reasonable
          suspicions" that  individuals have  concerning illegal  activity.
          Shalgi, however, believes  that this is a good  provision in that
          it will allow  computer crime to  come more  to the forefront  so
          that the crime can be more easily combatted.113
               This provision is necessary for the government to understand
          exactly how  large of a problem  computer crime is.   At present,
          statistics on computer  crime are difficult to  determine because
          of the  lack of reporting.114   By  making all persons  who would
          be responsible for  computer security, i.e.  all persons who  use
          computer systems, the  problem will be brought into  the open and
          can be addressed.
               The  proposed law  also sets  out  a defense  for those  who
          violate the  law.  Under   11, if a  person who violates  the law
          makes another know that he did disrupt or alter the data, he will
          not be convicted of the crime. This will allow  those who perform
          such acts to avoid  the punishment of  the law.  Individuals  who
          wish to destroy or alter  such information will have an incentive
          to bring forth their mischievous acts so that when brought before
          the  court they  could say  that  they took  precautions so  that
          individuals would  not rely on  the information.   This provision
          will encourage those who do  such activity to come  forth without
          fear of conviction.
               The ability  of a  court to  not impose  a  punishment on  a
          person  is contained  in section  12.115   This allows  the court
          to abstain from  punishment if the offense  is not grave and  was
          not committed with  malice.  This section, in  effect, will allow
          those who commit computer crime to be able to forgo punishment if
          their acts  were not serious.   This will be  beneficial to those
          who  are  hackers in  the  original  sense  of the  word,116  yet
          still allow for punishment of those individuals who enter systems
          to do harm to it.
               The law  also creates  standards for how  a computer  may be
          seized.  Neither  a computer, nor any  part of it, may  be seized
          without a  court order.117   Although  this seems  to  be a  good
          provision in  its effects  on individual  rights118, the  section
          is not focused  enough.  The  law does not  address the issue  of
          whether  a floppy,  as  opposed to  a  hard disk,  is  part of  a

          computer.  The hard disk  is located inside of a  computer, while
          floppy  disks may be removed from the  computer.  This law should
          address this issue by stating that the floppy disk is also a part
          of a computer in its definitions.119
               This section also does not address what standard may be used
          for the  court order.   Must the officer  only have a  reasonable
          suspicion or  probable cause to  seize the computer?   By stating
          explicitly  in the  statute that the  officer must  have probable
          cause to seize the  computer, an overzealous police officer  will
          not be able to as easily seize the computer.
               C.   The Great Britain Computer Misuse Act
               In response  to computer  program concerning  AIDS that  was
          distributed to doctors in Great Britain and Europe that contained
          a  virus,120  Michael   Colvin,  a  British  MP   introduced  the
          Computer  Misuse  Bill.121   On  August  29, 1990,  the  Computer
          Misuse  Act122  came  into  effect.123    It was  estimated  that
          the losses to  British industry and  government were one  billion
          pounds.124     This  Act   is  designed  to   not  to   create  a
          confidential information  right, but  to rather  protect computer
          system integrity125.
               Prior to enactment,  the English Law Commission  studied the
          problem and laws  regarding computer crime. It stated  that there
          should be three new offenses  to deal with computer misuse:   (1)
          Unauthorized access  to a  computer, (2)  Hacking with  intent to
          commit  a serious crime,  and (3)  Intentional destruction  of or
          alteration  to  computer  programs  or  data.126    The  Computer
          Misuse Act states that  unauthorized access occurs if the  person
          is unauthorized to access the computer, he causes the computer to
          perform any function with intent to  gain access to a program  or
          data  in the  computer and  he knows  that this  is the  case.127
          He does not have to be directed to any particular program or data
          in the computer  he attempted to get on or the data or program he
          wishes to  access.128   If a  person commits  unauthorized access
          with   the  intent  to  commit129  or  help  another  offense,130
          the  person can  be sentenced  on summary  conviction, up  to six
          months  in  prison  and  a   fine,131    or  if  convicted  after
          indictment,  to imprisonment  of  up  to five  years,  a fine  or
               If a  person modifies  computer material,133  the person  is
          subject  to  a  fine of  up  to  5 years,  an  unlimited  fine or
          both.134   The  person must  knowingly modify  a  program without
          authorization and must have done so with the intent to impair the
          operation of the computer, to prevent or hinder access, or impair
          the  operation  of  the  program  or  resulting  data.135     The
          modification does  not have to  be permanent.136   A modification
          may be done by  either altering, erasing or adding onto a program
          or data.   By stating  modification broadly, the act  attempts to
          combat  the  placing  of  viruses,   worms  and  logic  bombs  on
               The Act  also  extends  the scope  of  jurisdiction.138    A
          person does  not have  to actually  be in  Great  Britain at  the
          commission  of  the crime.    The  crime  itself must  have  some
          relation   to   Great    Britain.139      The   link    must   be

               D.   Analysis
               As opposed to  the other statutes,  the Computer Misuse  Act
          does not  attempt to define computer.   This was done  because of
          the fear that any definition given for a  computer may become out
          of date  in a  short period  of time.141   Program  and data  are
          also not defined within the Act.
               Great  Britain's courts are granted large jurisdiction.  The
          act allows for anyone who attempt to commit a crime under the act
          to be punished in  Great Britain.  The act, although  setting out
          that  the  link  must  be significant,142  does  not  attempt  to
          define this word.   By this omission, the  Great Britain's courts
          can expand this  to any act that occurs in a foreign country that
          uses  a British computer  for even a  short period of  time.  The
          defining of the word would  clear up some misconceptions that may
          result from the act.
               Of interest  to note, the Act would  not punish a person who
          distributes disks  tat contain  viruses  on them.   Although  the
          drafter of the  bill said that this was his goal, the law ignores
          this possibility.  An amendment should  be added to the law which
          will punish those who damage data even  if they do not access the
               E.   Ghana
               In response to the belief  that their existing laws were not
          adequate,  a draft  law  was  proposed by  the  Ghana Law  Reform
          Commission.143   The  bill is  rather  simple as  opposed to  the
          other laws.   It has definitions  for access, computer,  computer
          network,  computer program  and  data.144    To  commit  computer
          related  fraud, the  person must  have an  intent to  defraud and
          either alters, damages destroys data or program stored in or used
          by the computer or obtains information to his own advantage or to
          the  disadvantage  of another  or  uses  a  computer commits  and
          offense.145    The  Act  Also  sets  out  alternatives  for  some
          sections that  may be adopted.   The alternative states  that any
          person  who obtains  access to  a  computer program  or data  and
          attempts to erase  or alter  the program or  data with intent  to
          help his  own interests or damage other person's interest commits
          a crime.146
               Damaging computer data occurs  if any person, by  any means,
          without  authority, willfully  does  damage  to  data  commits  a
          crime.147    The crime  of  unauthorized  use  of a  computer  is
          simply  defined as anyone who knowingly without authority commits
          an  offence.148   Similarly, unauthorized  access  is anyone  who
          knowingly gains access  to a computer, network or  any part there
          of, without authority to  do so.149   The Ghana law also  creates
          a crime for the  knowingly and dishonestly introduction of  false
          data  and the  omission to  introduce, record  or store  data.150
          An  authorized  person  who  willfully  or  intentionally  allows
          information to get  into the hands of an  unauthorized person and
          that person uses the information  to his advantage also commits a
               The penalties  for the  crimes are similar  to those  of the
          Great Britain  law.152  On  summary convictions, a jail  term may
          be given of  up to  two years  or the statutory  maximum fine  or
          both.153   On  conviction  on  indictment, a  prison  term of  no

