All files are for educational and/or historic purposes only. [back to library]





            Note: This file was created by printing Word for Windows
            document files to an ASCII file, using a Generic/Plain Text
            printer driver.  Line breaks and some formatting
            characteristics weren't preserved very well in this
            conversion.

            The author can be reached at the following email address:

                                 [email protected]











                              FREE SPEECH IN CYBERSPACE                              FREE SPEECH IN CYBERSPACE                              FREE SPEECH IN CYBERSPACE


                     The First Amendment and the Computer Hacker                     The First Amendment and the Computer Hacker                     The First Amendment and the Computer Hacker
                                Controversies of 1990                                Controversies of 1990                                Controversies of 1990





                                         by                                         by                                         by

                                   ROBERT R. BERRY                                   ROBERT R. BERRY                                   ROBERT R. BERRY





            A Thesis submitted to the faculty of The University of North
                Carolina at Chapel Hill in partial fulfillment of the
             requirements for the degree of Master of Arts in the School
                        of Journalism and Mass Communication.

                                     Chapel Hill

                                        1991















                                                            Approved by:

                                                Cathy L. Packer, Advisor
                                                     Ruth Walden, Reader
                                                   John Semonche, Reader


























































                        Copyright (c) 1991 by Robert R. Berry





                                  Table of Contents



            Chapter 1. New Questions for a New Medium..................1
            Chapter 2. The Net........................................28
            Chapter 3. Hackerphobia...................................52
            Chapter 4. Operation Sun Devil............................79
            Chapter 5. Conclusions...................................115
            Bibliography.............................................128






                                     CHAPTER ONE:                                     CHAPTER ONE:                                     CHAPTER ONE:

                            New Questions for a New Medium                            New Questions for a New Medium                            New Questions for a New Medium

               Introduction               Introduction               Introduction

               In the spring of 1990, a 20-year-old student at the

            University of Missouri in Columbia was prosecuted in a

            federal court because of something he published.  The

            information he published was true, it was of public concern,

            and it had come to him through legal channels.  Nonetheless,

            the government charged that his publication was part of a

            conspiracy to commit fraud and that his information-

            gathering activities and publication amounted to interstate

            transportation of stolen property.

               Shouldn't the First Amendment have protected Craig

            Neidorf from prosecution?  Unfortunately, the answer to that

            question is unclear because of the technology he used to

            deliver his message.  Neidorf's publication was electronic.

            He created it as text on his computer and distributed it

            over a network to other computer users who read it on their

            video screens.  It went from author to audience without ever

            existing in tangible form.  And the information whose

            publication led to his prosecution -- a document describing

            a telephone system -- came to him through the same channels.

            For the first time, a federal court confronted this

            question: How does the First Amendment apply to computer-

            based communication?

               Craig Neidorf's prosecution was only one part of a

            crackdown on computer crime that in 1990 aroused widespread






            concern over civil liberties and computer use.  In another

            case, Steve Jackson Games, a small publishing company in

            Austin, Texas, found itself nearly put out of business when

            the Secret Service raided its premises and confiscated its

            computers -- all because the agency suspected it might find

            contraband information on the computers.1

               Was the government casting its net too broadly in its

            campaign against computer crime, infringing on free speech

            in the process?  The events of 1990 demonstrated better than

            any before the confused and uncertain state of the law as it

            applied to computer-based communication.



               The Problems of a New Medium               The Problems of a New Medium               The Problems of a New Medium

               Advances in computer technology over the past decade have

            made computers available to a vast number of people and

            irrevocably changed the way most work is done in this

            country.  The United States Department of Commerce estimated

            in 1988 that as many as 38 million personal computers would

            be installed by 1991, with 28 percent of all American

            households computer-equipped.2  But computers have proved to

            be more than tools for word processing and math;

            increasingly, the computer is a communication tool.


                                

            1See, e.g., Costikyan, "Closing the Net," Reason, Jan. 1991,
             at 22; Kapor, "Civil Liberties in Cyberspace," Scientific
             American, Sept. 1991, at 116.

            2National Technical Information Service, U.S. Dept. of
             Commerce, NTIA Information Services Report (1988), at 27.


                                          2






               Today, anyone with a computer and a modem3 -- and an

            estimated 19 million modems are currently installed4 --

            possesses the means to communicate with thousands of other

            computer users.  Available services include hundreds of

            commercial online information services such as CompuServe

            and Prodigy.5  These services provide electronic access to

            major news services such as USA Today, Dow Jones and the

            Associated Press.  They also provide their own news, advice

            columns, movie and music reviews, and hundreds of other

            features online.  Syndicated columns from writers such as

            Dave Barry and Mike Royko are available by electronic

            subscription for users who have electronic mail addresses on

            any of the major national computer networks.6  And a

            probably uncountable number of amateur newsletters and

            magazines produced by individuals are distributed

            electronically via computer networks to small lists of

            subscribers.  Electronic bulletin boards7 number as many as

                                

            3A modem is a device used to translate digital computer data
             into electrical signals capable of transmission over
             telephone lines.

            4NTIA Report, supra note 2, at 29.

            5One directory lists 718 online informations services
             worldwide. Cuadra/Elsevier, Directory of Online Databases
             (vol. 12, nos. 1 and 2 (Jan. 1991)).

            6Online advertisement from ClariNet, a service that
             distributes syndicated publications electronically (April
             9, 1991).

            7Bulletin boards are "computer systems that function as
             centralized information sources and message switching
             systems for a particular interest group. Users dial up the


                                          3






            100,000.8  Available to an increasing number of people at

            constantly shrinking expense, the computer and modem may be

            the 1990s equivalent of the mimeographed handbill.

               Clearly, "the press" no longer requires ink or paper.

            Some of these publications9 are direct electronic analogues

            of magazines, newspapers, newsletters and pamphlets, while

            others are entirely new forms; but none need ever exist on

            paper.  A new medium of mass communication, distinct from

            print but sharing many of its essential characteristics, is

            spreading, and as computers become ever more accessible, its

            continued spread is inevitable.

               Because these forms of communication may be well on their

            way to becoming the dominant ones, it is important that the

            law be ready to accommodate them.  But the existing models

            of media law are inadequate to the task.  Today's system

            divides technologies of communication into essentially three

            tiers of First Amendment protection.10  Most protected are

            traditional print media, newspapers and magazines, which

                                                                        
             bulletin board, review and leave messages for other users
             as well as communicate to other users attached to the
             system at the same time." Freedman, The Computer Glossary
             80 (4th ed. 1989), at 80.

            8L. Wood, D. Blankenhorn, "State of the BBS Nation," Byte,
             Jan. 1990, at 298.

            9Although the technology is new, there can be no doubt that
             these activities are indeed publishing. Black's Law
             Dictionary defines publish as "[t]o make public; to
             circulate; to make known to people in general.  To issue;
             to put into circulation."

            10See, e.g,, De Sola Pool, infra note 18; Becker, infra note
             73, at 829-30.


                                          4






            enjoy great, though not absolute, freedom from government

            control under the First Amendment.11  The middle ground is

            occupied by the broadcast media, radio and television.

            Although the First Amendment still protects broadcast

            journalists from governmental interference with day-to-day

            editorial decision-making,12 broadcasters are nonetheless

            subject to government licensing and many other requirements

            dictated by the FCC and Congress.13  Least protected by the

            First Amendment -- or most regulated -- are common carriers,

            telephone and other wire communication systems operated by

            companies such as AT&T.  Common carriers operate under

            strict guidelines governing access, rates, even content.

            Because common carriers have almost no control of how their

            facilities are used, however, they are generally immune from

            liability for misuse.14

               None of these legal models can comfortably encompass

            computer-based communication.  The content of such

            communication -- written text -- is most analogous to print,

                                

            11See, e.g., Near v. Minnesota, 283 U.S. 697 (1931); New
             York Times Co. v. Sullivan, 376 U.S. 254 (1964), New York
             Times Co. v. United States, 403 U.S. 713 (1971), Miami
             Herald Publishing Co. v. Tornillo, 418 U.S. 241 (1974).

            12See, e.g., CBS v. Democratic National Committee, 412 U.S.
             94 (1973).

            13See, e.g., Red Lion Broadcasting Co. v. FCC, 395 U.S. 367
             (1969); FCC v. Pacifica Foundation, 438 U.S. 726 (1978).

            14The history of common-carrier regulations, rather than
             being derived from First Amendment law, is descended from
             the regulation of railroads in the nineteenth century. See
             De Sola Pool, infra note 18, at 75-107.


                                          5






            but because computer networks rely on telephone lines, its

            technological foundation is that of the common carrier.

            Perhaps even more problematic, though, is that this new

            technology just doesn't look like print, and policymakers

            may therefore be hesitant to afford it the same

            protection.15

               Such problems may prevent a major new outlet for free

            expression from achieving its potential.  But the danger may

            be even more significant.  If more traditional technologies

            such as print are replaced by electronic delivery, the First

            Amendment will no longer protect "the press" as it does

            today.



               Literature Review               Literature Review               Literature Review

               The difficulties associated with fitting a new

            communication technology such as computer-based

            communication into existing legal frameworks has not escaped

            legal commentators.  "Electronic publishing," writes former

            White House policymaker Richard Neustadt, "provides square

            pegs to fit into the round holes of old regulatory

            categories."16  And Kim Uyehara writes, "Lawmakers are





                                

            15See, e.g., De Sola Pool, infra note 18, at 197.

            16R. Neustadt, G. Skall, M. Hammer, "The Regulation of
             Electronic Publishing," 33 Fed. Comm. L.J. 331, 332
             (1981).


                                          6






            having a hard time keeping legislation current with the

            technical explosion."17

               Most writers have taken either a broad approach --

            discussing very generally the legal and social problems of

            new communication technology -- or a very narrow one, asking

            and answering very specific legal questions.  The most

            significant entry in the former category is by Ithiel de

            Sola Pool, whose book Technologies of Freedom,18 cited

            frequently by other authors, seems to be the seminal work in

            the field.  The book is slightly dated as far as the

            technology goes -- 1983 is a long time ago in the world of

            computers -- but its discussion of the underlying issues is

            insightful.

               De Sola Pool's book is more descriptive than analytical,

            concentrating on elucidating the legal problems of new

            communication technology rather than solving them.  It opens

            with a warning:

                    For five hundred years a struggle was fought,
                 and in a few countries won, for the right of
                 people to speak and print freely, unlicensed,
                 uncensored, and uncontrolled.  But new
                 technologies of electronic communication may now
                 relegate such old and freed media such as
                 pamphlets, platforms, and periodicals to a corner
                 of the public forum.  Electronic modes of
                 communication that enjoy lesser rights are moving
                 to center stage.  The new communication
                 technologies have not inherited all the legal
                 immunities that were won for the old.... And so,
                 as speech increasingly flows over those electronic
                                

            17K. Uyehara, "Computer Bulletin Boards: Let the Operator
             Beware," 14 Student Lawyer, April 1986, at 30.

            18I. de Sola Pool, Technologies of Freedom (1983).


                                          7





                 media, the five-century growth of an unabridged
                 right of citizens to speak without controls may be
                 endangered.19

               De Sola Pool provides a history of communication

            technology, starting with the origins of print20 and

            covering the emergence of electronic media.21  He also

            summarizes the history and current state of modern media

            law, dividing media into regulatory categories; one chapter

            each is devoted to print,22 common carriers,23 and

            broadcasting.24  Additional chapters address the newer

            technologies of cable25 and -- most significantly for the

            purposes of this thesis -- electronic publishing.26  It is

            here that de Sola Pool warns that regulations driven by

            technology may eventually undermine the First Amendment:

                    If computers become the printing presses of the
                 twenty-first century, will judges and legislators
                 recognize them for what they are?... Practices are
                 now being canonized in regard to cable television,
                 computer networks, and satellites which may
                 someday turn out to be directly relevant to
                 publishing.  People then may ask in puzzlement
                 where protections of the free press have gone.27
                                

            19
              Id. at 1.
            20
              Id. at 12-14.
            21
              Id. at 23-54.

            22Id. at 55-74.

            23Id. at 75-107.

            24Id. at 108-150.

            25Id. at 151-188.

            26Id. at 189-225.

            27Id. at 189.


                                          8






               De Sola Pool makes no specific policy recommendations for

            dealing with these new problems.  Instead, having sounded

            the alarm, he suggests general principles to guide

            policymakers.  He suggests that the First Amendment applies

            equally to all media, that all communication should be

            unfettered by government restriction, and that regulation --

            including common-carriage rules -- should be a last resort

            reserved only for cases of true physical monopoly.28

               De Sola Pool's main message, though, seems to be that

            vigilance may be required to safeguard the First Amendment

            into the future.  "Lack of technical grasp by policy makers

            and their propensity to solve problems of conflict, privacy,

            intellectual property, and monopoly by accustomed

            bureaucratic routines are the main reasons for concern," he

            writes.  "But as long as the First Amendment stands ... the

            loss of liberty is not foreordained."29

               A similarly broad -- and cautionary -- approach is taken

            by law professor M. Ethan Katsh.30  Katsh suggests that new

            communication technologies not only present novel legal

            problems, but "are likely to affect both how we think about





                                

            28Id. at 246.

            29Id. at 251.

            30M.E. Katsh, "The First Amendment and Technological Change:
             The New Media Have a Message," 57 Geo. Wash. L. Rev. 1459
             (1989).


                                          9






            information and what the relationship is between citizen and

            government."31

               Katsh argues that electronic communication not only

            provides a new physical channel for speech, but changes the

            nature of the information itself:

                    Electronic information is even more active and
                 more easily manipulable, revisable, and changeable
                 [than print].  It is changeable in ways that print
                 is not and, by its very nature, moves much faster.
                 One who looks at words on a computer screen or
                 even at words on paper that have emerged from a
                 "printer" may think that he or she is seeing
                 print, but the static or fixed quality of print is
                 gradually being lost as information is encoded in
                 electronic form.32

               Katsh is not optimistic about the future of First

            Amendment law.  "[D]ifferences in treatment among media can

            be expected to multiply," he writes.  "It is even possible

            that 'full' First Amendment protection, whatever that may

            mean in the future, will not be enjoyed by any medium other

            than, perhaps, the spoken word."33  But he argues that

            despite greater legal restrictions, the power of new

            technologies will diminish the ability of the state to

            impede the flow of information.34  Prior restraint, for

            example, may become virtually impossible as means of




                                

            31Id. at 2.