          more  then  ten  years  or an  unlimited  fine,  or  both may  be
               The  jurisdiction that the Ghana courts  have in accord with
          this  jurisdiction is as  large as their  British counterpart.155
          The courts can hear  any case if the accused person  was in Ghana
          at the time  of the act.156   Also,  if the program  or data  was
          stored in or  used with a computer  or computer network  in Ghana
          the person may be tried under the law.157
               F.   Analysis
               The Ghana proposed Computer Crime  Law is in accord with the
          United States, Great  Britain and the proposed Israeli  laws.  By
          setting  out  definitions  for  the  various  terms  used in  the
          law158,  the law  clearly defines  which acts  may be  subject to
          prosecution  under the  law.   Although  simple, the  definitions
          attempt to capture  within the law's grasp  the various different
          acts which could be done with a computer that should be outlawed.
               The most  original section  of  the act  concerns the  newly
          created  crime  of   omission  to  introduce,  record   or  store
          data.159   This  section, however,  will end  up punishing  those
          who work in corporations that are at the lowest level skill-wise.
          The government should, if the  law is enacted, force companies to
          give each employee a sufficient  amount of training on a computer
          so that the  person will be  able to act  in accordance with  the
          law.   The act does provide a safeguard by making the mens rea of
          the crime "negligently or dishonestly"160
               The act also sets out  a crime for an individual who  allows
          information  to get  into the  hands of  another.161   As opposed
          to the other laws, this  section specifically address the problem
          of  where  an  authorized  individual  gives  information  to  an
          outsider.  By  specifically regulating this behavior,  anyone who
          wishes to act according will know that the act is illegal.
               The   crime   of    computer-related   fraud   is    defined
          broadly.162    This  law  effectively makes  any  type  of  fraud
          committed either with a computer or information within a computer
          a crime.   The law  adequately addresses the problems  that might
          occur with a computer in fraud.  A broad definition, however, may
          still let some act seem as though they are not covered  since the
          act is not specific in the area of what constitutes a crime.
               Most significantly,  the act does  not state which  types of
          computers are covered  by the act.163   By not giving a  limit on
          which computers are  covered, the act extends its jurisdiction to
          all  "computer"164  and  "computer  network"165 in  the  country.
          If the  definition of  computer changes, due  in part  to advance
          technology, the law may have to change this section.
          V.   Proposed Solutions
               Computer Crime laws  have come a long way  in addressing the
          problem  of  computer  crime.166   The  ability  to regulate  the
          activity will  decrease the amount  of crime  that is  committed.
          Those who use the computers of the world, however, must  not rely
          totally   on  there   respective  governments   to   combat  this
               The best way to combat computer crime is to not let it occur
          at  all.   Many  computer  systems  have  not been  given  enough
          security by  their system  managers.168  It  is possible  to have

          a totally  secure computer system169,  but it is  impractical and
          slows the  free flow  of information.170   By creating  laws that
          will  protect  the  integrity  of  computer  systems  while  also
          allowing for the ability of our best and brightest to develop and
          learn about computer systems will the nation be able to  keep our
          technological lead in the world.
               In order to combat the problem of unauthorized access, users
          of computer systems must be taught to respect each others privacy
          within the various  systems.  Creating an standard  of ethics for
          those who are  users of computers will  be the best way  since it
          will hold the users to standards that must be met.  Although some
          organizations have attempted to promogate standards regarding the
          ethical   use  of  computer   systems171  no  one   standard  has
          emerged.   Proposed rules  of ethics should  balance the  need of
          individuals to  be able to  learn and discover about  the various
          types of  computer systems, while  at the same time  allowing for
          those  who use those systems  to be secure  in the knowledge that
          the information stored  on the computer will not be read by those
          other then person who should have access to it.
               If  computer crime  laws are  enacted,  industries that  use
          computers should not use the new laws as a  replacement for using
          adequate  security  measures.172    Individuals  or  corporations
          that use computer  have several ways  to protect themselves  from
          unauthorized access.  If the computer can be accessed by a modem,
          the computer  can have a  dial back  feature placed on  the phone
          line so that one a  computer is accessed, the computer will  then
          call back to make sure that the call  is coming from a line which
          is  supposed  to access  the  computer.173    The proper  use  of
          passwords174 are also  an effective  way to  address the  problem
          of unauthorized access. A recent study  has shown that out of 100
          passwords  files, approximately 30 percent were guessed by either
          using the  account name  or a  variation of  it.175    A  program
          has recently been developed that will not allow a user to  select
          an  obvious password.176   Encryption  programs,  similar to  the
          program used on Unix operating system, can scramble a password in
          a non reversible  manner so that if the  encrypted password falls
          into the hands of an individual who is not supposed to access the
          system, the  person will  not  be able  to get  into the  system.
          These systems can also be used so that if a hacker does  get into
          a   computer  system  and   attempts  to  get   information,  the
          information will not be readable.177
               A    problem  that must  be  address  is  the  lack of  laws
          concerning copyright protection of  computer programs in  foreign
          countries.    The  Pakistan Brain178  was  written  to discourage
          copying of a program without authorization.  By creating pirating
          penalties a reason  for the creation of computer  viruses will be
          removed and less viruses will be created.179
               Many in the field argue that computer programs should not be
          copyrighted.180    Copyright protection  should  not  be afforded
          to   computer   programs   since  they   are   only  mathematical
          equations.181   Copyright  protection  should  be  given  to  the
          maker  of  a computer  programmer  only  for  a short  period  of
               A novel concept which will both satisfy the computer hackers

          quest  for  knowledge  through  examining  computer  systems  and
          protect the integrity of computer systems is to create a computer
          systems for  the use  of hackers alone.183   This  computer would
          not be connected  to other computer systems, but  can be accessed
          through  a modem.184   If  created,  accounts would  be given  to
          all  interested computer  enthusiasts.  Those  participating will
          not  be  prosecuted  for  exploring  unauthorized  areas  of  the
          system.185     Since   other  computer   systems   will  not   be
          accessible through  this system, any activity on this system will
          not endanger  the information on  other systems.186   By allowing
          this to be done, a major problem will be solved, the inability to
          afford to  buy a mainframe system,  while a person  will still be
          able to learn about different types of systems.
               If any  laws are to  be made, they should  make "knowing"187
          or  "intentionally"188   unauthorized access  into  a computer  a
          crime.   By making  the intent of  the crime be  knowing, it will
          allow those who accidently connect to a computer system that they
          think is theirs but is not to be excused from punishment.
               The law must also be done in a way that will allow it to  be
          enforced  across  national  boundaries.   A  computer  hacker can
          access  computers from across the world  without ever leaving his
          home  country.189   If these  laws  can only  be enforced  within
          the home country, then a person can, in theory, go into a country
          of whose computers that  he would never want to access and access
          into other computers without fear of punishment.190
               An international  convention should  be convened  to address
          this problem.  Since the  problem is of international concern and
          the crimes do occur across  the boarders of countries, by setting
          standards by the international  community concerning the  conduct
          of computer users, the hodgepodge  of computer crime laws will be
          eradicated in favor  of a common international standard.   As the
          boundaries in Western  Europe disappear in anticipation  of 1992,
          international access is sure to accelerate.
               Colleges,  Universities  and  high  schools  must  institute
          programs  designed to address  proper computer use.191   Although
          not all  computer users are  not trained in school,  teaching the
          ethical use of computers will  allow users to understand the need
          for security  on systems.   These programs  will also  show users
          that  computer  crime  is  dangerous  to  society.192    Problems
          concerning computer  crime  should be  publicized  so as  not  to
          mystify the crime.193
               The  United  States  and other  countries  must  create more
          Computer  Emergency Response Teams  (CERT).   These teams  are to
          coordinate   community   responses   to   emergency   situations,
          coordinate responsibility for fixing hole in computer systems and
          serve  as a  focal  point  for  discussions  concerning  computer
          systems.194    These  groups regularly  post  notices  concerning
          computer  viruses or  other  dangers  in  the  Internet  computer
          system.  The scope of these groups should be expanded so they may
          be  a  focal point  of the  needs  and desires  of those  who use
          computers.  If  they are used to gather information as a clearing
          house  type  operation,  the  spread  of  information  concerning
          computer  systems  and problems  with  the systems  will  be more
          adequately addressed.