            32Id. at 13.

            33Id. at 17.

            34Id. at 17.


                                         10






            publication proliferate.35  Katsh sees in the future a "new

            communications environment," an environment characterized by

            a vigorous system of expression but an unstable and confused

            First Amendment framework.36

               Apart from de Sola Pool and Katsh, few authors appear to

            have tackled the broad issues associated with computer

            communication.  Most have concentrated instead on specific

            legal questions associated with specific media.  Almost

            universally, the authors ask which model of media law can

            apply to these new technologies.  But their analyses

            generally concentrate on very narrow regulatory and

            liability issues rather than the larger First Amendment

            issues involved.  The question of legal models is generally

            answered only to the extent necessary to resolve the narrow

            questions they have tackled.

               Also, most of the existing literature is devoted to

            analysis of one specific form of computer communication, the

            electronic bulletin board system or BBS.  The discussion of

            BBSs is further limited to one particular legal question,

            the liability of the BBS's system operator, or sysop, for

            messages posted by users on the BBS.







                                

            35Id. at 21.

            36Id. at 23.


                                         11






               Attorney Robert Charles examines the question of sysop

            liability for defamation posted on a BBS.37  Charles uses

            the analogy technique used by virtually every other author

            writing on this subject.  "This question may be answered by

            looking to the standards of liability that have been applied

            to other communication technologies," he writes.38  He then

            divides existing media into two categories based upon their

            legal status in defamation cases: print media, which are

            generally held accountable for defamation, and common

            carriers, which generally are not.39  The exception to that

            common carrier rule is when a common carrier is a "knowing"

            participant in the defamation.40  Charles ultimately

            recommends the formulation in explicit detail of a new,

            clear standard "tailored specifically to computer bulletin

            boards," incorporating the "knowing" test used for common

            carriers.41

               Most writers tackling the sysop liability question

            discuss not defamation but messages related to criminal

            action, mainly computer hacking and other forms of computer



                                

            37R. Charles, "Computer Bulletin Boards and Defamation: Who
             Should Be Liable? Under What Standard?" 2 J. of Law and
             Technology, Winter 1987, at 121.

            38Id. at 123.

            39Id. at 132.

            40Id. at 132-3.

            41Id. at 147.


                                         12






            crime.42  In particular, phreaking, the theft of long-

            distance telephone service -- usually closely associated

            with hacking -- has been a popular subject of discussion.

            "While bulletin boards are usually not directly involved in

            any of these crimes, they are used to receive and distribute

            information by the computer enthusiasts who commit the

            illegal acts," writes attorney Eric Jensen, who also

            includes distribution of pornography and the formation of

            pedophilia rings among the potential abuses of BBSs.43

               Jensen similarly asks whether earlier models of media law

            can accommodate BBSs.  Dividing older media into the

            categories of publishers, republishers, and common carriers

            -- and choosing republishers as the best analogy to BBSs --

            Jensen ultimately reaches a conclusion much like Charles',

            that sysop liability should be based upon the degree of the

            sysop's participation in the illegal actions.44  He cautions

            that direct regulation of BBSs, because of their nature,



                                

            42The term hacker originally meant a person with great
             technical expertise with computers -- particularly with
             programming -- and for whom computing was an end in
             itself, even an art form. However, it has popularly come
             to mean a person who, through stealing passwords and
             otherwise exploiting security holes, gains unauthorized
             access to computer systems, either maliciously or
             mischievously.  See Chapter 2, notes 36-38 and surrounding
             text.

            43E. Jensen, "An Electronic Soapbox: Computer Bulletin
             Boards and the First Amendment," 39 Fed. Comm. L.J. 217,
             224-226 (1987).

            44Id. at 257.


                                         13






            would be unenforceable.  Hobbyists could easily "go

            underground," concealing their activities from regulators.45

               Jensen provides one original analogy, what he calls "the

            BBS as an association,"46 a place where "people from all

            across the country gather electronically and exchange views,

            recipes, or epithets, just as would the local Jaycees."47

            Citing NAACP v. Alabama,48 he writes, "As an association

            engaged in speech, a bulletin board is entitled to

            constitutional protection."49

                A slightly different approach to the sysop liability

            question is taken by Edward Di Cato,50 who discusses a more

            recent addition to the list of BBS hazards: the distribution

            of computer viruses.51  Di Cato reaches a familiar

            conclusion -- that a sysop would be liable only for

            "recklessly" allowing a computer virus to spread through a


                                
            45
              Id. at 232-3.

            46Id. at 252.

            47Id.

            48357 U.S. 449 (1958).

            49Id.

            50E. Di Cato, "Operator Liability Associated With
             Maintaining a Computer Bulletin Board," 4 Software L.J.
             147 (1990).

            51A virus is a computer program that is designed to
             replicate itself by attaching itself surreptitiously to
             other programs. Viruses may be fairly harmless, perhaps
             popping up a mischievous message on the screen, or
             destructive -- erasing files from a hard disk or perhaps
             scrambling the disk's data irretrievably.


                                         14






            BBS.52  He also suggests that sysops could protect

            themselves by exercising tight control over their BBSs,

            verifying users' identities before giving them access.53  He

            further suggests that a disclaimer clearly specifying the

            responsibilities of users and specifically repudiating sysop

            responsibility might further protect sysops from

            liability.54

               The sysop liability question has also been tackled by

            John T. Soma, Paula J. Smith and Robert D. Sprague.55  Their

            article, however, consists mostly of an extensive survey of

            "computer crime" laws, engaging in little First Amendment

            analysis.

               One commentator reaches a conclusion quite different from

            most others on the subject of BBS regulation.  Robert Beall

            examines the liability of sysops for the posting of

            illegally obtained information by phone phreakers.56  In

            asking which model of media law will apply, Beall forces a

            choice between the laws covering newspapers or the laws



                                

            52Di Cato, supra note 50, at 155.

            53Id. at 156.

            54Id. at 157.

            55J. Soma, P. Smith, R. Sprague, "Legal Analysis of
             Electronic Bulletin Board Activities," 7 W. New Eng. L.
             Rev. 571 (1985).

            56R. Beall, "Developing a Coherent Approach to the
             Regulation of Computer Bulletin Boards," 7 Computer/Law
             Journal 499 (1987).


                                         15






            covering telephone service;57 he ends up choosing elements

            of each.  He agrees with other commentators that a sysop may

            not be liable without affirmative involvement in the illegal

            activity.58  While he seems to favor strong First Amendment

            protection for BBSs, he is not satisfied with the resulting

            lack of protection against phreaking activity.  He therefore

            proposes a full-fledged system of licensing of BBSs by the

            FCC, with licensees required to adhere to certain rules in

            order to retain or renew their licenses.59  However, he

            would rely upon the private sector for enforcement of these

            rules; telephone companies, for instance, would be expected

            to monitor BBSs for stolen credit card numbers.60

               Besides the BBS, the only other related communication

            media that have received significant attention in the legal

            literature are the similar technologies of teletext and

            videotex.   Teletext is a form of electronic text delivered

            by television stations to subscribers' TV sets, either via

            broadcasting or cable hookups but as part of a conventional

            television signal.  Teletext presents a series of pages, or

            frames, of text, from which the subscriber may select using

            a special keypad.61  Videotex is a similar service,

                                

            57Id. at 509-10.

            58Id. at 504-5.

            59Id. at 513-15.

            60Id. at 516.

            61Freedman, supra note 7, at 689.


                                         16






            delivered to customers' TV sets via telephone lines.62

            Neither service has been implemented on a large scale in the

            United States, but despite their obscurity, they have

            received much attention from legal commentators.

               Jeffrey Hurwitz devotes his attention to teletext,

            particularly broadcast teletext.63  He suggests that the

            FCC's 1983 decision not to regulate teletext -- reasoning

            that it is an "ancillary service" not subject to the

            regulations applied to regular TV programming -- was

            incorrect.64  Teletext, like traditional broadcasting, he

            felt should be content regulated -- subject to the Fairness

            Doctrine,65 the "equal opportunity" rule and the "reasonable

            access" rule.66  Exempting teletext from such content

            regulations provides an easy avenue for circumventing the

            purpose of such regulations as applied to broadcasting, he

            writes.67  Perhaps most troubling, however, is his argument

            that the FCC, more than anything else, has simply

            misconstrued the clear language of the statutes and


                                

            62Id. at 735.

            63J. Hurwitz, "Teletext and the FCC: Turning the Content
             Regulatory Clock Backwards," 64 Boston Univ. L. Rev. 1057
             (1984).

            64Id. at 1057.

            65The Fairness Doctrine, no longer FCC policy, was still
             applied to broadcasters when Hurwitz wrote his article.

            66Hurwitz, supra note 63, at 1083.

            67Id. at 1098.


                                         17






            regulations in question.68  Hurwitz's arguments suggest that

            the existing statutes could pose a threat to the freedom of

            computer communication.

               Another writer, Richard Hindman, has a markedly different

            view of teletext.69  "The first amendment," he writes,

            "protects the right of every person to participate in the

            marketplace of ideas."70  Most of Hindman's article is

            devoted to an analysis of a consent decree that currently

            bars telecommunications giant AT&T from entering the

            teletext business.71  However, Hindman's comments about the

            First Amendment issues underlying teletext regulation are

            insightful:

                    The history of broadcast and cable regulation
                 suggests that as new communication technologies
                 become available Congress and the courts will fail
                 to fully comprehend how the first amendment limits
                 government authority to regulate.  In fact, at
                 first, the courts will attempt to characterize
                 users of the new medium as someone other than a
                 speaker entitled to full first amendment
                 protection or, as a speaker entitled to some
                 lessor [sic] protected right.... [U]ntil a new
                 technology becomes familiar in its own right,
                 courts generally attempt to impute the regulatory
                 baggage of an existing medium, leaving unresolved
                 the difficult constitutional issues.72

                                

            68Id. at 1083-1094.

            69R. Hindman, "The Diversity Principle and the MFJ
             Information Services Restriction: Applying Time-Worn First
             Amendment Assumptions to New Technologies," 38 Catholic
             Univ. L. Rev. 471 (1989).

            70Id. at 471.

            71U.S. v. AT&T, 552 F.Supp. 131 (D.C. Cir. 1982).

            72Id. at 494-5.


                                         18






               Lynn Becker, in her survey of the confused state of the

            law regarding teletext and videotex, agrees that the

            technology of delivery should not be the decisive factor in

            deciding its regulatory status.73  "A preferable

            alternative," she writes, "would be to view all electronic

            publishing as a single communications medium regardless of

            the method of transmission.... The basis for distinguishing

            between typeset and electronically transmitted

            communications is not viable in 1985.  The regulatory

            underpinnings are without merit."74  Instead, she calls for

            the design of a new legal framework designed to accommodate

            the new media and to recognize their true nature.  "[T]he

            new media must be viewed according to their function rather

            than through their methods of distribution.... When viewed

            in this manner, the regulatory mandate is clear: Congress

            shall make no laws abridging ... the freedom of the

            press."75

               What conclusions emerge from this body of literature?

            It is clear that analogy to older media has been the method

            of choice for deciding the legal status of computer

            communication, whether BBS, teletext or videotex.  Almost

            every author divides existing media into regulatory

                                

            73L. Becker, "Electronic Publishing: First Amendment Issues
             in the Twenty-First Century," 13 Fordham Urban L.J. 801
             (1985).

            74Id. at 866.

            75Id. at 868.


                                         19






            categories, generally classifying print media as most immune

            to regulation but most vulnerable in liability cases and

            common carriers as most regulated but generally immune to

            liability, with broadcasters in the middle.  With only a

            couple of exceptions -- Beall's scheme of licensing BBSs and

            Hurwitz's argument in favor of content regulation for

            teletext -- the authors are opposed to governmental

            regulation of electronic publishing.  However, the authors

            devote themselves to answering narrow questions, questions

            either of BBS sysop liability or of the regulatory status of

            two obscure technologies, teletext and videotex.

               In the literature there seems to be agreement on several

            specific questions.  First, BBS sysops should be held liable

            for messages on their boards only when they are in some way

            involved with or aware of the illegality.  Second, a new

            legal framework may be necessary to accommodate these media.

            And third, the First Amendment does apply to computer-based

            communication.

               Missing from most of the literature is recognition of a

            serious First Amendment threat or an attempt to discover the

            specific sources of that threat.  With the exception of De

            Sola Pool's forward-looking book and Katsh's philosophical

            article, most authors seem to perceive only technical legal

            difficulties.  While most authors conclude, or even assume,

            that the First Amendment applies to computer communication,

            they do not seem to see implications for the mainstream of

            First Amendment law.  Computer-based communication is


                                         20






            portrayed either as something still far in the future or as

            a "niche" medium of interest only to computer hackers and

            scientists.  It is depicted as only peripheral to the speech

            the First Amendment is intended to protect.

               In fact, however, such electronic communication is in use

            today by a vast number of people with diverse interests,

            using inexpensive and readily available technology.  It is

            already a significant and important forum for speech on

            almost every conceivable topic.  The way in which this

            medium is used indicates that it is not peripheral to First

            Amendment "core speech."  It should be considered in the

            mainstream of First Amendment-protected expression.  If

            computer-based media are to become a dominant channel for

            information delivery in the future, it is vitally important

            that the decisions made today regarding the treatment of

            these media be the right ones.



               Objectives               Objectives               Objectives

               Perceptions of a threat to the First Amendment freedoms

            of computer-based communication have come not from codified

            policies -- of which there are few -- but from de facto

            policies emerging from an unsettled and chaotic area of law.