          IV.  Conclusion
               Computer crime is a growing problem.  With the advent of the
          computer and a more computer literate public, crimes committed by
          computers will  increase.   To effectively  address the  problem,
          laws  must be  created to  outlaw activity  which is  designed to
          further illegitimate  ends.  These  laws have moved in  the right
          direction concerning what should be  outlaws so as to balance the
          needs of computer users against those of the computer owners.  To
          enforce these  laws, governments must realize that the problem of
          computer crime is not only of local concern.
               Educational programs and standards of ethics must be created
          from within the computer users community.  Corporations which use
          computers  must educate their  employees to reduce  the fear that
          one  might  have  when  addressing  a  computer  security  issue.
          Copyright laws must  be strengthened in countries  that either do
          not have  or have weak copyright laws so  that the need to create
          viruses to protect an individual's or corporation's work will  no
          longer be necessary.
               To  satisfy users  curiosity  with  computers, a  non-secure
          computer system should be created.   This system will allow those
          who wish  to explore a  system in order to  understand the system
          may.    Those   individuals  can  do  so  without   the  fear  of
               Only by directly addressing the causes of computer crime and
          drafting standards and  laws to address the unique  area will the
          problem of computer crime be adequately addressed.  Light must be
          shined on  the area so individuals will  realize that fear of the
          machines  is not justified.   Only by  doing so may  we enter the
          21st century realizing the full potential of computers.

                                      Appendix A
          Ghana Computer Crime Law (Proposed)
          Computer Crime Law
          Computer Crime Law
          In  pursuance   of  the  Provisional   National  Defense  Council
          (Establishment) Proclamation 1981, this Law is hereby made:
          1.   Any person who, with intent to defraud,
               (a)  alters, damages, destroys or otherwise manipulates data
          or program stored in or used in connection with a computer, or
               (b)  obtains  by any means, information stored in a computer
          and uses it to his advantage or to another  person's advantage to
          the disadvantage of any other person, or
               (c)  uses a computer
          commits an offense.
          Charge:   Computer-related fraud.
               (1)  A  person commits  an offense  if  that person  obtains
                    access to a computer program or data, whether stored in
                    or used in connection with a  computer or to a part  of
                    such program  or data to  erase or otherwise  alter the
                    program or data with the intention-
                    1.   (a)  of procuring  an  advantage  for  himself  or
                         another person: or
                         (b)  of damaging another person's interests.

          2.   Any  person who, by  any means, without  authority, wilfully
               destroys, damages,  injures, alters  or renders  ineffective
               data stored in or used in connection with a computer commits
               an offense.
          Charge:   Damaging Computer data.

          3.   Any person who, without authority, knowingly uses a computer
               commits and offense.
          Charge:   Unauthorized use of a computer.

          4.   Any person who, without authority, knowingly gains access to
               a computer, computer network, or any part thereof commits an
          Charge:   Unauthorized access to a computer.

          5.   Any  person  who,   knowingly  and  dishonestly  introduces,
               records  or  stores, or  causes  to be  recorded,  stored or
               introduced into a computer or computer network by any means,
               false or misleading information as data commits an offense.
          Charge:   Insertion of false information as data.

               (5)  A person commits an offense if, not having authority to
                    obtain  access to a  computer program or  data, whether
                    stored in or used in  connection with a computer, or to
                    a  part  of such  program  or  data,  he  obtains  such
                    unauthorized  access   and  damages   another  person's
                    interests by recklessly adding to, erasing or otherwise
                    altering the program or the data.

          6.   Any person under  a contractual or other  duty to introduce,
               record or store authorised data into a computer network, who
               negligently  or dishonestly  fails to  introduce, record  or
               store, commits an offense.
          Charge:   Omission to introduce, record or store data.

               (6)  Any  person  under  a  contractual  or  other  duty  to
                    introduce,  record or  store data  into  a computer  or
                    computer network  who negligently or  dishonestly fails
                    to introduce, record or store, commits an offense.

          7.   Any  authorised person who willfully or intentionally allows
               information  from a  computer to  get into  the hands  of an
               unauthorised  person   who  uses  such  information  to  his
               advantage commits an offense.
          Charge:   Allowing unauthorised person to use computer data.

          8.   A  person guilty  of  an  offense under  this  Law shall  be
               (a)  on summary conviction,  to imprisonment for a  term not
                    exceeding  two years  or to  a  fine not  exceeding the
                    statutory maximum or both; or
               (b)  on conviction on indictment, to imprisonment for a term
                    not  exceeding ten years  or to  an unlimited  fine, or

          9.   A  court in  Ghana  shall  have  jurisdiction  to  entertain
               proceedings for  an offense under  this Law, if at  the time
               the offense was committed:-
               (a)  the accused was in Ghana; or
               (b)  the program  or  the  data in  relation  to  which  the
                    offence  was committed  was stored  in or  used with  a
                                                           or  used with
                    computer or computer network in Ghana.
                                computer network in Ghana.

          10.  In this Law, unless the context otherwise requires:-
               "access"  includes  to  log unto,  instruct,  store  data or
               programs  in, retrieve data  or programs from,  or otherwise
               communicate  with a  computer, or  gain  access to  (whether
               directly or with the aid of any device) any data or program.
               "computer"   includes  any   device  which  is   capable  of
               performing logical,  arithmetical, classifactory,  mnemonic,
               storage  or  other  like  functions  by  means  of  optical,
               electronic or magnetic signals.
               "Computer network"  includes the  interconnection of  two or
               more computers, whether geographically separated or in close
               proximity or  the interconnection  of communication  systems
               with a computer through terminals, whether remote or local.
               "Computer program" includes  an instruction or statement  or
               series  of instructions or  statements capable of  causing a
               computer to indicate, perform, or achieve any function.
               "data"  includes  a  representation   in  any  form  whether
               tangible or intangible that is capable of being stored in or
               retrieved by a computer.

          1.   Financial Times Limited (London) April, 1990.

          2.   See, infra, endnote 36 and accompanying text.

          3.   Stoll, The Cuckoo's Egg (1990).  [hereinafter Stoll].
                      The Cuckoo's Egg

          4.   Lyons, 13 Are  Charged in Theft of Data  from Computers, New

          York Times, August 17, 1990, B2, col. 3.

          5.   Although   there  is  no   set  definition  of   a  computer

          publication,  it is created  and published solely  on a computer.

          Peretti,  Computer Publications  and the  First Amendment  (1990)

          (available  at Princeton  University FTP  site  and The  American

          University Journal of International Law and Policy Office).

          6.   Dorothy  Denning,  The   United  States  v.   Craig  Neidorf

          (available  at The American  University Journal  of International

          Law and Policy office).

          7.   Schares,  A  German  Hackers'  Club that  Promotes  Creative

          Chaos, Business Week, Aug. 1, 1988, 71.

          8.   Barlow, Crime and  Puzzlement: In advance of the  Law on the

          Electronic Frontier, Whole Earth Review, Sept. 22, 1990, 44.

          9.   Kopetman, Computer  Gave Them  Bum Rap,  Los Angeles  Times,
                                                        Los Angeles  Times

          Jan. 10, 1991, at B1, col. 2.

          10.  See, J. Thomas McEwen, Dedicated Computer Crime Units (19--)

          (stating how  important computers  have become  to society).   In

          1978 there were 5,000 desktop computers in the United States.  S.

          Rep. No.  432, 99th  Cong., 2d Sess.  2, reprinted in,  1986 U.S.
                                                   reprinted in

          Code Cong. &  Admin. News 2479, 2479.   By 1986, this  number had

          increased to about 5 million.  Id.

          11.  See, S. 2476, Floor Statement by Senator Patrick Leahy.

          12.   See,  Stoll  at  ___ (stating  that  all countries,  except

          Albania, are connected via computer systems).

          13.   McEwen, Dedicated Computer  Crime Units 1 (19--).   Another

          definition used  is  the definition  of computer  crime was  "any

          illegal  act  for  which  knowledge  of  computer  technology  is

          essential for successful investigation and prosecution".  Parker,

          Computer Crime:  Criminal Justice Resource Manual, (1989).

          14.  Conly,  Organizing  for  Computer  Crime  Investigation  and

          Prosecution, 6-7 (19--).

          15.  For instance,  the estimated  cost of  the Internet Worm,  a

          computer program created  by Robert Morris,  Jr. which shut  down

          the  Internet  computer  system, varies  from  $97,000,000  (John

          McAfee,  Chairman,  Computer   Virus  Industry  Association)   to

          $100,000  (Clifford Stoll's low  bound estimate).   Commitment to

          Security, 34  (1989).  It  is difficult to determine  exactly the

          cost  of such  crime because  it is  difficult to  determine what

          should be included.  The estimated downtime of a  computer due to

          such activity  could be used to determine the  cost.  This may be

          flawed, however, since it will not take into account how  much of

          the down  time actually  would have been  used.   Electronic Mail

          Letter from Richard  Stallman to Brian J. Peretti  (Dec. 3, 1990)

          (concerning computer crime).

          16.  Commitment   to  Security,   34.    The   average  facility,

          consisting  of  1,224  microcomputers,  96  minicomputers and  10

          mainframe  computers, lost $109,000,  365 personnel hours  and 26

          hours computer time loss per year. Id.

          17.  Id. at 23. 6 percent of  incidents resulted in prosecutions.


          18.  Id.

          19.    Only 1.5 percent of  respondents to a National  Center for

          Computer Crime Data used Anti-virus  products in 1985.   By  1988

          this figure  rose to  22 percent.   By  1991, 53  percent of  the

          respondents stated that  they would be using  anti-virus software

          by  1991.   According  to  a  Price  Waterhouse survey  in  Great

          Britain,  in 1985  26  percent  installations  spent  nothing  on

          security.   Authers,  Crime  as  a  Business  Risk-  Security/  A
                                Crime  as  a  Business  Risk-  Security/  A

          Management  as Well  as  a  Technical  Problem,  Financial  Times
          Management  as Well  as  a  Technical  Problem

          (London), November 7, 1990.  By 1990 this figure had shrunk  to 4

          percent and is  expected to decline to 0 by 1995. Id.  The amount

          spent on security for new systems has increased from 5 percent in

          1985 to 9 percent by 1990. Id.

               In Japan, less  than 10 percent of groups  that rely heavily

          on  computers have  taken  measures  to  prevent  virus  attacks.

          Computer  Users Fail to Protected Against Viruses. Although Japan
          Computer  Users Fail to Protected Against Viruses.

          does not  have a computer crime law, there  is a movement to make

          such a law.   Computer Body Calls for Jail Sentences for Hackers,
                        Computer Body Calls for Jail Sentences for Hackers

          Kyodo News  Service,  Nov. 15,  1990  (available from  the  Nexis

          library).     The   Japan   Information  Processing   Development

          Association has  stated that  the new law  should make  the crime

          punishable of either one year of hard labor or a fine. Id.

          20.  The terms was first applied in 1984. Commitment to Security,

          34 (1989).

          21.  Ring, Computer Viruses; Once Revered as Hackers, Technopaths

          Threaten  Security of  Computer-Dependant Society,  Computergram,

          July 7,  1989.  Some of  these viruses are  extremely small, e.g.

          Tiny, which is 163 bytes, may be the smallest.  Friday 13th Virus

          Alert, The Times (London), July 12, 1990.

          22.  Graggs, Foreign  Virus Strains  Emerge as  Latest Threat  to
                       Foreign  Virus Strains  Emerge as  Latest Threat  to

          U.S. PCs,  Infoworld, Feb.  4, 1991, 18.   Viruses  have appeared
          U.S. PCs

          from Bulgaria, Germany, Australia, China and Taiwan. Id. Some new

          viruses  include Armageddon,  from Greece  which  attacks through

          modems and then dials to a talking clock in  Crete, Liberty, from

          Indonesia,  Bulgaria 50,  which is  thought to  have come  from a

          "laboratory"  in Sofia,  Victor,  thought  to  originate  in  the

          U.S.S.R., the Joker,  from Poland, which tells the  user that the

          computer needs a  hamburger, and Saturday  the 14th, presumed  to

          have been developed in South Africa,  which destroys a computer's

          file allocation table. Id.

               Some viruses also  carry a message when  they are activated.

          A  virus that is  though to  have been  developed by  students at

          Wellington, New  Zealand,  tells the  user  that they  have  been

          "stoned" and requests that marijuana should be legalized.  Id.

               Approximately 80  or 90 of  the 300 viruses counted  for the

          IBM  personal computer originated in Bulgaria according to Morton

          Swimmer of Germany's Hamburg University Virus Test Center.

          23.  A report in  La Liberation, a French  newspaper, stated that
                            La Liberation

          computer viruses  could be planted  in French EXOCET  missiles to

          misguide  them  when  fired.    La  Liberation,  Jan.  10,  1991,

          reprinted in  Klaus Brunnstein,  Risks-Forum, vol.  10, iss.  78,
          reprinted in

          Jan. 22  1991 (available at American Journal of International Law

          and Policy Office).

          24.  A  "trojan horse"  is a  program that  does not  seem to  be

          infected, however,  when used  in a computer,  the virus  is then

          transferred  the uninfected machine.   On trojan  horse destroyed

          168,000 files in Texas.  Commitment to Security, 34 (1989).

          25.  Ring, Computer Viruses; Once Revered as Hackers, Technopaths
                     Computer Viruses; Once Revered as Hackers, Technopaths

          Threaten  Security of  Computer-Dependent Society,  ComputerGram,
          Threaten  Security of  Computer-Dependent Society

          July 7, 1989.

          26.  Highland, One Wild  Computer "Worm" Really Isn't  a  Federal
                         One Wild  Computer "Worm" Really Isn't  a  Federal

          Case, Newsday, Jan. 23, 1990, 51.

          27.  Stoll, at 346.   The amount of computers  that were actually

          infected by the worm  is still the subject of debate.   Mr. Stoll

          estimates that  2,000 computers  where infected,  while the  most

          commonly  cited  number is  6,000.   Commitment  to  Security, 34

          (1989).    The 6,000  estimate  was  based  on  an  Massachusetts

          Institute of Technology estimate that 10 percent of the  machines

          at the school  were infected and was  then inferred to  the total

          number  of  machines  across  the  country  that  were  affected.

          General Accounting  Office, Computer  Security: Virus  Highlights

          Need for Improved  Internet Management, 17  (1989).  This  number

          may be inaccurate  because not all locations had  the same amount

          of vulnerable machines. Id.

          28.       For the  first  eight months  of  1988, there  were 800

          incidents  concerning computer  viruses. Commitment  to Security,

          34.  The Computer  Virus Industry  Association  reported that  96

          percent of  these reported infections were incorrectly identified

          as viruses. Id.

          29.   Robinson, Virus Protection  for Network Users,   Washington

          Post, Washington Business, p.44, Feb. 11, 1991.

          30.  Ross,  Hacking   Away  at  the   Counterculture,  3   (1990)

          (available at the  American University  Journal of  International

          Law  and Policy).  On Saturday Night Live, during the news update

          segment, Dennis Miller stated, in comparing a computer viruses to

          the   AIDS  virus,  "Remember,  when  you  connect  with  another

          computer, you're connecting  to every computer that  computer has

          ever been connected to."  Id.