            These de facto policies are, in turn, the product of

            precedent-setting events such as the Craig Neidorf and Steve

            Jackson cases and other controversies of 1990.

               Krasnow, Longley and Terry, in their book The Politics of

            Broadcast Regulation, begin their analysis with the idea


                                         21






            that "there is no such thing as 'government regulation';

            there is only regulation by government officials."76  In

            other words, particularly with a medium as new as this one,

            attention is best directed not toward codified regulations

            but rather toward the attitudes and agendas of the people

            who will create them -- people both in and out of the

            government.  The legal treatment of any new technology will

            ultimately be a product of political pressures, different

            players with different agendas pushing in different

            directions.  The result will depend upon whose voice is

            heard most strongly.

               The embryonic field of computer-communication law is

            characterized by several different facets of government and

            the private sector influencing policy formation.  These

            include Congress, which has responded primarily to economic

            pressures related to computer crime, but has passed statutes

            incidentally affecting computer communication; the courts,

            which only recently and at the lowest levels have been asked

            to recognize constitutional protection for computer

            communication; and law enforcement agencies, which have

            caused the most visible controversies by enforcing computer

            crime laws zealously and without evident regard for free

            speech.  Other entities exerting an influence on the

            policymaking process include the computer-user community,

                                

            76Krasnow, Longley, and Terry, The Politics of Broadcast
             Regulation 9 (citing Loevinger, The Sociology of
             Bureacracy, 24 Business Lawyer 9 (1968)) (3d ed. 1982).


                                         22






            particularly the "computer underground" and the hacker

            subculture, which have been the focus of the recent

            controversies; and the Electronic Frontier Foundation, a

            political action group founded to protect the civil

            liberties of computer communicators.

               This thesis will examine the political development of de

            facto policies affecting the First Amendment freedoms

            associated with computer-based communication, particularly

            during the important events of 1990.  It will examine the

            legislative history of the relevant federal statutes and the

            events surrounding the important cases, including those of

            Craig Neidorf and Steve Jackson, and the Secret Service's

            "Operation Sun Devil," and attempt to identify the roles of

            the major players in this process.



               Research Questions and Methodology               Research Questions and Methodology               Research Questions and Methodology

               The specific research questions addressed by this thesis

            are:

               1) Does a threat to the freedom of computer-based               1) Does a threat to the freedom of computer-based               1) Does a threat to the freedom of computer-based

            communication represent a threat to the core meaning of the            communication represent a threat to the core meaning of the            communication represent a threat to the core meaning of the

            First Amendment?            First Amendment?            First Amendment?

               In order to answer this question, this thesis will first

            explore the nature of computer-based communication as it is

            used today.  After an overview of the technology that makes

            such communication possible, it will examine the way in

            which this medium is used.  It will demonstrate that

            computer-based communication is a vital and important


                                         23






            medium, and that users of this medium are members of a

            community engaged in "core speech" deserving of the highest

            constitutional protection.

               2) Who are the important players involved in the               2) Who are the important players involved in the               2) Who are the important players involved in the

            controversies of 1990 and the formation of computer-            controversies of 1990 and the formation of computer-            controversies of 1990 and the formation of computer-

            communication policy and what are their roles?            communication policy and what are their roles?            communication policy and what are their roles?

               The thesis will then examine in detail the important

            cases of 1990 and the events surrounding them in an attempt

            to discover the role of each major player involved.  The

            players themselves will be identified, and the contribution

            of each will be evaluated.  This will include an exploration

            of the legislative history of the statutes involved in these

            cases, as well as factual accounts from news media and other

            sources of the events surrounding the 1990 controversies.

            Source documents, including legislative debates,

            indictments, written court opinions, search warrant

            affidavits, briefs and policy statements will provide

            insight into the motives and objectives of each player.

               3) Based upon the roles of the players involved, what is               3) Based upon the roles of the players involved, what is               3) Based upon the roles of the players involved, what is

            the general direction of the law?            the general direction of the law?            the general direction of the law?

               From this analysis should emerge an overall picture of

            the regulatory atmosphere, the degree of the First Amendment

            threat and what the future may hold for these new media.



               Organization               Organization               Organization

               Chapter Two will describe the technological foundation of

            today's computer-based communication media in order to


                                         24






            define terms and concepts important to this topic.  It will

            briefly describe the way in which these media are used, in

            order to establish that a genuine outlet for First

            Amendment-protected speech is involved.  It will also

            introduce the culture of computer hackers, which plays an

            important part in events described later.

               Chapter Three will examine the legislative history of the

            computer crime laws that served as the authority for the

            hacker crackdown of the late 1980s and 1990.  This chapter

            will study the role of Congress as a regulatory player and

            will also reveal the early involvement of two other players

            that figure prominently in later events: computer hackers

            and law enforcement.

               Chapter Four will discuss in detail the major cases of

            1990 and the surrounding events that have been the focus of

            the recent controversies over First Amendment freedoms and

            computer communication.  These events demonstrate the

            involvement of four important players in this regulatory

            process: computer hackers, law enforcement agencies, the

            courts and the Electronic Frontier Foundation.

               Chapter Five will summarize and discuss the preceding

            material and will attempt to identify the direction of the

            law based upon the roles of the involved players.



               Limitations               Limitations               Limitations

               Some legal aspects of this new communication technology,

            while important, will not be included in this thesis.


                                         25






               First, any examination of computers and civil liberties

            seems to include a discussion of privacy.  Computers provide

            new ways of collecting and retrieving information about

            individuals, and many civil libertarians see this use of

            computers as a threat to privacy.  However, privacy law will

            not be a part of this thesis.

               Second, the communication of data by electronic

            transmission introduces a host of new and difficult

            questions of copyright and patent.  While these questions

            are intriguing, they could themselves be the basis of

            another thesis.  While the law of intellectual property

            plays a part in some of the cases involved in this area,

            extended discussion of copyright or patent law is beyond the

            scope of this thesis.

               Third, where this thesis discusses computer-crime laws,

            it will limit such discussion to the federal statutes

            involved in the hacker-crackdown controversies of 1990.

            Consequently, state computer-crime laws, of which there are

            many, will not be discussed.



               A Note About Sources and Citations               A Note About Sources and Citations               A Note About Sources and Citations

               Because of the nature of this topic, a large number of

            the sources used in this thesis are themselves electronic

            publications, or are source documents made available through

            electronic means.  Citation of such documents is

            problematic, as conventional citation forms are not readily

            adaptable to nonprinted sources.  In this thesis, citation


                                         26






            of an electronic document will provide complete

            identification of the publication and the source through

            which it was obtained.  Because electronic publications do

            not generally have page numbers, citation to a specific

            passage in an electronic document will give the line number

            in the file.












































                                         27






                                     CHAPTER TWO:                                     CHAPTER TWO:                                     CHAPTER TWO:

                                        The Net                                        The Net                                        The Net

               This chapter will explore the nature of today's computer-

            based media, both technological and cultural, in order to

            lay the foundation for the discussion that follows.

               The first section will describe the technological

            foundation of computer-based communication.  In order to

            understand many aspects of this topic, and to appreciate the

            culture of computer users, it is necessary first to

            understand the media through which communication takes

            place.  Such an understanding requires a certain amount of

            technical explanation.  However, the minute technical

            details of computer networking are less important than an

            appreciation of the vast variety and immense power of the

            technology.

               The second section will examine the way in which these

            media are used today.  This will include general

            descriptions and examples of the types of communication that

            take place via computer-based media.

               The final section will be a brief introduction to the

            culture of computer hackers, a group that has played a

            continuing and important role in the development of policy

            in this area.






               The Technology               The Technology               The Technology1

               Several kinds of technological media exist through which

            computer-based communication takes place.  These can

            generally be grouped into three categories: the computer

            bulletin board system (BBS), the online information service

            and the computer network.  There is considerable overlap

            between these categories, and within each category there is

            much variation in implementation.  Nonetheless, meaningful

            distinctions can be made between these types of systems and

            the way in which they operate.

               Bulletin Board Systems (BBSs)               Bulletin Board Systems (BBSs)               Bulletin Board Systems (BBSs)

               At the low end of the technological and economic scale is

            the computer bulletin board system or BBS.  Typically, a BBS

            is operated on a single personal computer, often in a spare

            bedroom or corner of the home of the system operator

            (sysop).  Such a BBS is usually operated strictly as a

            hobby, and no fee is charged for access (though some BBSs

            may charge a small fee to help defray costs).  The only

            equipment required to operate a BBS is a computer, BBS

            software,2 a modem and a telephone line.  In some cases the


                                

               1Much of the information in this section comes from the
            author's own experience.  Where this information has been
            supplemented by external sources, or where such sources
            might provide additional useful information, citations are
            given.

               2BBS packages include TBBS (The Bread Board System),
            Wildcat! and Searchlight.  Many BBS packages are shareware
            (see infra note 7), bringing the cost of operating a BBS
            even lower.


                                          29






            BBS will not even have its own telephone line but will share

            the sysop's home or business line (and consequently may be

            available only during certain hours).

               The idea of a computer system publicly available for

            posting messages goes back at least to 1973 when a project

            called Community Memory went online in San Francisco.  A

            project of a group of progressive computer enthusiasts,

            Community Memory was a system consisting of a mainframe3

            computer connected to a dedicated teletype terminal placed

            in a record store (a second terminal was added later).  The

            system functioned much like the message base of a modern

            BBS, allowing anyone who wanted to use it to leave a message

            that could be viewed by others.4

               The first true BBS appeared in January of 1978 when two

            members of a Chicago computer club called CACHE (Chicago

            Area Computer Hobbyist Exchange) came up with the idea of

            using a computer to help the club members share information

            that had previously been posted on a real bulletin board.

            The system, called the CACHE Bulletin Board System/Chicago

            or CBBS/Chicago, was strictly a message board and ran on



                                

               3A mainframe is a large computer with abundant processing
            power.  The term is usually used to distinguish such large
            computers from personal computers such as the IBM PC or the
            Apple Macintosh.  Technically, before the advent of such
            small computers in the late 1970s, all computers were
            mainframes.  See Freedman, The Computer Glossary 434 (4th
            ed. 1989).

               4S. Levy, Hackers 155-58, 167-80 (Paperback ed. 1984).


                                          30






            software the two men, Randy Seuss and Ward Christensen,

            designed over a weekend.  The program was freely distributed

            and widely adapted, and before long BBSs sprang up all over

            the country.5

               Today, many different BBS software packages offer

            different features, but certain functions are common to

            virtually all BBSs.  After logging on to the BBS by

            providing a user name and a password,6 a caller is usually

            presented with a menu of BBS functions from which to choose.

            These generally include bulletins, electronic mail (e-mail),

            message areas, file downloads and perhaps other features

            such as online games.

               Bulletins, e-mail and the message areas are all forms of

            electronic communication between BBS users.  Bulletins are

            text files, usually prepared by the sysop and usually

            containing information about the operation of the BBS

            itself.  They inform the user of BBS rules and regulations,

            the history of the BBS, scheduled down time and other


                                

               5Petersen, "Whether for Gabbing or Gobbling Facts,
            Computer Bulletin Board Systems Have Taken Wing," Chicago
            Tribune, Mar. 16, 1989, at sec. 5, p. 2; Balz, "Signing On
            to the World of Computer Bulletin Boards," Chicago Tribune,
            May 30, 1986, at 53.

               6The user name or user ID may be the caller's real name
            or a "handle."  Systems that allow handles will usually also
            require the user to provide his real name so the sysop can
            verify his identity, even though the handle may be all that
            other users will see.  The password, chosen by the user, is
            the BBS's primary means of maintaining security.  Users are
            usually advised to select a password that would not be easy
            to guess and not to write the password anywhere.


                                          31






            information of general interest.  Bulletins are often

            displayed automatically to first-time callers, and some BBSs

            require that callers read certain bulletins before full

            access is granted.

               E-mail is a private form of communication between two

            users.  An e-mail note will be addressed to a specific

            person, using that person's user name, and will not be

            visible to anyone else (except perhaps the sysop).  When the

            user to whom the note is addressed logs on, he will usually

            be notified right away that he has mail waiting.  He can

            then read any e-mail notes waiting for him and reply if he

            chooses to.

               The heart of most BBSs is the "message base."  Generally,

            a BBS will have a number of message areas divided by topic.

            Unlike e-mail notes, these messages are visible to any

            caller.  These message areas are public discussion forums

            where any reader is free to jump in at any time.

               In addition to these forms of communication, information

            may also be published via the file download section.

            Ordinarily, a BBS's file collection consists mostly of

            public-domain and shareware7 software, but it may also


                                

               7Shareware is a method of software distribution in which
            copies of a software product may be freely distributed
            through BBSs and other means, allowing users to try the
            software before deciding to buy it.  If the user chooses to
            continue using the software beyond a certain trial period,
            he is expected to register it by sending a fee to the
            program's author.  In exchange for registering, the user
            will typically receive printed documentation, upgrade


                                          32






            contain text files.  These files might be extracts from

            threads8 in the message areas, instructional articles,

            electronic newsletters, fiction, poetry or virtually any

            other form of written material.

               Information Services               Information Services               Information Services

               Similar in concept to the BBS, but very different in

            scale, is the online information service.  Unlike most BBSs,

            the information service is a commercial enterprise,

            operating on a subscription or membership basis and charging

            a fee for access, usually an hourly rate.  Such a service is

            much larger than a BBS, operating on a mainframe computer

            (or even an array of mainframe computers).  Furthermore, the

            information service supports hundreds or even thousands of

            simultaneous callers and is available nationally, or even

            internationally, through local telephone calls.

               Major online information services in the United States

            include CompuServe, Prodigy, GEnie, The Source and BIX.  Of

            these, the largest and most familiar is probably CompuServe,

            a subsidiary of H&R Block.  CompuServe has over half a






                                                                        


            notices, technical support and perhaps a more fully
            functional version of the software.