          31.  Id. at 8-9.

          32.  Computer Virus Legislation, Hearing on  H.R. 55 and H.R. 287

          before the Subcomm. on Criminal Justice of the House Comm. on the

          Judiciary, 100th  Cong., 1st Sess.  49 (1989) (statement  of Marc

          Rotenberg,   Director,   Computer    Professionals   for   Social

          Responsibility).   In Israel,  Hebrew University used  a computer

          virus to  detect and  destroy a virus  that would  have destroyed

          data files. Id.

          33.  Computergram International, October 14, 1990.


          35.  Watts, Fears of Computer Virus Attack from East Europe grow,
                      Fears of Computer Virus Attack from East Europe grow

          The Independent, November 24, 1990, p.6.   On a trip to Bulgaria,

          a British computer consultant  returned with 100 viruses  that do

          not exist in the West. Id.

          36.  Id.

          37.  McGourty, When a Hacker Cracks the Code, The Daily Telegraph
                         When a Hacker Cracks the Code

          (London), October 22, 1990, p. 31.

          38.  The equipment would cost about 50 (British) pounds. Id.

          39.  Id.   A British company, has stated that they have developed

          a glass that  will reduce this problem.   Tieman, Spy-Proof Glass

          to Beat the Hackers, The (London) Times, Jan 17, 1991.

               A  more  recent  problem concerns  the  ability  of computer

          hackers to access into fax  machines and either change or reroute

          information from the machine. Becket, Espionage fears mounting as
                                                Espionage fears mounting as

          hackers tap into faxes, The Daily Telegraph (London), December 1,
          hackers tap into faxes

          1990,  p. 23.  This problem  can be  circumvented by  the  use of

          encryption devices or passwords on the machine.  Id.

          40.  Stoll  at 9.  The  word itself originally had  two meanings.

          People originally called themselves hackers were software wizards

          who thoroughly knew computer systems.  Id.  In U.S. v. Riggs, 739
                                                         U.S. v. Riggs

          F. Supp. 414, 423 (N.D. Ill.  1990) the court defined hackers  as

          "individuals involved  with the  unauthorized access  of computer

          systems by various  means."  The New Hacker's  Dictionary defines

          hackers  as  "A  person  who  enjoys  learning   the  details  of

          programming systems  and how  to stretch  their capabilities,  as

          opposed  to most  users  who  prefer to  learn  only the  minimum

          necessary."    New  Hacker's Dictionary, to  be published Spring,


               Hacker has also been used in a  non-evil sense with the word

          "cracker"  taking the  disreputable part  of the  word.   In this

          light,  hacker means "computer  enthusiasts who `take  delight in

          experimenting  with system  hardware, software  and communication

          systems."  and cracker  meaning  "a  hacker  who  specializes  in

          gaining illegal  access to a  system."  One Wild  Computer `Worm'
                                                  One Wild  Computer `Worm'

          Really Isn't  a Federal  Case, Newsday, January  23, 1990,  p.51.
          Really Isn't  a Federal  Case

          The typical hacker has been described  as "a juvenile with a home

          computer  who  uses  computerized bulletin  board  systems  for a

          variety  of illegal  purposes.   Conly,  Organizing for  Computer

          Crime Investigation and Prosecution, 8 (19--).

          41.   Sulski, How to Thwart  Potential Saboteur, Chicago Tribune,
                        How to Thwart  Potential Saboteur

          November 18, 1990, p.18.

          42.  Computerworld, December 3,  1990, p. 122. Kryptik,  a hacker

          group,  was  stated as  having  planned  to plant  a  virus  in a

          telephone  network on  December  5,  1990. Id.    It is  unclear,

          however, if the virus actually was planted. Id.

          43.  Sulski, How to  Thwart Potential Saboteur, Chicago  Tribune,
                       How to  Thwart Potential Saboteur

          November  18, 1990, p.18.   Computer security  experts state that

          the  risk of  having hacker break  into your system  is less than

          being burglarized or having a power outage due to lightning.  Id.

          Errant opinion poll  results have also been blamed on the work of

          hackers.    Holdsworth,   Hackers  May  Have  Attacked   TV  Poll
                                    Hackers  May  Have  Attacked   TV  Poll

          Computers-MP,  Press Association Newsfile, May 4, 1990.

          44.  Stoll, 312.

          45.  Id.  This  view is also shared  by the editors of  2600, The

          Hackers  Quarterly.   It is  also held  by  these persons  that a

          service  is done  to the  computing  community because  those who

          break in to computer systems show the operators that their system

          is not strong enough and that it should be made stronger.

          46.  Stoll, at 354.

          47.   Mr.  Stoll's computer  was broken  into by   an  Australian

          hacker who said he  did so to show that Mr.  Stoll's security was

          not  good and  that  hackers  are good  because  they show  where

          security problems are in computer  networks.  Id. at 353-54.   He

          rejected such arguments. Id.

          48.  Director, Computer Professionals for Social Responsibility

          49.  Computer Virus Legislation, Hearing  on H.R. 55 and H.R. 287

          before the Subcomm. on Criminal Justice of the House Comm. on the

          Judiciary, 100th Cong., 1st Sess. 26-27 (1989) (statement of Marc

          Rotenberg,   Director,   Computer    Professionals   for   Social

          Responsibility). The Aldus peace virus, which displayed a message

          calling  for  peace  and then  disappeared  without  damaging the

          system itself, is an example of a virus  which he believes should

          be protected.  Id.

          50.  Commitment to Security, 34.

          51.  Stoll, 349.

          52.  "I can never understand why people think it is  all right to

          run out of computer paper but not all right to be infected with a

          virus.  The  disruption is the same  and it takes about  the same

          amount of  time to  put matters  right."   Cane, Hygiene  See Off
                                                           Hygiene  See Off

          Computer  Viruses, Financial  Times  (London)  October 14,  1989,
          Computer  Viruses

          Section I, p. 24.

          53.  18 U.S.C. 1030 (1988).

          54.      Ala. Code    13A-8-100  et.seq. (1990); Alaska  Stat.
                   Ala. Code                               Alaska  Stat.

          11.46.200(a)(3), 11.46.484(a)(5), 11.46.740, 11.46.985, 11.46.990

          (1990);  Ariz. Rev. Stat. Ann.   13-2301(E), 13-2316 (1990); Cal.
                   Ariz. Rev. Stat. Ann.                               Cal.

          Penal Code    502 (West 1990); Colo. Rev.  Stat.   18-5.5-101 et.
          Penal Code                     Colo. Rev.  Stat.

          seq. (1990); Conn. Gen. Stat    53a-250 et. seq., 52-570b (1990);
                       Conn. Gen. Stat

          Del. Code  Ann. tit.  11,     931 et  seq. (1990);  Fla. Stat.
          Del. Code  Ann.                                     Fla. Stat.

          815.01 et seq.  (1990); Ga. Code  Ann.    16-9-90 et seq  (1990);
                                  Ga. Code  Ann.

          Haw. Rev. Stat.    708-890 et seq. (1990); Idaho Code    18-2201,
          Haw. Rev. Stat.                            Idaho Code

          2202  (1990); Ill.  Ann. Stat.     15-1,  16-9 (1990);  Ind. Code
                        Ill.  Ann. Stat                           Ind. Code

            35-43-1-4,  35-43-2-3  (1990);  Iowa Code      716A.1  et. seq.
                                            Iowa Code

          (1990); Kan.  Stat. Ann.   21-3755 (1990); Ky. Rev. Stat. Ann.
                  Kan.  Stat. Ann.                   Ky. Rev. Stat. Ann.