               8A thread is "a more or less continuous chain of postings
            on a single topic." Online Jargon File, version 2.9.6
            (distributed via the Internet,  Aug. 16, 1991), at line
            15707.


                                          33






            million members9 who pay an hourly rate ($12.50 in 1991) to

            use the service.  Like a BBS, CompuServe features e-mail,

            file libraries and message areas organized by topic.

            However, these areas are so large and so numerous that books

            exist for the sole purpose of helping one navigate them.

            CompuServe also offers many special online services (some of

            which cost an additional surcharge); users can make airline

            reservations, search online databases, invest in the stock

            market and shop in an "electronic mall" while online.10

            Other online information services offer similar assortments

            of services.

               The Internet and Usenet               The Internet and Usenet               The Internet and Usenet

               In terms of the number of users and the volume of

            traffic, the largest component of the online community is

            probably the international network of mainframe computers

            generally referred to as the Internet.  Originally called

            ARPANet, this "network of networks" was originally developed

            in 1969 by the U.S. Defense Advanced Research Projects

            Agency (DARPA) to connect university computers to one

            another.  The first national computer network, it was

            intended as a means of sharing resources among academic

            researchers.  During its first year the network had only




                                

               9CompuServe Inc., CompuServe Information Manager Users
            Guide 2 (1989).

               10See Compuserve Inc., Compuserve Almanac (5th ed. 1989).


                                          34






            four nodes,11 a number that grew to 25 by 1973.  By the

            1980s, however, the network had begun to grow exponentially,

            and as access became more widely available its usage

            broadened to include general-purpose communication.12  As of

            July 1991, 535,000 nodes were connected to the Internet.13

            Estimates suggest that the network serves as many as two

            million individual users.14

               Connected to the Internet is another international

            network, the diverse and vital Usenet.  Usenet is a

            "volunteer" network in that it has no central authority or

            governing body.  The only requirement for operating a Usenet

            node is finding another node willing to provide a

            connection.15

               Usenet began as the idea of two students at Duke

            University in 1979, and the first two Usenet sites were




                                

               11A node is "a computer system used as a junction or
            connection point in a communication network." Freedman,
            supra note 3, at 482.  In simple terms, a node is simply one
            of the computers connected to a network.  In the case of the
            Internet, however, an individual node may actually be a
            gateway to another entire network.  See infra note 24.

               12Hafner and Markoff, Cyberpunk: Outlaws and Hackers on
            the Computer Frontier 278-80 (1991).

               13"ACM Forum," Communications of the ACM, Nov. 1991, at
            21-22 (letter from Mark Lottor, SRI International, Network
            Information Systems Center).

               14Hafner and Markoff, supra note 12, at 280.

               15Cerf, "Networks," Scientific American, Sept. 1991, at
            50.


                                          35






            called unc (at the University of North Carolina) and duke.16

            As of October 1991 Usenet had an estimated 40,000 sites and

            served 1,902,000 active users.17

               Usenet provides e-mail services as well as a set of

            public discussion forums called newsgroups.  A newsgroup is

            simply a series of messages, called articles, related to a

            particular topic.  A user with access to Usenet can post an

            article to a newsgroup, and that article will then be

            propagated to all other Usenet sites carrying that

            newsgroup.  Although there is no authority mandating

            adherence to any rules regarding newsgroup administration, a

            set of conventions has emerged regarding the creation of

            newsgroups and their arrangement within standard

            hierarchies.  Any newsgroup created without adherence to

            these conventions is unlikely to be carried by other

            sites.18

               The standard newsgroup hierarchies include, among others,

            rec, for recreational topics; comp, for computer-related





                                

               16Each node on a network must have a unique name to
            identify it.  This name is used as part of the network
            addressing used to route e-mail and other data to the node.
            Network convention is to give the name of a node in lower
            case.

               17Usenet Readership Summary Report for October 91 (text
            file distributed via Usenet, Nov. 2, 1991).

               18G. Spafford, What Is Usenet? (text file distributed via
            Usenet, Sept. 9, 1991), at line 243.


                                          36






            topics; and soc, for social topics.19  Hence a newsgroup for

            discussing dogs is called rec.pets.dogs.  There are also a

            number of "alternative" newsgroup hierarchies that do not

            generally follow the standard rules, but are nonetheless

            carried by a large number of systems (though not

            universally).20

               Other national or international mainframe networks

            include Bitnet, which connects educational institutions, and

            Milnet, which connects American military installations.

               BBS Networks               BBS Networks               BBS Networks

               In addition to the nationwide (and worldwide) mainframe

            networks, the 1980s also saw the emergence of several

            networks connecting small BBS systems to one another.  The

            oldest and largest is FidoNet, which began as a pair of BBSs

            in Baltimore that had the capability of exchanging messages.

            As other systems were added, it grew into a nationwide

            network.21  Today FidoNet has more than 11,000 nodes.22

               A caller to a FidoNet BBS will usually find two different

            groups of message areas.  One contains the local message



                                

               19G. Spafford, List of Active Newsgroups (text file
            distributed via Usenet, July 25, 1991).

               20G. Spafford, Alternative Newsgroup Hierarchies, (text
            file distributed via Usenet, Sep. 9, 1991).

               21Dvorak and Anis, Dvorak's Guide to PC
            Telecommunications 96-7 (1990).

               22"FidoCon91 -- 408 Attend Biggest BBS Bash Ever,"
            Boardwatch Magazine, Oct. 1991, at 13.


                                          37






            base, those messages available only to callers of the same

            BBS.  The other area contains the FidoNet message areas, or

            echoes, which are the messages shared through the FidoNet

            network.  Generally, a FidoNet BBS will go offline once per

            day, usually at night, and during that time will connect to

            neighboring FidoNet boards.  The BBSs will exchange

            messages, and in that way a message posted to a FidoNet echo

            will eventually be propagated to every FidoNet board.

               Other BBS networks include Alternet, Eggnet and

            PCBoard.23

               Gateways               Gateways               Gateways

               As systems become more interconnected, the distinctions

            between BBSs, information services and national networks

            become less important to the user.  Today gateways24 exist

            between virtually all of these networks and information

            services.  A user with an account on any of these systems,

            therefore, can send electronic mail through these gateways

            to a user on any of the others.  A CompuServe subscriber,

            for instance, can address an e-mail message in such a way

            that it will be transmitted through an Internet gateway to a

            FidoNet node.




                                

               23Dvorak and Anis, supra note 21, at 100.

               24A gateway is "a computer that connects two different
            communication networks together.  The gateway will perform
            the protocol conversions necessary to go from one network to
            the other." Freedman, supra note 3, at 307.


                                          38






               The effect of this is the creation of a single, vast

            network, connecting users from all walks of life and

            virtually every geographic location.  Indeed, many users do

            not distinguish between the Internet, Usenet and other

            networks; instead, the entire global complex of

            interconnected computer networks is often referred to simply

            as "The Net."25  A computer hobbyist with an account on a

            FidoNet BBS or a privately-owned Usenet node can participate

            in an online community populated by scientists, college

            students, professionals, government employees and others

            across the globe.  This virtual world,26 existing not in

            physical space but in the electronic realm of computer

            networks, is sometimes called cyberspace.27



               The Culture               The Culture               The Culture

               Originally, mainframe networks such as the Internet were

            created to provide a means by which scientists could share

            technical information.28  Likewise, BBSs originally existed

            to provide specialized groups of people with a medium

            through which they could exchange information.  But the way


                                

               25E.g., Godwin, "The First on a New Frontier," The Quill,
            Sept. 1991, at 19.

               26In computer science, virtual describes a "simulated or
            conceptual environment and, as a result, may refer to
            'virtually' anything."  Freedman, supra note 3, at 735.

               27Hafner and Markoff, supra note 12, at 9.

               28Id. at 280.


                                          39






            in which these media are used today goes far beyond mere

            information sharing.  Instead, computer networks and the

            systems they comprise have become a means of association, a

            community not bound by geography.  In this virtual

            community, people from all over the world meet and associate

            with others who share their interests, all without ever

            seeing one another.

               Naturally, much of the discussion that takes place

            through these media is on the subject of computers.  But a

            surprising amount is nontechnical in nature.  On Usenet, for

            instance, none of the five most popular newsgroups are

            computer-related.29  Instead, Usenet newsgroups provide a

            forum for discussing sex, Star Trek, movies, Indian culture,

            cooking, politics, law, country music, and any other topic

            of enough interest to inspire the creation of a newsgroup.30

               A thread on a Usenet newsgroup might begin with an

            article like this one from rec.music.country.western:

                 From: [email protected] (Wayne Stopak)
                 Newsgroups: rec.music.country.western
                 Subject: Keith Whitley
                 Date: 7 Nov 1991 12:44 EDT



                                

               29The five most popular newsgroups as of October 1991
            were alt.sex, rec.humor.funny, misc.jobs.offered, rec.humor
            and rec.arts.erotica.  Top 40 Newsgroups In Order By
            Popularity, text file distributed via Usenet, November 2,
            1991.

               30As of July 25, 1991, there were 569 newsgroups in the
            standard hierarchies, as well as 655 in "alternative"
            hierarchies, for a total of 1,224.  Spafford, supra notes 19
            and 20.


                                          40





                 I have only been listening to country music for a
                 little while now
                 on W.G.A.R. in Cleveland.  They play some Keith Whitley
                 that I
                 like, namely, I'M NO STRANGER TO THE RAIN and DON'T
                 CLOSE YOUR
                 EYES.  I know that he is no longer alive.  Does anyone
                 know when
                 or how he died?  How old was he?31

               To which the following response might appear:

                 From: [email protected] (Archie Warnock)
                 Newsgroups: rec.music.country.western
                 Subject: Re: Keith Whitley
                 Date: Fri, 8 Nov 1991 14:15:00 GMT

                 <'scuse me, guys - I'll handle this...>

                 Keith died of alcohol poisoning in May of 1989 at the
                 age of 34.
                 "Don't Close Your Eyes" was the song of the year for
                 1988, and
                 just a glimmer of what we'd have gotten from him, had
                 he lived.32

               Of course, Usenet newsgroups are not limited to

            recreational topics.  Many newsgroups are devoted to

            political discussions,33 as shown by these examples from two

            threads in the newsgroup talk.politics.misc:

                 From: [email protected] (James L. Heilman)
                 Subject: Pat Buchanan and David Duke
                 Date: 18 Nov 91 21:42:06 GMT


                                

               31Article posted to Usenet newsgroup
            rec.music.country.western on November 7, 1991.  Newsgroup
            articles have been edited slightly for cosmetic reasons, but
            errors in grammar and spelling -- arguably part of the
            unique flavor of Usenet -- have been left intact.

               32Article posted to Usenet newsgroup
            rec.music.country.western on Nov. 8, 1991.

               33These include talk.politics.drugs,
            talk.politics.mideast, talk.politics.soviet,
            talk.politics.theory, soc.politics,
            alt.politics.homosexuality, and others.


                                          41





                 Newsgroups: talk.politics.misc

                 Given the fact that Pat Buchanan and David Duke will
                 likely run
                 for president, a columnist recently wrote that for
                 George Bush to
                 get elected, he must run to the right of Buchanan and
                 to the left
                 of Duke.  Sounds like a Bozo sandwich to me.  As to the
                 remarkably
                 high voter turnout in Louisiana, George Will stated on
                 This Week
                 With David Brinkley that the way to increase voter
                 turnout in the
                 U.S. is to run a crook against a Nazi.


                 From: [email protected] (James Woodyatt)
                 Newsgroups: talk.politics.misc,alt.censorship
                 Subject: Re: Censorship of 'Doonesbury'
                 Date: 19 Nov 91 01:43:37 GMT

                 In article <[email protected]>,
                 [email protected] (Enemy of Totalitarianism)
                 writes:

                 > Great, if you want to play word games, then we'll
                 play along:
                 > Newspapers have every right to censor their
                 publication.
                 > Newspapers are exercising their right to censor their
                 > publication.  Newspapers ARE NOT CENRSORING Mr.
                 Trudeau.
                 > In the context of the censorship of Mr. Trudeau,
                 there is no
                 > censorship.  He can continue to spout his views, he
                 can talk to
                 > people in the street, pass out leaflets, get
                 published in
                 > sympathetic newspapers, but freedom of speech does
                 not garauntee
                 > access to any and all printed material.  It protects
                 individuals
                 > and organizations from being prevented from airing
                 their
                 > views in a public forum, which is not happening to
                 Mr. Trudeau.
                 > He can not force people to listen to him, or to print
                 his views.
                 > Let him start his own newspaper if he wants to repeat
                 lies.

                 Oh, if only it were so bloody simple. It's not.



                                          42





                 The San Jose Metro wanted to print the strips that the
                 San Jose
                 Mercury News wouldn't run, so they went to United Press
                 Syndicate
                 and told them what they wanted to do. UPS said it was
                 fine with
                 them as long as the Merc, which has exclusive rights to
                 print
                 Doonesbury in the South Bay Area here, signed a waiver
                 allowing
                 the Metro to print the strips that the Merc wouldn't.
                 The Merc
                 refused saying that their intention was to prevent the
                 strip from
                 being read in the South Bay.

                 Tell me with a straight face that is not censorship. It
                 is not
                 illegal. It can be argued that it is not even immoral
                 on its face.
                 But it is certainly censorship.

                 > But they do not send people around to the sources
                 saying "don't
                 > try to publish anywhere else, either".  That's why
                 this form of
                 > "censorship" is more commonly known as "editing".

                 The S.J. Mercury News effectively "edited" the strips
                 out of all the papers in the South Bay area.34

               The decentralized and uncontrolled nature of Usenet

            permits disagreements between participants to become quite

            heated.  This is probably exacerbated by the fact that

            posters may forget social niceties when communication is not

            face to face.  A personal attack on another poster is called

            a flame, and flaming is one of the hazards of life on the

            network.




                                

               34Articles posted to Usenet newsgroup talk.politics.misc
            on Nov. 18 and 19, 1991.  In a reply to another article, net
            convention is to place the ">" symbol to the left of quoted
            passages from the article being replied to.