          434.840  et. seq. (1990);  La. Rev. Stat.  Ann. 14(D)     71.1 et
                                     La. Rev. Stat.  Ann

          seq.  (1990); Me.  Rev.  Stat.  Ann. chap.  15,  tit. 17-A,   357
                        Me.  Rev.  Stat.  Ann.

          (1990); Md.  Crim. Law  Code Ann. Article  27   45A,  146 (1990);
                  Md.  Crim. Law  Code Ann.

          Mass. Gen. L. ch 266,   30 (1990) see infra; Mich. Comp.  Laws
          Mass. Gen. L.                                Mich. Comp.  Laws

          28.529(1)  et seq. (1990);  Minn. Stat.   609.87  et seq. (1990);
                                      Minn. Stat.

          Miss. Code Ann.   97-45-1 et seq (1990); Mo. Rev. Stat.   569.093
          Miss. Code Ann.                          Mo. Rev. Stat.

          et  seq. (1990);  Mont. Code  Ann.    45-2-101, 45-6-310,45-6-311
                            Mont. Code  Ann.

          (1990); Neb. Rev. Stat. art. 13(p),   28-1343 et seq (1990); Nev.
                  Neb. Rev. Stat.                                      Nev.

          Rev.  Stat.    205.473  et  seq. (1990);  N.H.  Rev.  Stat.  Ann.
          Rev.  Stat.                               N.H.  Rev.  Stat.  Ann.

            638.16  et seq. (1990); N.J. Rev. Stat.   2C:20-1, 2C:20-23 et.
                                    N.J. Rev. Stat.

          seq., 2A:38A-1  et seq.  (1990); N.M. Stat.  Ann.     30-16A-1 et
                                           N.M. Stat.  Ann.

          seq. (1990); N.Y. Penal Law    155.00, 156.00 et seq, 165.15(10),
                       N.Y. Penal Law

          170.00,  175.00 (1990); N.C.  Gen. Stat.   14-453  et seq (1990);
                                  N.C.  Gen. Stat.

          N.D. Cent. Code 12.1-06.1.01(3),  12.1-06.1-08 (1990); Ohio  Rev.
          N.D. Cent. Code                                        Ohio  Rev.

          Code  Ann.    2901.01, 2913.01, 1913.04, 1913.81 (Anderson 1990);
          Code  Ann.

          Okla. Stat. tit.  21,    1951 et  seq. (1990); Or. Rev.  Stat.
          Okla. Stat                                     Or. Rev.  Stat.

          164.125, 164.377  (1990);   Pa.  Cons. Stat.   1933  (1990); R.I.
                                      Pa.  Cons. Stat.                 R.I.

          Gen. Laws    11-52-1 et seq (1990); S.C. Code Ann.    16-16-10 et
          Gen. Laws                           S.C. Code Ann.

          seq (Law. Co-op 1990); S.D. Codified Laws Ann.   43-43B-1 et seq.
                                 S.D. Codified Laws Ann.

          (1990);  Tenn. Code Ann.    39-3-1401 et  seq (1990);  Texas Code
                   Tenn. Code Ann.                               Texas Code

          Ann. tit 7   33.01 et seq. (Vernon 1990); 19   Utah Laws    76-6-
          Ann.                                           Utah Laws

          701 et  seq.; Va.  Code Ann.   18.2-152.1  et seq.  (1990); Wash.
                        Va.  Code Ann.                                Wash.

          Rev.  Code Ann.   9A.48.100, 9A.52.010, 9A.52.110 et seq. (1990);
          Rev.  Code Ann.

          Wis. Stat.   943.70 (1990); Wyo. Stat.   6-3-501 et seq. (1990).
          Wis. Stat.                  Wyo. Stat.

          55.   Parker, Computer Crime:   Criminal Justice Resource Manual,

          129 (1979).

          56.   McEwen, Dedicated Computer  Crime Units, 60 (1989).   These

          other laws include  embezzlement, larceny, fraud, wire  fraud and

          mail fraud.  Id. at 60.

          57.  Pub. L. No. 98-473,   2102(a), 98 Stat. 1837, 2190 (codified

          at 18 U.S.C.   1030).

          58.  S.  Rep.  No.  432,  99th  Cong., 2d  Sess.,  1986  U.S.  2,

          reprinted in, 1986 Cong. & Admin. News 2479, 2479.
          reprinted in

          59.  Pub. L. No. 99-474,   2, 100 Stat. 1213 (amending 18  U.S.C.


          60.  18 U.S.C.   1030(b).

          61.  18 U.S.C.   1030(a)(1).   The person  must act  knowingly to

          access a computer  either without authorization or  exceeding the

          authorization given  and obtain  information with  the intent  or

          reason  to believe that  the information  will either  injure the

          United  States of  American or  give  an advantage  to a  foreign

          nation.  As  seen by the placement  of this section, it  is clear

          that  the Congress was  particularity aware  of the  dangers that

          computer  might  have to  the  national  security of  the  United

          States.   This  section parallels  18  U.S.C.  793,  the  federal

          espionage statute.

          62.  1030(c)(1)(A).

          63.  1030(c)(1)(B).

          64.  As defined by the Fair  Credit Reporting Act, 15 U.S.C. 1681

          et seq.

          65.  1030(c)(2)(A).

          66.  1030(c)(2)(B).  The penalty is up to 10 years in prison.

          67.  18 U.S.C.   1030(a)(2).

          68.  18 U.S.C.   1030(c)(2)(B).

          69.  18 U.S.C.   1030(c)(2)(B).

          70.  The punishments that may be handed out are up to 5 years for

          the first offense and 10 years for any subsequent offense.

          71.  18 U.S.C.  1030(a)(5).

          72.  18 U.S.C.   1030(c)(3)(A).

          73.  18 U.S.C.   1030(c)(3)(B).

          74.  18 U.S.C.   1030(a)(6).

          75.  As defined by 18 U.S.C.   1029.

          76.  18 U.S.C.  1030(c)(2)(A).

          77.  18 U.S.C.   1030(c)(2)(B).

          78.  18 U.S.C.   1030(a)(6)(B).

          79.  18 U.S.C.   1030(a)(6)(B).

          80.  These computers  include computers used exclusively  for the

          United States government  or a  financial institution  or if  not

          exclusively by  the  government  one which  the  conduct  of  the

          computer affects the government's or the institution's operation,

          18  U.S.C. 1030(e)(2)(A),  the computer  is  one of  two or  more

          computers  that  commit  the  offense,  18  U.S.C. 1030(e)(2)(A).

          Financial  institution is  defined in  18  U.S.C. 1030(e)(4)  and

          includes  and institution  whose  deposits  are  insured  by  the

          Federal Deposit Insurance Corporation, 1030(e)(4)(A), the Federal

          Reserve or  one of  its  members, 1030(e)(4)(B),  a credit  union

          insured   by   the   National    Credit   Union   Administration,

          1030(e)(4)(C),   a  Federal   home  loan   bank   system  member,

          1030(e)(4)(D),  institutions under the  Farm Credit Act  of 1971,

          1030(e)(4)(F), a broker-dealer registered pursuant to   15 of the

          Securities Exchange Act  of 1934, 1030(e)(4)(F), or  a Securities

          Investor Protection Corporation, 1030(e)(4)(G).

          81.  S. Rep.  No. 432, 99th Cong., 2d Sess. 4, reprinted in, 1986
                                                         reprinted in

          U.S. Code Cong. & Admin. News 2479, 2481.

          82.  Note, Computer Crime and The Computer Fraud and Abuse Act of

          1986, X Computer/Law Journal 71, 79, (1990).