                                          43






               Electronic Magazines               Electronic Magazines               Electronic Magazines

               BBS message areas and Usenet newsgroups are propagated to

            many people and are themselves a form of publishing.  But

            even closer analogies exist to conventional, printed media

            such as newsletters and magazines.  Numerous electronic

            magazines and newsletters are published regularly and

            distributed to subscribers via computer.

               Bitnet, the mainframe network connecting educational

            institutions, features a number of electronic journals and

            magazines.  These include academic journals covering topics

            such as computers, psychology, medicine and education; they

            also include magazines of fiction, music reviews and

            environmental issues.35

               BBSs also feature a number of online publications.

            Boardwatch, a magazine devoted to news related to BBSs and

            online services, is published monthly in both printed and

            online formats; it can be found both on newsstands and on

            BBSs that subscribe to it.  Another magazine, Info-Mat, is

            published only electronically and covers general computer-

            industry news.  FidoNet BBSs carry Fido News, a newsletter

            covering FidoNet and BBS topics.







                                

               35Bitnet Servers (text file distributed via Bitnet); see
            also E. Parker, "Computer Conferencing Offers Boundless
            Geography, Time," Journalism Educator, Winter 1991, at 49.


                                          44






               The Hacker Culture               The Hacker Culture               The Hacker Culture

               An important subset of the culture of "the Net" is what

            has been called the computer underground, particularly the

            "hacker" subculture.  Chiefly because of its prominent

            involvement in cases and controversies that have contributed

            to the development of policies affecting free speech, this

            part of the online community warrants special consideration.

               To discuss computer hackers, it is necessary first to

            explain what is meant by the term.  The word hacker has many

            different meanings and is used differently by different

            groups.  The online Jargon File, an extensive lexicon of

            hacker slang distributed via computer networks, defines the

            word hacker thus:

                    [originally, someone who makes furniture with
                 an axe] n. 1. A person who enjoys exploring the
                 details of programmable systems and how to stretch
                 their capabilities, as opposed to most users, who
                 prefer to learn only the minimum necessary.  2.
                 One who programs enthusiastically (even
                 obsessively) or who enjoys programming rather than
                 just theorizing about programming.  3. A person
                 capable of appreciating {hack value}.  4. A person
                 who is good at programming quickly.  5. An expert
                 at a particular program, or one who frequently
                 does work using it or on it; as in 'a UNIX
                 hacker'.  (Definitions 1 through 5 are correlated,
                 and people who fit them congregate.)  6. An expert
                 or enthusiast of any kind.  One might be an
                 astronomy hacker, for example.  7. One who enjoys
                 the intellectual challenge of creatively
                 overcoming or circumventing limitations.  8.
                 [deprecated] A malicious meddler who tries to
                 discover sensitive information by poking around.
                 Hence 'password hacker', 'network hacker'.36



                                

               36Jargon File, supra note 8, at line 8397.


                                          45






               The word hacker originated in the early computer labs at

            MIT in the late 1950s.  Originally, it did not even

            necessarily involve computers but referred generally to a

            person who derived pleasure from mastering complex

            technological systems (such as the telephone network or even

            a subway system).  Soon, however, the word came to mean a

            person who compulsively programmed a computer, usually

            ingeniously, and did so for its own sake rather than to

            achieve any goal (other than the program itself).37

               More recently, however, the word has most commonly been

            understood to mean a person who gains unauthorized access to

            computer systems.  This has been the preferred usage in the

            mainstream media, although in computer-enthusiast circles

            this meaning is often frowned upon.  The word cracker,

            according to the Jargon File, was coined in the mid-1980s to

            take this meaning in an attempt to stave off the distortion

            of hacker brought about by the popular press.38  Cracker is

            not widely understood outside hacker circles but is used

            within that culture.

               To some degree, the ambiguity of the word hacker is

            unavoidable.  The two senses are not mutually exclusive: An

            "unsavory" hacker (a cracker) is also a hacker in the

            classic sense, a person who enjoys exploring and mastering



                                

               37See generally Levy, supra note 4.

               38Jargon File, supra note 8, at line 4725.


                                          46






            the complex systems of computers and telecommunications.

            Therefore, while all hackers might not break into computer

            systems, it is not generally inaccurate to apply the word

            hacker to someone who does.

               Despite the potential ambiguity, this thesis will use the

            word hacker mainly in its popular sense: a person who, using

            stolen passwords or other security breaches, gains

            unauthorized access to a computer system.  Most available

            sources use the word in this sense, and continual shifting

            of terminology would not be useful.  However, it is

            necessary first to discuss the elements of hacker culture

            that are common to all hackers, crackers and "classic"

            hackers alike.  In this context, where such distinctions are

            necessary, the word cracker will be used to specify a hacker

            who breaks into computer systems.

               That computer hackers have a culture all their own seems

            beyond question.  The introduction to the Jargon File

            explains the justification for a lexicon of hacker

            terminology:

                    The 'hacker culture' is actually a loosely
                 networked collection of subcultures that is
                 nevertheless conscious of some important shared
                 experiences, shared roots, and shared values.  It
                 has its own myths, heroes, villains, folk epics,
                 in-jokes, taboos, and dreams.  Because hackers as
                 a group are particularly creative people who
                 define themselves partly by rejection of 'normal'
                 values and working habits, it has unusually rich








                                          47





                 and conscious traditions for an intentional
                 culture less than 35 years old.39

               The history and evolution of this culture was traced by

            Steven Levy in his book Hackers: Heroes of the Computer

            Revolution (1984).  The beliefs and values of the hacker

            culture Levy summed up in what he called the "Hacker Ethic":

                    Access to computers -- and anything which might
                 teach you something about the way the world works
                 -- should be unlimited and total....

                    All information should be free....

                    Mistrust Authority -- Promote
                 Decentralization....40

               Ideas such as these help to explain the motivations of

            modern crackers as they break in to computer systems "just

            to look around" and attempt to wrest control of large

            systems away from their owners.

               More recently Gordon Meyer, a sociology student at

            Northern Illinois University, examined the social

            organization of the computer underground.41  Meyer defines

            the computer underground as including not only hackers

            (crackers) but also phone phreaks, people who obtain and use

            unauthorized information about the telephone system, and

            pirates, people who collect and trade illegitimate copies of




                                

               39Id. at line 55.

               40Levy, supra note 4, at 40-41.

               41G. Meyer, The Social Organization of the Computer
            Underground, unpublished master's thesis, Northern Illinois
            University, Aug. 1989.


                                          48






            commercial software.42  These groups are related and,

            especially in the case of phone phreaks and hackers,

            overlapping.43

               While the ethics of hackers and phreakers might be

            questioned, their attitudes seem clearly descended from

            Levy's "Hacker Ethic" and motivated not by malice, but by a

            desire for knowledge:

                    The phone system is the most interesting,
                 fascinating thing that I know of.  There is so
                 much to know....

                    Phreaking involves having the dedication to
                 commit yourself to learning as much about the
                 phone system/network as possible.  Since most of
                 this information is not made public, phreaks have
                 to resort to legally questionable means to obtain
                 the knowledge they want.44

               Meyer's study demonstrates that the computer underground

            exhibits characteristics of a loosely organized social

            group, including association, sharing of information and

            socialization, all through the media of BBSs and computer

            networks.45  This degree of contact between individuals,

            together with the existence of specialized language and

            conduct, indicate clearly that the computer underground is






                                

               42Id. at 25.

               43Id. at 28.

               44Phreaker quoted by Meyer, id. at 29.

               45Id. at 63.


                                          49






            truly a culture.46  But this culture is dependent upon

            computer-based communication for its existence.



               Conclusions               Conclusions               Conclusions

               It is beyond question that this medium falls squarely

            within the Supreme Court's definition of "the press": "The

            press in its historical connotation comprehends every sort

            of publication which affords a vehicle of information and

            opinion."47

               Rather than a "niche" medium of interest only to

            scientists, or a medium of only potential value to society

            at large, computer-based communication is used today by

            countless thousands of people to engage in speech at the

            very heart of that protected by the First Amendment.

            Furthermore, the ready availability of the technology means

            that anyone with a few hundred dollards and the desire to do

            so can become a "publisher" with a potential audience of

            vast size.  "The new computer-based forums for debate and

            information exchange," writes attorney Mike Godwin, "are

            perhaps the greatest exercise of First Amendment freedoms

            this country has ever seen."48  Unencumbered by the

            governmental regulation and financial barriers associated



                                

               46Id. at 76.

               47Lovell v. City of Griffin, 303 U.S. 444, 452 (1938).

               48Godwin, supra note 25, at 18.


                                          50






            with other media -- few people can afford to own a newspaper

            or broadcast station --  computer-based communication

            represents the epitome of a "robust and wide-open" debate.49

            It is also a medium that has spawned its own unique culture,

            and it is that culture's primary means of First-Amendment-

            protected communication and association.

































                                

               49"[W]e consider this case against the background of a
            profound national commitment to the principle that debate on
            public issues should be uninhibited, robust, and wide-open,
            and that it may well include vehement, caustic, and
            sometimes unpleasantly sharp attacks on government and
            public officials."  New York Times Co. v. Sullivan, 376 U.S.
            254 (1964), at 270.


                                          51






                                    CHAPTER THREE:                                    CHAPTER THREE:                                    CHAPTER THREE:

                                     Hackerphobia                                     Hackerphobia                                     Hackerphobia

               Recent controversies involving computers and the First

            Amendment have been the culmination of a conflict that has

            been building since at least the early 1980s.  It was then

            that the activities of computer hackers first came to the

            attention of Congress, leading eventually to the passage of

            laws addressing the perceived problem and opening the door

            to the kind of zealous prosecution that came later.

               The important computer crime legislation passed by

            Congress during the 1980s consisted of the Counterfeit

            Access Device and Computer Fraud and Abuse Act of 1984,

            later amended by the Computer Fraud and Abuse Act of 1986.1

            The 1984 act, part of an omnibus crime bill, was aimed

            primarily at credit card fraud, but also established new

            computer crime offenses.  It created several new offenses

            for unauthorized access to a "federal interest computer"2

            resulting in at least $5,000 or more in illegal gains,

            unauthorized access to classified government data, or

            unauthorized access to confidential financial data.  The

            1986 act made some technical adjustments to the wording of



                                

               118 U.S.C. S1029, 1030 (1988).

               2A federal interest computer is defined in the act as a
            computer used by the government or a federally insured
            financial institution or a computer used in committing an
            offense involving computers in more than one state.  18
            U.S.C. S1030(e)(2) (1988).






            these offenses and added two new ones: one for "malicious

            damage" involving access to a federal interest computer, and

            one proscribing trafficking in stolen passwords.

               These laws only incidentally affected free speech by

            providing law enforcement agencies with broad new authority

            to prosecute computer crime.  In order to understand whether

            that authority has been abused, it is necessary first to

            identify Congress's intentions.

               By examining the committee hearings held throughout the

            1980s on the subject of computer crime, this chapter will

            identify the attitudes and concerns that contributed to

            these computer crime laws.  It will examine the roles not

            only of the legislators themselves, but also of witnesses

            from the industry, law enforcement community and hacker

            culture.



               Government Takes Notice               Government Takes Notice               Government Takes Notice

               The number and variety of information services and other

            forms of computer-based communication available in this

            country suggest a vigorous and almost totally free medium of

            expression.  But this freedom has been the freedom of a

            frontier -- only fairly recently have government regulators

            begun to notice what goes on in the virtual world.  Writer

            John Perry Barlow (a cofounder of the Electronic Frontier

            Foundation) has drawn comparisons between the "electronic

            frontier" of cyberspace and the Old West:




                                          53





                    Cyberspace, in its present condition, has a lot
                 in common with the 19th Century West.  It is vast,
                 unmapped, culturally and legally ambiguous,
                 verbally terse (unless you happen to be a court
                 stenographer), hard to get around in, and up for
                 grabs.  Large institutions already claim to own
                 the place, but most of the actual natives are
                 solitary and independent, sometimes to the point
                 of sociopathy.  It is, of course, a perfect
                 breeding ground for both outlaws and new ideas
                 about liberty.3

               It was only a matter of time before government at some

            level became interested in the activities associated with

            computer communication.  In the words of policy analyst Eli

            Noam, "The problems involving the increased computerization

            of society are somewhat analogous to those that occurred

            with the advent of the automobile.  The car was a wonderful

            thing until we discovered that it produced something called

            pollution.  Then we had to do something about it, or we were

            going to choke on its fumes."4  In the case of computer

            communication, the "pollution" that first drew the attention

            of regulators was computer hacking.



               WarGames               WarGames               WarGames

               Widespread public awareness of computer hacking can be

            traced to 1983 and the release of the movie WarGames, which

            tells the story of David Lightman, a high-school student who

            breaks into a military computer and nearly starts World War


                                

               3Barlow, "Crime and Puzzlement," Whole Earth Review, Fall
            1990, at 45.

               4Daly, "Group Tries Taming 'Electronic Frontier,'"
            Computerworld, Mar. 25, 1991, at 77.


                                          54






            III.5  Lightman, trying to reach a game company's system,

            accesses a fictitious Defense Department computer called the

            WOPR (War Operations Planned Response, pronounced

            "whopper"), which has just been given direct control of the

            nation's nuclear missiles.  Playing what he thinks is a

            game, Lightman initiates a program that brings the world to

            the brink of nuclear war.

               The movie, while entertaining, depicts events ranging

            from highly unlikely to utterly impossible -- in the words

            of one expert, "nothing more than very interesting

            fantasy."6  Despite its implausibility, however, the movie

            contributed to a heightened awareness of computer security

            issues.7

               Only months after the release of WarGames, the FBI, with

            much publicity, arrested a group of young computer hackers

            from Minneapolis who called themselves the 414s (after their

            telephone area code).  Over the course of several months,

            they had broken into numerous computer systems ranging from

            military computers at the Los Alamos National Laboratory to


                                

               5MGM/UA 1983.

               6Computer and Communications Security and Privacy:
            Hearings Before the Subcommittee on Transportation, Aviation
            and Materials of the Committee on Science and Technology,
            House of Representatives, 98th Cong., 1st Sess. (1983)
            (statement of Stephen Walker, president, Trusted Information
            Systems, Inc.)

               7See, e.g., McLellan, "The Hacker's Bane," Inc., Dec.
            1983, at 55; Heins, "Foiling the Computer Snoops," Forbes,
            Nov. 21, 1983, at 58.


                                          55






            a medical records system at the Memorial Sloan-Kettering

            cancer research hospital.8  The hackers had apparently been

            inspired at least partly by WarGames, although their

            activities had begun prior to the film's release.9  They had

            done no damage to most of the systems they had infiltrated,

            though files were erased on a few.  Certainly no real danger

            of the sort depicted in WarGames ever existed.10

            Nonetheless, the arrests seemed to confirm the fears that

            movie had created.

               The cumulative effect of WarGames and the arrests of the

            414s was to catapult hacking into the public eye.  It seemed

            that hacking -- which had, in one form or another, been

            around for decades -- was no longer as harmless as it may

            once have been.  Society's increasing dependence on

            computers was a new vulnerability.  Arizona prosecutor Gail

            Thackeray, a key player in the later Operation Sun Devil,

            returned to the Old West analogy to describe this feeling:

                    Out here in the Wild West, when it was just a
                 few settlers on the land, frontier justice had its
                 place.... You could rustle up wild horses, have
                 Saturday night shoot-'em-ups, do whatever you
                 wanted.  But as the West became more settled,
                 there were still a few guys who wanted to go out


                                

               8See, e.g., Markoff, "Teen Hackers' Antics Prompt House
            Hearing," InfoWorld, Nov. 7, 1983, at 26; DeWitt, "The 414
            Gang Strikes Again," Time, Aug. 29, 1983, at 75.

               9Gillard and Smith, "Computer Crime: A Growing Threat,"
            Byte, Oct. 1983, at 398.

               10See, e.g., Alpern and Lord, "Preventing WarGames,"
            Newsweek, Sep. 5, 1983, at 48.


                                          56





                 and have shoot-'em-ups on Saturday night.  But now
                 they also wanted to shoot at the telegraph poles.
                 And as the shooters began to attack things the
                 community valued, the community acted to protect
                 its rights.11

               It was not long before Congress responded to this sudden

            awareness of the threats of hacking in a computer-dependent

            society.  Several committees in the House of Representatives

            and the Senate began holding hearings on computer crime.12

            All shared a recognition of the pervasiveness of computers

            in American society and the drawbacks associated with that

            pervasiveness, as illustrated by Rep. Dan Glickman's (D-

            Kansas) remarks at one of the earliest hearings, in the fall

            of 1983:

                    We are in an era where we cannot live without
                 computers.  Now, of course, we must learn to live
                 with them.  But have we lost control?  Have we
                 created a monster?  Are we, in effect, the modern-
                 day Dr. Frankenstein?  Do we have a technical
                 problem or is there an ethical problem?  And I
                 suspect the answer is probably both.13







                                

               11Bromberg, "In Defense of Hackers," The New York Times
            Magazine, April 21, 1991, at 45.

               12These included the Subcommittee on Civil and
            Constitutional Rights and the Subcommittee on Crime of the
            House Judiciary Committee, the Subcommittee on
            Transportation, Aviation and Matterials of the House
            Committee on Science and Technology, the Subcommittee on
            Health and the Environment of the House Energy and Commerce
            Committee, and the Subcommittee on Oversight of Government
            Management of the Senate Governmental Affairs Committee.

               13Computer and Communications Security and Privacy, supra
            note 6, at 2.


                                          57






               To illustrate the danger, the subcommittee then proceeded

            to watch an excerpt from WarGames.14

               When that subcommittee issued its report a few months

            later, among its findings were that computers were pervasive

            in American society; that they represented "assets of

            incalculable value"; and that their vulnerability presented

            "a problem of national significance."15  But its

            recommendations were not drastic: It suggested that Congress

            charter a national commission to gather more information on

            the subject and to ultimately recommend a policy

            framework.16  And seemingly recognizing that more was at

            stake than just computer crime, the report said that the

            commission should consider not only the vulnerabilities of

            "critical national systems," but should also take into

            account "the implications of technological innovation on

            government, society and the individual."17

               The Subcommittee on Civil and Constitutional Rights of

            the House Judiciary Committee held a hearing in late 1983 to

            explore the question of whether a federal law would be an



                                

               14Id. at 13.

               15Computer and Communications Security and Privacy:
            Report Prepared by the Subcommittee on Transportation,
            Aviation and Materials, Transmitted to the Committee on
            Science and Technology, House of Representatives, 98th
            Cong., 2d Sess. (1984), at 1.

               16Id.

               17Id.


                                          58






            appropriate remedy to this potential epidemic of computer

            crime.18  Rep. Glickman advised the committee members that

            the subject was more complicated than they thought, though

            he stopped short of suggesting a First Amendment problem:

                    [This subject] goes far beyond the issue of
                 whether there ought to be a Federal crime against
                 accessing illegally a computer of somebody else's
                 system.  It involves privacy issues, it involves
                 management questions both in the private sector
                 and in the Federal Government.... I would tell you
                 that with technology changing so dramatically,
                 electronic mail, a variety of things, I would just
                 urge you to be somewhat cautious in how you
                 proceed in this area.19

               The onward march of technology was at the heart of the

            problem: It was evident that the government was ill-equipped

            to deal with a technology it didn't understand.  Rep. Dan

            Mica (D-Florida) reported that the committee's legislative

            drafting service was having difficulty drafting a computer-

            crime bill because it didn't have any attorneys

            knowledgeable about computers.20  "We have to grope and we

            have to patch and paste from [existing law], and there isn't

            much," he said.  "It is all new ground."21





                                

               18Computer Crime: Hearing Before the Subcommittee on
            Civil and Constitutional Rights of the Committee on the
            Judiciary, House of Representatives, 98th Cong., 1st Sess.
            (1983).

               19Id. at 3.

               20Id. at 10.

               21Id.


                                          59






               "Falling Through The Cracks"               "Falling Through The Cracks"               "Falling Through The Cracks"

               What were the objectives of legislators as they

            approached this new form of crime?  Why did they feel that a

            new federal law was called for?  The basic idea seemed to be

            that computer criminals would somehow "fall through the

            cracks" between existing laws covering fraud, theft and

            embezzlement.22  Rep. Bill Nelson (D-Florida) summed up the

            concern:

                    [T]here is [a] new kind of criminal that is
                 lurking in the shadows of criminal activity.  He
                 is a highly sophisticated criminal.  He is a high-
                 technology criminal, and he is one who, when faced
                 by the Nation's prosecutors, often find they do
                 not have the adequate tools to prosecute.23

               Support for this statement, however, seemed lacking.

            Prosecutors at several hearings testified about their

            experience with computer crime, and universally, they had

            succeeded in prosecuting every case they had pursued.  An

            FBI witness listed crimes committed by computer in terms of

            the existing statutes under which they were already being

            prosecuted: wire fraud, interstate transportation of stolen

            property, bank fraud and embezzlement, destruction of

            government property, and theft of government property.24



                                

               22Computer Crime, supra note 18, at 3-5.

               23130 CONG. REC. H7632 (daily ed. July 24, 1984)
            (statement of Rep. Nelson).

               24Id. at 24 (statement of Floyd I. Clarke, Deputy
            Assistant Director, Criminal Investigative Division, Federal
            Bureau of Investigation).


                                          60






            "We in the FBI have not had, to date, any significant

            problems in prosecution of computer related crime under

            already existing statutes over which we have jurisdiction,

            such as the Fraud by Wire Statute."25  Indeed, although

            prosecutors expressed fears about the difficulty of

            prosecuting computer crime under existing laws, there were

            many examples provided at the hearings of computer crimes

            that had been successfully prosecuted.26

               Nonetheless, the FBI and other law-enforcement witnesses

            went on record as supporting new laws to prevent potential

            future problems.  One prosecutor who had been involved in

            successful computer-crime prosecutions summed up this

            attitude: "It is my view that any additional tool that can

            assist the prosecutor, albeit one that has not so far been

            needed, is not something that I would turn down."27

               Victoria Toensing, a federal deputy assistant attorney

            general, explained in more detail:

                    I am quite certain that sooner or later, we are
                 going to run into some factual situations where we
                 cannot slip the step-sister's foot into


                                

               25Ibid.

               26See, e.g., Computer Crime, supra note 18, at 15-17
            (statement of Rep. Coughlin) (youths who stole $100,000 in
            merchandise by computer and were successfully prosecuted);
            at 18-19 (statement of John Keeney, Deputy Assistant
            Attorney General, Criminal Division, Department of Justice)
            (two "difficult" cases nonetheless prosecuted under existing
            law).

               27Id. at 25 (statement of William Block, Assistant U.S.
            Attorney for the District of Columbia).


                                          61





                 Cinderella's slipper, and we will need a statute
                 that really covers computer fraud....
                    I stress that this is a potential problem
                 because so far at least we have been able to
                 prosecute computer fraud cases under existing
                 statutes.28



               The "Hacker Threat"               The "Hacker Threat"               The "Hacker Threat"

               The hearings also revealed that, despite the excitement

            caused by WarGames and the 414s, the hacker threat was not

            great.  Several witnesses, including 414 hacker Neal

            Patrick,29 testified that the most rudimentary of security

            precautions would have prevented their break-ins.  Asked if

            it was possible for hackers to do extensive damage, Patrick

            responded, "I think it is.  But I also think it's very easy

            to prevent that.  There is no need for million-dollar

            security measures, but just commonsense ideas and attitudes

            would prevent most of this, if not all of this, from

            happening."30  Robert Morris, a prominent computer security

            expert who had worked with the National Security Agency,

            agreed:

                    The notion that we are raising a generation of
                 children so technically sophisticated that they
                 can outwit the best efforts of the security


                                

               28Computer Fraud Legislation: Hearing Before the
            Subcommittee on Criminal Law of the Committee on the
            Judiciary, U.S. Senate, 99th Cong., 1st Sess. (1985), at 34-
            5 (statement of Victoria Toensing, Deputy Assistant Attorney
            General, Criminal Division, Department of Justice).

               29Computer and Communications Security and Privacy, supra
            note 6, at 17.

               30Id. at 19.


                                          62





                 specialists of America's largest corporations and
                 of the military is utter nonsense.  I wish it were
                 true.  That would bode well for the technological
                 future of the country.... These kids appear to be
                 having fun and, in most cases, the techniques
                 involved, the techniques required have almost no
                 sophistication whatever.  They are the moral
                 equivalent of stealing a car for joy riding
                 purposes when the keys have been left in the
                 ignition.31

               By and large, most legislators seemed to understand this

            -- that the success of hackers such as the 414s was due

            almost entirely to poor password control and other lax

            security procedures.32  And they were reassured by

            government witnesses that rigorous security measures made

            sensitive national-security data such as that at Los Alamos

            impervious to access by outsiders.33  Nonetheless, many

            seemed to favor a "brute force" approach to solving the

            immediate problem:

                    I have learned that this problem is largely the
                 result of poor and/or lax computer security.
                 However, until computer security is improved and
                 installed I believe we owe it to our citizenry to
                 protect those records and the vital information
                 which is so stored.  This protection can best be
                 afforded with a federal statute ...34



                                

               31Computer and Communications Security and Privacy, supra
            note 6, at 507 (statement of Robert Morris).

               32See, e.g., Computer Crime, supra note 18, at 7
            (statement of Rep. Glickman).

               33Computer and Communications Security and Privacy, supra
            note 6, at 34 (statement of Jimmy McClary, Division Leader
            for Operation Security and Safeguards Division, Los Alamos
            National Laboratory).

               34Computer Crime, supra note 18, at 17 (statement of Rep.
            Coughlin (R-Pennsylvania)).


                                          63






               Others continued to believe that hackers were a serious

            threat to American businesses and to national security.

            Legislators spoke of the "underground culture of people

            known as computer hackers who continuously try to defeat the

            security measures programmed into modern computers."35  But

            attempts to uncover a hacker conspiracy capable of bringing

            down the entire national infrastructure were unsuccessful.

            Rep. William Carney (R-New York) asked hacker Neal Patrick

            if he was aware of any "professional groups" of hackers who

            worked to break into computers for personal gain.  When

            Patrick said no, Carney reminded him of TAP, which he

            described as "an organization [with] bulletins, letters, and

            communications back and forth."36  In fact, TAP was not an

            organization at all, but a four-page newsletter

            (Technological Assistance Program) providing technical

            information of interest to hackers.37  Rep. Glickman asked

            witness Donn Parker, who described himself as a hacker (but

            not of what he called the "unsavory" variety), if there was

            a "hackers organization,"38 to which Parker said no.  Parker

            went on to say that he had been approached by military


                                

               35Computer and Communications Security and Privacy, supra
            note 6, at 2.

               36Id. at 21.

               37Hafner and Markoff, Cyberbunk: Outlaws and Hackers on
            the Computer Frontier 20-21 (1991).

               38Computer and Communications Security and Privacy, supra
            note 6, at 81.


                                          64






            officials who were also concerned about organized hacker

            conspiracies:

                    I was paid a visit by some of the Office of
                 Special Investigations of the Air Force on this
                 exact concern of theirs.... [I]n the future what
                 they were concerned about was sort of a type of an
                 electronic Messiah, a charismatic figure being
                 able to rally the unsavory hacker forces together,
                 and in effect direct them towards the penetration
                 -- organized penetration -- of computer systems.39

               The potential danger from such an "electronic Messiah" --

            or in Rep. Glickman's words, "a 21st century Adolf Hitler"40

            -- was evidently perceived as great.  One study cited by

            Parker had tackled the question of whether computer crime

            could bring about "national collapse" in the United States.