          83.  18 U.S.C.   1030 (e)(2) states:

               As used in this section-

               (2)  The term "Federal interest computer" means a computer-

                    (A)  exclusively for the use of a financial institution

          or the  United States Government, or,  in the case  of a computer

          not  exclusively  for  such  use,  used by  or  for  a  financial

          institution  or  the  United States  Government  and  the conduct

          constituting  the  offense  affects  the  use  of  the  financial

          institution's  operation or  the  Government's operation  of such

          computer; or

                    (B)  which is one  of two or more computer  used in the

          committing the  offense, not all of which are located in the same


          84.  "[T]here is  not statute  specifically addressing  viruses."

          135 Cong. Rec.  E2124 (daily ed. June  14, 1989) (letter of  Rep.
              Cong. Rec.  E2124

          Herger (quoting FBI Director William Sessions)).

          85.  H.R. 287 and H.R. 55.

          86.  "Existing  criminal statues are not specific on the question

          of  whether unauthorized  access is  a  crime where  no theft  or

          damage  occurs . .  ." 135 Cong.  Rec. E2124 (daily  ed. June 14,
                                     Cong.  Rec.

          1989)  (letter of  Rep.  Herger  (quoting  FBI  Director  William


          87.  Prosecution could occur under a trespass law.  It may not be

          applicable, however, since trespass is a property based crime and

          courts have not recognized information in the same manner as real


          88.  Note, Computer Crime and The Computer Fraud and Abuse Act of

          1986, X Computer/Law Journal 71, 80 (1990).

          89.  Id.

          90.  Shalgi,  Computer-ware: Protection and Evidence,  An Israeli
                        Computer-ware: Protection and Evidence,  An Israeli

          Draft  Bill,  IX  Computer/Law J.  299,  299  (1989) [hereinafter
          Draft  Bill       Computer/Law J.

          Shalgi].  This proposed bill has not progressed much since it was

          proposed and is at the stage prior to an official "bill".  Letter

          from Barry  Levenfeld  to Brian  J. Peretti  (December 13,  1990)

          (concerning  Israel's legislature  progress on  the comprehensive

          computer  law).     This  paper  will  use  the   Shalgi  English

          translation of the law.

          91.  Chapter 2 concerns Offenses and Accessing Computers, Chapter

          3, Damages, Chapter 4, Rights of Software Creators and Chapter 5,

          Evidence. Levenfeld, Israel Considers Comprehensive Computer Law,
                               Israel Considers Comprehensive Computer Law,

           Int'l Computer L Advisor 4 (March 1988).  The topics  covered in
           Int'l Computer L Advisor

          Chapters 2 through 5 are beyond the scope of this paper.


          93.  Shagli, at 311.

          94.  Chapter 2,   2, Shagli at 311.

          95.  Chapter 2,   3(a), Shagli at 311.   An employee is exempt if

          he commits this  act when  it was  due to a  strike concerning  a

          labor dispute. Chapter 2,  3(b), Shagli at 311.

          96.  Chapter 2,   4(a).

          97.  Chapter 2,   4(b), Shagli at 311.

          98.  As defined by Chapter 1,   1.

          99.  Chapter 2,   5, Shagli at 311.

          100. Chapter 2,   6, Shagli at 312.

          101. Chapter 2,   7, Shagli at 312.

          102. Chapter 2,   9, Shagli at 312.

          103. Id.

          104. Chapter 2,   10, Shagli at 312.

          105. By  not  stating that  this also  applies to  individuals or

          others (non-corporations) who  are attempting to supply  services

          to the public, some important services that may be offered to the

          public  may not  be  done.   Levenfeld,  8,  translates the  word

          corporation as entities which may solve the problem.

          106. Shalgi, 312.  Levenfeld, 5,  states that since this  section

          is  so broad  the only  possible areas that  are not  covered are

          personal and academic uses.

          107. Chapter 2,   14, Shagli at 313.

          108.  Section 5.

          109. Levenfeld,  4-5.   Perhaps the  only  computers not  covered

          would  be those used  for personal or  academic uses exclusively.

          Id. at 5.

          110.  Section 5.

          111. Levenfeld,  4-5.   Perhaps the  only  computers not  covered

          would be those  used for personal  or academic uses  exclusively.

          Id. at 5.

          112. Levenfeld at 4.

          113. Shalgi, 305.

          114. See,  Computers at Risk,  Safe Computing in  the Information

          Age, 36  (1991) (discussing the  need for a repository  to gather

          computer crime information).

          115. Chapter 2,   12, Shagli at 313.

          116. New Hacker's Dictionary.

          117. Chapter 2,    13, Shagli at 313.  The law states that if the

          owner of the computer is not given in his presence, the  order is

          only good for twenty-four hours.  Id.

          118. Shagli, at 304.   Under Israeli  law, an object that  may be

          proof of an  offense may be seized without a court order. Id. The

          law will bring the seizure of computers in accord with the United

          States Constitution's sixth Amendment.

          119. Chapter 1,   1, Shagli at 310.

          120. Alexander,  Suspect  Arrested  in   AIDS  Disk  Fraud  Case,
                           Suspect  Arrested  in   AIDS  Disk  Fraud  Case

          Computerworld, Feb. 5, 1990, 8.

          121.  Colvin,  Lock up the Keyboard  Criminal, Telecommunications

          PLC (England), June 1990.

          122. Computer Misuse Act, 1990, ch. 18.

          123.   In the five years prior to the  adoption of the Act, there

          were 270  cases of computer misuse  in Britain of  which only six

          were brought to court and only 3 resulting   convictions.  Fagan,

          Technology:  EC urged to  strengthen laws on  computer crime, The
          Technology:  EC urged to  strengthen laws on  computer crime

          Independent (London), February 13, 1990, p. 19.

          124. Id.

          125. Davies,  Cracking down on  the computer hackers,  Fin. Times
                        Cracking down on  the computer hackers

          (London), October 4, 1990.

          126. Law Commission No. 186, Cm 819.

          127. Computer Misuse Act, 1990, ch. 18,   1.

          128. The penalty for this type of behavior is up to six months in

          prison, 2000 pounds or both.

          129. Computer Misuse Act, 1990, ch. 18,   2(1)(a).

          130. Computer Misuse Act, 1990, ch. 18,   2(1)(b).

          131. Computer Misuse Act, 1990, ch. 18,   2(5)(a).

          132. Computer Misuse Act, 1990, ch. 18,   2(5)(b).

          133. Computer Misuse Act, 1990, ch. 18,   3(1).

          134. Computer Misuse Act, 1990, ch. 18,   3(7).

          135. Computer Misuse Act, 1990, ch. 18,   3(2).

          136. Computer Misuse Act, 1990, ch. 18,   3(5).

          137. Id.      Colvin,   Lock   up   the   Keyboard   Criminal   ,

          Telecommunications PLC (England), June 1990.

          138. Computer Misuse Act, 1990, ch. 18,   4.

          139. Computer Misuse Act, 1990, ch. 18,   4(1).

          140.  5(2) states that a significant link under  1 can be (a) the

          person was in  Great Britain at the  time in which he  caused the

          computer to act in a certain way or (b) the computer he attempted

          to  get access  to  was in  Great  Britain.  5(3)  states that  a

          significant link under  3  can be (a) that  the person was  Great

          Britain at  the time when he did the  act or (b) the modification

          took place in Great Britain.  However, this may not an exhaustive


          141. Davies,  Cracking down on  the computer hackers,  Fin. Times
                        Cracking down on  the computer hackers

          (London), October 4, 1990.

          142. Computer Misuse Act, 1990, ch. 18,   5.

          143. Although  proposed on February  14, 1989, the  proposed bill

          has not yet become law.