            While the study's conclusion was negative, it said that

            great damage could still be done; and Parker added that many

            experts disagreed with the conclusion and felt that the

            nation had already reached "a critical stage of

            vulnerability."41

               Despite these fears, it became clear as the hearings

            progressed that hackers generally were merely mischievous

            rather than malicious.  As one witness cautioned, "You don't

            want to lock up some kid who is just fooling with his

            computer and all of a sudden he is guilty of a felony and




                                

               39Id.

               40Id.

               41Id. at 77.


                                          65






            you have an obligation to go after him, like in that movie

            we saw."42

               Most legislators seemed ultimately to conclude that the

            real threat was not from hackers at all, but from a less

            spectacular source: employees and others who already had

            authorized access and misused it.43



               Exaggerated Fears: The "WarGames Scenario"               Exaggerated Fears: The "WarGames Scenario"               Exaggerated Fears: The "WarGames Scenario"

               There remained those, however, whose fear of computers

            and of mysterious, shadowy hackers -- perhaps reinforced, or

            even caused, by WarGames -- led to a tendency to exaggerate

            the danger of hackers.  Legislators couldn't resist the

            temptation to compare real-life hacking incidents to

            WarGames, despite assurances that the events in the film

            were impossible.  While certainly there may have been a real

            computer-crime problem, that problem -- fraud perpetrated by

            insiders -- was in reality less spectacular and exciting.

            And legislators tended to see grave problems where there

            were, at best, only potential problems.

               This tendency is perhaps best illustrated by the hearings

            and debates surrounding one of the post-WarGames computer-


                                

               42Computer Crime, supra note 18, at 28 (statement of Mr.
            Edwards).

               43See, e.g., Computer Crime, supra note 18, at 49-50
            (statement of James F. Falco, Assistant State Attorney,
            Consumer Fraud and Economic Crime Division, Eleventh
            Judicial Circuit of Florida); Computer and Communications
            Security and Privacy, supra note 15, at 4.


                                          66






            crime bills.  The Medical Computer Crime Act of 198444 was a

            response to the 414s' computer break-in at the Memorial

            Sloan-Kettering cancer research center45 and was designed to

            provide medical institutions specific legal recourse to help

            protect their computerized medical records.  This break-in

            was a popular example of the "hacker problem," and it was

            frequently cited as having been a "life-threatening"

            incident.46

               At a hearing in April 1984,47 the Subcommittee on Health

            and the Environment of the Committee of Energy and Commerce

            of the House of Representatives explored the supposedly

            pervasive problem of illegal access to medical records.

            Despite this supposed pervasiveness, however, witness Robert

            Coburn -- whose company provided computer services to

            hospitals -- could cite only two examples of illegal access

            to hospital computers.  One was the 414s' Sloan-Kettering








                                

               44H.R. 4954, 98th Cong. (1984).

               45132 CONG. REC. H9262 (daily ed. Oct. 6, 1986)
            (statement of Rep. Wyden).

               46See, e.g., Computer Crime, supra note 18, at 12
            (statement of Rep. Mica).

               47Health and the Environment Miscellaneous -- Part 4:
            Hearings Before the Subcommittee on Health and the
            Environment of the Committee  of Energy and Commerce, House
            of Representatives, 98th Cong. (1984).


                                          67






            break-in.  The other was in an episode of the television

            show St. Elsewhere.48

               Furthermore, while the St. Elsewhere break-in did result

            in a patient's death, the Sloan-Kettering incident was

            decidedly less exciting.  "This situation demonstrated the

            potential for a War Games scenario to occur, albeit on a

            less dramatic scale in the hospital setting," Coburn

            testified.  "We understand that the data base that was

            accessed and tampered with at Sloan Kettering was actually

            billing data, and therefore probably did not pose a life-

            threatening situation."49

               When asked if he was aware of any other such break-ins,

            Coburn's answer was probably not what the committee wanted

            to hear:

                    In discussions with various hospitals around
                 the country, we have not been able to find
                 evidence of other similar instances of medical
                 computer crime.  We have noted that as hospitals
                 are becoming more technologically sophisticated,
                 they are recognizing the need to safeguard their
                 data from this possibility by instituting ... more
                 sophisticated security measures on the computer
                 systems themselves.50

               Several witnesses, while favoring the bill, spoke only of

            a potential problem.  Coburn explained, "We are not aware

            that the problem is as yet widespread or pervasive.  As you


                                

               48Id. at 350 (statement of Robert W. Coburn, President,
            Commons Management Group).

               49Id.

               50Id.


                                          68






            have indicated, however, it is a potentially disastrous

            situation...."51  Another witness predicted that

            "[p]otential problems will become real problems.

            Unauthorized tampering with medical records will result in

            incorrect -- and possibly life threatening -- changes in

            treatment."52  But none cited any incidents where this had

            already happened.

               Indeed, witness Meryl Bloomrosen of the American Medical

            Record Association testified that "[i]t is unlikely that

            unauthorized access and tampering with information such as

            that used for billing would result in interference with the

            patient's treatment."53

               The consensus seemed to be that only the potential for a

            problem existed, and the Sloan-Kettering break-in appeared

            to be the only case anyone knew about of an actual illegal

            access to a hospital computer.  Furthermore, it became clear

            that even the Sloan-Kettering break-in did not threaten

            lives.  A report from the hospital submitted for another

            hearing explained that

                 [i]n no way did any of the tampering affect the
                 treatment of patients receiving radiation therapy.




                                

               51Id. at 355 (emphasis added).

               52Id. at 423 (statement of Robert B. Conaty, on behalf of
            American Hospital Association).

               53Id. at 427 (statement of Meryl Bloomrosen, on behalf of
            American Medical Record Association).


                                          69





                 Only the accounting information -- billing records
                 to [hospitals using the system] -- was affected.54

                 Hacker Neal Patrick of the 414s, testifying at that

            same hearing, agreed that only "doctor's bills, where ...

            doctors would be billed for services or would be billed for

            the time that he used" on the computer system had been

            accessed.55

               Despite all this, however, the bill's sponsor, Rep. Ron

            Wyden (D-Oregon), reported back to the full House that "last

            summer, with just a few taps of a computer keyboard, a group

            of adolescents put at risk the health of thousands of cancer

            patients at Memorial Sloan-Kettering Cancer Center in New

            York."  He said that the 414s had "gained access to the

            radiation treatment records for 6,000 past and present

            patients and had at their fingertips the ability to control

            the radiation levels that every patient received....

            Luckily, no one was hurt -- this time."56

               Rep. Henry Waxman (D-California) contributed to the

            excitement, speaking of "the large and growing problem of

            outsiders gaining access to hospital records"57 -- a problem

            none of the expert witnesses had been able to see.


                                

               54Computer and Communications Security and Privacy, supra
            note 6, at 546 (statement submitted for the record by the
            Memorial Sloan-Kettering Cancer Center).

               55Id. at 27 (statement of Neal Patrick).

               56130 CONG. REC. H9637 (daily ed. Sept. 17, 1984)
            (statement of Rep. Wyden).

               57Ibid. (statement of Rep. Waxman).


                                          70






               Perhaps not surprisingly, the bill was passed.  Though it

            never became law independently, it contributed to the

            Computer Fraud and Abuse Act of 1986, the law under which

            Craig Neidorf would be indicted in 1990.



               Mistrust of Computers               Mistrust of Computers               Mistrust of Computers

               A recurring theme throughout new proposals like the

            Medical Computer Crime Act was a tendency to focus on the

            tool of the crime -- the computer -- rather than on the

            crime itself.  The computer was seen as super-powerful and a

            crime committed by computer as somehow worse than the same

            crime committed by more conventional means.  "[C]omputer

            embezzlement is to traditional embezzlement as a nuclear

            bomb is to a slingshot," one witness said.  "They are both

            weapons in the latter and they are both offenses in the

            former, but other than that they have nothing in common."58

               It appeared that to some, the crime itself was less

            important than the tool used to commit it.  According to

            Rep. Don Edwards (D-California), "It might be easier to

            convict somebody for stealing money from a bank by charging

            the person with computer crime, rather than the crime of






                                

               58Computer Crime, supra note 18, at 35 (statement of
            James Falco, Assistant State Attorney, Consumer Fraud and
            Economic Crime Division, Eleventh Judicial Circuit of
            Florida).


                                          71






            embezzlement or stealing money from it."59  This sort of

            emphasis on the computer rather than the theft was evidently

            already practiced under existing state computer crime laws;

            a Florida woman, for instance, was convicted of stealing

            more than $100,000 from her employer, an insurance company.

            For insurance fraud and grand theft, she was sentenced to

            five years, but for computer fraud, she was sentenced to

            seven years.60

               Some legislators commented on this evident misdirection

            of their attention, pointing out that the computer was

            merely a tool like a gun or a forger's pen61 and therefore

            capable of being misused.  Rep. Bill Nelson pointed out that

            even the terminology used was misleading:

                    Computer-assisted crime is the way we should
                 refer to this particular type of wrongdoing.  But
                 I doubt that the simpler, less accurate term
                 'computer-crime' will disappear from popular
                 reports of the problem.
                    Nevertheless, what we are talking about is not
                 crimes committed by computers, but crimes
                 committed by people with the assistance of
                 computers.62





                                

               59Computer Crime, supra note 18, at 27 (statement of Mr.
            Edwards).

               60Conputer Crime, supra note 18, at 35.

               61Computer Crime, supra note 18, at 27 (statement of Mr.
            Clarke); Computer Communications Security and Privacy, supra
            note 15, at 20.

               62132 CONG. REC. H3277 (daily ed. June 3, 1986)
            (statement of Rep. Nelson).


                                          72






               There was some recognition that the tool used to commit

            these crimes was not the real issue at all.  Though no one

            spoke of cyberspace or the Hacker Ethic, some legislators

            and witnesses did recognize that what was new was an

            attitude about information.  Indeed, at one of the earliest

            hearings, Rep. Dan Glickman cautioned his colleagues:

                    We need to respond to a very real problem, but
                 the real issue is abuse of information.  The bills
                 tend to focus on the device or instrumentation of
                 the crime.  Perhaps we should be looking at more
                 all-encompassing ways to address the violation,
                 the misuse of information.63

               Others also advocated a comprehensive approach:

                    [W]e need to shift attention in our statutes
                 from concepts such as "tangible property" and
                 credit and debt instruments to concepts of
                 "information" and "access to information."64

               Others also spoke of the intricacies and difficulties of

            adapting property law to an information-based society.

                    We also need better legal definitions for our
                 electronic information society.  Such terms as
                 "property," "property rights," "theft of
                 property," "malicious access," and "manipulation
                 of contents" need to be defined with our current
                 and future electronic information society in
                 mind.65




                                

               63Computer Crime, supra note 18, at 8.

               64Counterfeit Access Device and Computer Fraud and Abuse
            Act: Hearings Before the Subcommittee on Crime of the
            Committee on the Judiciary, House of Representatives, 98th
            Cong., 1st and 2d Sess. (1983-84), at 1.

               65Id. at 299 (statement of George Minot, Senior Vice
            President, CompuServe); see also Computer Crime, supra note
            18, at 25 (statement of William Block).


                                          73






               One witness spoke of "crimes of information" and the need

            to "properly value, assess, and protect information as an

            asset."66  It would be just such an assessment that would

            lead to the prosecution of Craig Neidorf.



               Financial Impact               Financial Impact               Financial Impact

               Ultimately, the financial impact of computer crime seems

            to have been Congress's primary motive for moving ahead with

            computer crime legislation.  Though the issue of computer

            crime was originally brought to its attention by the

            spectacular exploits of hackers such as the 414s and David

            Lightman in WarGames, it became clear that the largest

            threat came not from hackers (whose motives, it seemed, were

            rarely avaricious), but from "insiders" -- employees and

            others with authorized access who committed fraud by

            computer.67  The danger to national security -- the

            possibility of a "WarGames scenario" -- turned out to be

            very slight, but less-exciting computer crime did exist.

            Such crime, according to an American Bar Association survey









                                

               66Id. at 256 (statement of Henry Dreifus, President,
            Corpra Research).

               67Computer and Communications Security and Privacy, supra
            note 15, at 4.


                                          74






            cited at several hearings, cost American businesses $730

            million in one year.68

               Rep. Peter Rodino summed up the economic approach by

            arguing that attacking white-collar crime such as computer

            crime would be

                 more productive, economically, to this country
                 than the more publicized emphasis on violent
                 crime.
                    The prosecution of this type of crime, which
                 silently robs millions of dollars from all of the
                 taxpayers, a few dollars at a time, we believe,
                 must remain a high priority for Federal law
                 enforcement.69

               In the end, then, it seems that the computer-crime laws

            that were passed in the wake of the hacker fears of 1983

            were intended not so much to deter hacking as to provide

            law-enforcement officials with tools to prosecute thieves.

            The economic intent of these laws is perhaps illustrated by

            the fact that in the new laws Congress gave primary

            authority to the Secret Service -- an arm of the Treasury

            Department -- to investigate computer crime.



               First Amendment Concerns               First Amendment Concerns               First Amendment Concerns

               It is evident that for the most part, Congress did not

            perceive any First Amendment implications in the bills it



                                

               68See, e.g., The Computer Fraud and Abuse Act of 1986:
            Hearing Before the Committee on the Judiciary, U.S. Senate,
            99th Cong., 2d Sess. (1986), at 1.