          144. Appendix A,   10.

          145. Appendix A,   1.

          146. Appendix A,   1, alternative.

          147. Appendix A,   2.

          148. Appendix A,   3.

          149. Appendix A,   4.

          150. Appendix A,   5.

          151. Appendix A,   7.

          152. The Ghana  Law Reform  Commission states  that they  created

          their proposed law  from the Scottish Law Commission  and the Law

          Reform  Commission of  Tasmania,  Australia reports  on  computer


          153. Appendix A,   9(a).

          154. Appendix A,   8(b).

          155. See, infra, endnote __ and accompanying text.

          156. Appendix A,   9(a).

          157. Appendix A,   9(b).

          158. Appendix A,   10.

          159. Appendix A,   6.

          160. Id.

          161. Appendix A,   7.

          162. Appendix A,   1.

          163. Appendix A,   10.

          164. Id.

          165. Id.

          166. The  first computer  crime  law  in  the United  States  was

          enacted in 1979.

          167. S. Rep. No. 432, 99th Cong.,  2d Sess. 3, reprinted in  1986
                                                         reprinted in

          U.S. Code Cong. & Admin. News 2479, 2481.

          168. By increasing  security, the ease  with which one  can enter

          the  system will become more difficult.   Some systems, believing

          that if  such unauthorized  access does  occur that  no sensitive

          information will be stolen, opt  to have less security then other

          systems.  In actuality, by one system not having enough security,

          the entire network can be put  at danger when a mischievous  user

          wishes to  break into a  users account which  may be  accessed by

          that system.    See  Stoll, 353-54 (stating an  Australian hacker

          broke  into  Mr.  Stoll's computer  account  because  a connected

          computer's system  manager did not wish  to have a high  level of


          169.    Stoll,  32.     Many  military  computers  and  sensitive

          scientific computers  operate in a  secure environment.   This is

          created by not allowing the computer system to have any telephone

          links to the outside world (i.e. outside of the building.

          170.  By having a secure system, information at the computer site

          can only be removed by a person walking into the computer center,

          copying the  information and then walking  out with it.   This is

          both burdensome  (it is much  easier to access the  computer from

          one's home or office) and cumbersome (since a person will have to

          walk around with reels  of data that will later be  put back into

          the system.

          171. Computer Virus Legislation, Hearing on H.R. 55 and  H.R. 287

          before the Subcomm. on Criminal Justice of the House Comm. on the

          Judiciary, 100th Cong., 1st Sess.  44, n. 27 (1989) (statement of

          Marc  Rotenberg,  Director,  Computer  Professionals  for  Social


          172.  Colvin,  Lock up the Keyboard  Criminal, Telecommunications
                         Lock up the Keyboard  Criminal

          PLC (England), June 1990, p.  38.  Michael Colvin, the  author of

          Great Britain's Computer  Misuse Act stated  that the passage  of

          the bill should not be looked  at that the computer owner  should

          not have security  measures on their computers. Id.  The bill, he

          states, was made  only to compliment,  not substitute, the  users

          security  measures.  Id. In  West  Germany, the  severity  of the

          punishment for hacking depends on the effort that was required to

          commit the offense.   Fagan, Technology:  EC urged to  Strengthen
                                       Technology:  EC urged to  Strengthen

          Laws on Computer Crime, The Independent, Feb. 13, 1990, 19.
          Laws on Computer Crime

          173.    McGourty,  When  a  hacker cracks  the  code,  The  Daily
                             When  a  hacker cracks  the  code

          Telegraph, October 22, 1990, p. 31.

          174.  A  Password is a word that  is either given to  the user by

          the  system  or selected  by  the  user  to prevent  others  from

          accessing his  computer  or account  within the  computer.   This

          words,  groups of  letters or  symbols  are supposed  to be  kept

          secret so as  to not let other  who are not authorized  to access

          the system have access to it.

          175. Donn  Seeley, A  Tour  of the  Worm, Department  of Computer

          Science,  University of  Utah, Nov.  1988,  reprinted in  General
                                                      reprinted in

          Accounting Office, Computer  Security: Virus Highlights  Need for

          Improved Internet Management, 20 (1989).

          176. Authers,  Armed with  a  secret weapon,  Financial  (London)

          Times, Feb. 5, 1991, Section I, 16.

          177.  Id.

          178. For  a discussion  of  this  virus,  see,  Branscomb,  Rogue
                                                    see               Rogue

          Computer  Programs and Computer Rogues:  Tailoring the Punishment
          Computer  Programs and Computer Rogues:  Tailoring the Punishment

          to  Fit the  Crime, 16  Rutgers Computer  &  Tech. L.J.  1, 14-16
          to  Fit the  Crime      _______________________________

          (1990) (discussing the applicability of state and federal  law to

          computer viruses).

          179.   Jim Thomas, publisher  of the Computer  Underground digest

          argues  that computer pirates actually buy more programs then the

          average computer program buyer.   Letter from Jim Thomas to Brian

          J. Peretti (  (discussing computer pirating of software)

          180. See, GNU Manifesto (available at American University Journal

          of International Law and Policy).   See also, Stallman, GNU EMACS
                                              See also,

          General  Public License, (Feb.  11, 1988) (available  at American

          University Journal of International Law and Policy).

          181. The GNU  Manifesto  (available at  the  American  University

          Journal of International Law and Policy).

          182. The  author proposes that such copyright protection last for

          only two years.   By granting the  creator such protection for  a

          short period of  time, he will be  able to  recover  the expenses

          that he put into the writing of the program.

               If   this  type of  protection   is  granted,  it should  be

          understood that the creator of the program has a copyright to the

          sourcecode of the  program for  that period.   If he updates  the

          program  after the  two year  period,  the updated  code will  be

          protected,  but  the  original  code  will  not  be  granted  the
          protection.   In this  manner, an author  cannot attempt  to give

          copyright  protection  to  a  program  after  the  copyright  has


          183. Electronic letter from  Brian J. Peretti to  Dorothy Denning

          (Nov. 13, 1990) (concerning computer crime).

          184. This will be a semi-secure system.

          185. The system, of  course, will have a system  manager who will

          create  the accounts  for the  users.   His account  will be  off

          limits  to those who wish  to use the system.   At the same time,

          individuals will  be  encouraged to  attempt  to break  into  the

          manager's  account and  tell  him how  it  was done  in  order to

          improve security for this and other systems.

          186. The problem  still exists  that information  learned through

          the  use of  this system may  allow those  who use the  system to

          break into other computer systems.  This problem can be corrected

          by having the  system manager and the  users communicate problems

          with the system so that they may be corrected on other systems.

          187. United States v. United States Gypsum Co., 438 U.S. 422, 425


          188. S. Rep. No.  432, 99th Cong., 2d Sess. 6,  reprinted in 1986
                                                          reprinted in
          U.S. Code Cong. & Admin. News 2479, 2484.

          189.  Stoll, The Cuckoo's Egg.

          190.  The countries which a person can go to could be any country

          in the  world, except  Albania, since they  are the  only country

          whose computers are not connected to outside computers.  Stoll.

          191. A school in Red Bank, New Jersey, has instituted a "computer

          responsibility training".  Weintraub, Teaching Computer Ethics in
                                                Teaching Computer Ethics in

          the Schools, The School Administrator 8, 9 (apr. 1986).
          the Schools, ________________________

          192. S.  Rep. No. 432, 99th Cong.,  2d Sess. 3, reprinted in 1986
                                                          reprinted in

          U.S. Code Cong. & Admin. News 2479, 2481.

          193. Electronic  Mail Letter  from  Rop  Gonggrijp  to  Brian  J.

          Peretti (Jan. 25, 1991) (concerning computer  viruses).  "We have

          to watch that  we keep telling people how  virusses work, because

          that  is the only solution to the  problem:  mystifying the whole

          thing ans just hunting down "computer  terrorists" is useless and

          (as proven in  the US and Germany) leads to  a questionable style

          of government in the field of information technology..." Id.

          194. General  Accounting   Office,  Computer  Security:     Virus

          Highlights Need for Improved Internet Management, 25 (1989).