               69130 CONG. REC. H7634 (daily ed. July 24, 1984)
            (statement of Rep. Rodino).


                                          75






            considered.  Indeed, only one computer-crime bill of the

            mid-1980s appears to have turned Congress's attention to the

            First Amendment.  In July 1985, the Judiciary Committee's

            Subcommittee on Security and Terrorism held a hearing to

            consider the reported problem of computer networking by

            pedophiles.70  The bill under consideration would have

            explicitly proscribed obscene interstate computer

            transmissions, as well as transmissions "whose purpose is to

            facilitate the sexual abuse or sexually explicit depiction

            of a child."71

               Deputy Assistant Attorney General Victoria Toensing of

            the Department of Justice's criminal division evaluated the

            bill in constitutional terms:

                    It is abundantly clear that neither obscene
                 material nor child pornography is protected by the
                 first amendment.  It is also clear that indecent
                 material which is not obscene, but which is in and
                 of itself offensive, may be regulated civilly if
                 not banned.  The extent to which legislation may
                 go beyond this point to ban material which is
                 merely communicative in nature and not per se
                 obscene or indecent is somewhat more problematic.
                    As a general rule, the first amendment
                 prohibits the Government from interfering in
                 communication of purely factual information even
                 where the material communicated is of a commercial
                 nature.  Thus, in our view, legislation which
                 seeks to ban the transmission of only descriptive
                 or factual information about juveniles with



                                

               70The Use of Computers to Transmit Material Inciting
            Crime: Hearing Before the Subcommittee on Security and
            Terrorism of the Committee on the Judiciary, United States
            Senate, 99th Cong., 1st Sess. (1985).

               71Id. at 12.


                                          76





                 nothing more, without a specific intent, would
                 raise serious constitutional problems....
                    Of course we are all repulsed by the fact that
                 people are using information like this.  However,
                 we do not have a Supreme Court case that allows us
                 to do that yet.72

               This statement indicates -- albeit indirectly -- that if

            nothing else, the Justice Department does (or did in 1985)

            recognize computer-based communication as deserving of First

            Amendment rights.  Furthermore, the model Toensing applied

            seemed closer to that of print than that of broadcast: "The

            written word has not been considered exempt from first

            amendment protection," she testified.  "And that is the

            problem there, Senator."73



               Summary               Summary               Summary

               The release of the movie WarGames, followed closely by

            the highly visible arrests of the 414s, initiated the early

            phase of the regulatory process regarding computer

            communication.  This early phase saw the involvement of

            three important players: Congress, which set the stage for

            later controversy with its computer crime legislation;

            computer hackers, who sparked the whole controversy; and law

            enforcement agencies, which encouraged Congress to pass laws

            covering crimes that might otherwise "fall through the

            cracks."  The latter two would continue to play an important



                                

               72Id. at 27-34.

               73Id. at 34.


                                          77






            part in the ongoing controversy of freedom of speech and

            computer communications.




















































                                          78






                                     CHAPTER FOUR:                                     CHAPTER FOUR:                                     CHAPTER FOUR:

                                  Operation Sun Devil                                  Operation Sun Devil                                  Operation Sun Devil

               The late 1980s and early 1990s saw the emergence of

            several major players in the controversy over computer-based

            communication.  During the early 1980s, when Congress was

            considering and passing the Computer Fraud and Abuse Acts of

            1984 and 1986, law enforcement agencies, though interested,

            remained largely on the sidelines.  They made it clear to

            legislators that they would not turn down new laws to help

            them fight computer crimes but otherwise kept a low profile.

            During the late 1980s and especially 1990, however, law

            enforcers -- particularly the Secret Service, which was

            given primary authority to enforce computer crime laws under

            the 1984 and 1986 statutes -- took their duties to lengths

            some thought excessive.  While the passage of computer crime

            laws had not caused much controversy, the way in which the

            laws were executed caused many to fear for the future of the

            First Amendment.1

               Other major players who emerged prominently during this

            time include the hacker community, which suddenly found

            itself at the middle of a constitutional controversy; a new

            political action group, the Electronic Frontier Foundation,

            which championed the cause of freedom in cyberspace; and


                                

               1See, e.g., Costikyan, "Closing the Net," Reason, Jan.
            1991, at 22; Kapor, "Civil Liberties in Cyberspace,"
            Scientific American, Sept. 1991, at 116; Barlow, "Crime and
            Puzzlement," Whole Earth Review, Fall 1990, at 45.






            federal courts, which for the first time had the opportunity

            to rule on the First Amendment questions associated with

            computer-based communication.

               This chapter will examine the contributions of these

            players in the hacker crackdown controversy that exploded

            during 1990.  After a survey of the events surrounding the

            crackdown and the two major cases that emerged from it, this

            chapter will identify the positions and agendas of these

            players, based upon policy statements, legal documents, news

            stories and other material.



               Crackdown               Crackdown               Crackdown

               On May 9, 1990, the United States Department of Justice

            announced the culmination of Operation Sun Devil, a two-year

            investigation into computer hacking.2  The operation had

            involved "sophisticated investigative techniques" and

            targeted "computer hackers who were alleged to have

            trafficked in and abuse [sic] stolen credit card numbers,

            unauthorized long distance dialing codes, and who conduct

            unauthorized access and damage to computers."3

               On the two days immediately before the announcement, the

            Secret Service, under the authority bestowed upon it by the

            Counterfeit Access Device and Computer Fraud and Abuse Act


                                

               2U.S. Department of Justice, United States Attorney,
            District of Arizona, Press Release (May 9, 1990).

               3Id.


                                          80






            of 1984,4 had executed 27 search warrants in cities across

            the United States.5  Forty computers and 23,000 computer

            disks were seized by federal agents and local law

            enforcement officials.6  No arrests were immediately made

            and no charges filed; the searches and seizures were part of

            the ongoing investigation of Operation Sun Devil.  The

            operation was the latest development in a crackdown that had

            been going on at least since 1987.7

               Communications on BBSs from the time show that the Secret

            Service's enforcement efforts were having an effect on the

            hacker community.  The feeling in the computer underground

            during the late 1980s and 1990 was one of siege:

                    We can now expect a crackdown.... I just hope
                 that I can pull through this one and that my
                 friends can also.  This is the time to watch
                 yourself.  No matter what you are into....
                 Apparently the government has seen the last straw
                 in their point of view.... I think they are going
                 after all the 'teachers' [of hacking techniques]
                 ... and so that is where their energies will be
                 put: to stop all hackers, and stop people before
                 they can become threats.8



                                

               418 U.S.C. S1030 (1988).

               5Press release, supra note 2.

               6"Probe Focuses on Entry, Theft by Computers," Chicago
            Tribune, May 10, 1990, at sec. 1, p. 6.

               7See, e.g., Betts, "Hackers Under the Gun: Secret Service
            Sweep Yields Arrests Nationwide," Computerworld,  Aug. 17,
            1987, at 2.

               8Posting from a computer BBS, quoted in E. Goldstein, "An
            Overview," 2600 Magazine, Spring 1990 (as reproduced in
            Computer Underground Digest, Issue 1.10, at lines 87-92).


                                          81






               One of the sysops of a BBS called the Phoenix Project,

            concerned about his users' privacy, posted the following

            announcement in the spring of 1990, months before the

            announcement of Operation Sun Devil:

                    I will be adding a secure encryption routine9
                 into the e-mail in the next 2 weeks -- I haven't
                 decided exactly how to implement it, but it'll let
                 two people exchange mail encrypted by a password
                 only known to the two of them.... Anyway, I do not
                 think I am due to be busted.... I don't do
                 anything but run a board.  Still, there is that
                 possibility.  I assume that my lines are all
                 tapped until proven otherwise.  There is some
                 question to the wisdom of leaving the board up at
                 all, but I have personally phoned several
                 government investigators and invited them to join
                 us here on the board.  If I begin to feel that the
                 board is putting me in any kind of danger, I'll
                 pull it down with no notice -- I hope everyone
                 understands.  It looks like it's sweeps-time again
                 for the feds.  Let's hope all of us are still
                 around in 6 months to talk about it.10

               The Phoenix Project BBS was shut down within a few days

            as part of the Steve Jackson Games raid.11

               Another Sun Devil target was the Ripco BBS, operated in

            Chicago by Bruce Esquibel ("Dr. Ripco"), who was not a






                                

               9Encryption is "the encoding of data for security
            purposes by converting the standard data code into a
            proprietary code before transmission over a network.  The
            encrypted data must be decoded at the receiving station."
            Essentially, encryption renders computer data unintelligible
            until it is decrypted using the correct mathematical key.
            A. Freedman, The Computer Glossary 259 (4th ed. 1989).

               10Quoted in Goldstein, supra note 8, at lines 224-235.

               11Id. See infra notes 54-61 and surrounding text.


                                          82






            hacker and claimed no interest in hacking.12  Ripco,

            however, was a popular "hangout" in the computer

            underground, largely because of its extensive collection of

            text files, and was a popular "chat" BBS covering wide-

            ranging topics.  It had a reputation as being a "legal and

            above-board" BBS.13  In fact, Ripco had an explicit policy

            forbidding the posting of stolen credit card numbers or

            specific instructions on how to "phreak" a phone call, as

            sysop Esquibel explained later:

                    It is no secret that many of the posts of board
                 5 (fone phun) either solicited for the need of or
                 said they had and would share such information. I
                 never considered this wrongful for a number of
                 reasons.  The primary one would be most people on
                 there were blowing smoke as far as really knowing
                 anything either fraudulent or important....  Many
                 people who wish to raise their status will often
                 come up with outlandish claims in an attempt to
                 convince others he or she is an expert on one
                 matter or another.
                    Any attempt to suppress this act I felt would
                 of [sic] damaged Ripco's open door policy since
                 people do have to start somewhere and eventually
                 learn their peers will catch on fast if someone is
                 pulling a bluff.  Thus this type of activity was
                 tolerated but the line was crossed if anyone
                 attempted to really do it.  For example if a
                 message contained something like 'just dial 1-800-
                 555-1212 and punch in 123456 at the tone', the
                 entire message was removed or in more cases re-
                 edited especially if other parts were about non-
                 related matters.14


                                

               12Sulski, "Crackdown on Crime Is Raising Question of
            Computer Rights," Chicago Tribune, Nov. 18, 1990, at 17.

               13"Update on Ripco BBS and Dr. Ripco," Computer
            Underground Digest, Issue 1.26, at lines 574-607.

               14Esquibel, "Dr. Ripco Speaks Out," Computer Underground
            Digest Issue 1.27, at lines 342-370.


                                          83






               On May 8, 1990, Secret Service awakened Esquibel and

            seized his BBS.15  In addition to the BBS computer, they

            also confiscated several other computers that had no

            connection to the BBS but were physically close to it.

            Esquibel was not charged with a crime, but during the

            agents' questioning, they told him they had printouts of

            stolen credit card numbers and long-distance access codes

            that had apparently been posted to the BBS without

            Esquibel's knowledge.  They also commented on files that

            contained instructions on constructing bombs, telling him

            that making such information available was "wrong."16

               Those affected by Operation Sun Devil seemed keenly aware

            of the implications of such shutdowns.  "Does the First

            Amendment come into play at all?" Esquibel asked.  "[W]hy

            isn't a newspaper's printing press taken when a reporter

            refuses to name his sources about a sensitive story?"17

               "Raiding Ripco seems to be throwing the baby out with the

            bath water by intimidating sysops willing to allow

            provocative discussions," wrote the editors of one online

            newsletter.  "In our view, this is no long a computer







                                

               15E.g., Sulski, supra note 12, at 17.

               16Esquibel, supra note 14, at lines 328, 388.

               17Id. at line 520.


                                          84






            underground issue, but one of First Amendment

            protections."18

               Closing down BBSs, however, did not seem to attract very

            much attention, perhaps because the First Amendment's

            applicability to the medium remained untested.  The most

            visible and controversial "busts" resulting from the Secret

            Service's hacker crackdown were the related cases of Craig

            Neidorf, a Missouri college student, and Steve Jackson

            Games, a small publishing company in Austin, Texas -- cases

            in which the First Amendment issues seemed clearer than ever

            before.19



               The Case of Craig Neidorf               The Case of Craig Neidorf               The Case of Craig Neidorf

               The legal troubles of Craig Neidorf centered around a

            computer text file that originated at the Atlanta offices of

            the Bell South telephone company.  The E911 (Enhanced 911)

            file, as it was called, contained "a description of the

            purposes, operation, installation, and maintenance of the

            emergency 911 telephone service operated by Bell South [and]

            a glossary of the terminology needed to understand the




                                

               18"Moderators' Corner," Computer Underground Digest Issue
            1.09 (May 16, 1990), at lines 108-117.

               19See, e.g., "Group to Defend Civil Rights of Hackers
            Founded by Computer Industry Pioneer," Wall Street Journal,
            July 11, 1990, at B4, col. 1; "Enforcement Questions Raised
            After Hacker Case Dismissed," Washington Post, Aug. 2, 1990,
            at C13, col.1.


                                          85






            operation of the 911 system."20  Sometime around December of

            1988, Robert Riggs, a member of a hacker group called the

            Legion of Doom,21 gained unauthorized access to Bell South's

            Atlanta computer system, from which he downloaded22 a copy

            of the E911 file to his home computer in Decatur, Georgia.

            He then transferred the file to a public BBS in Lockport,

            Illinois.  Neidorf downloaded the file from the Illinois BBS

            to his home computer in Missouri, edited it and published

            its contents in Issue 24 of his electronic magazine Phrack,

            which was distributed to subscribers and BBSs via computer

            networks.23

               On February 7, 1990, Riggs and Neidorf were indicted by

            an Illinois grand jury on charges of wire fraud,24 violation

            of the Computer Fraud and Abuse Act of 198625 and interstate

            transportation of stolen property.26  The indictment alleged



                                
               20
                 Memorandum of Law of Amicus Electronic Frontier
            Foundation at 2, U.S. v. Riggs, 743 F.Supp. 556 (N.D. Ill.
            1990).

               21Costikyan, supra note 1, at 23.

               22To download is "to transmit data from a central
            computer to a remote computer." Freedman, supra note 9, at
            232.

               23Costikyan, supra note 1. at 2-3.

               2418 U.S.C.A. S1343 (1990).

               2518 U.S.C.A. S1030 (1990).

               2618 U.S.C.A. S2314 (1990).  Riggs/Neidorf indictment
            reproduced in Computer Underground Digest, Issue 1.00 (Mar.
            1990).


                                          86






            that the E911 file was proprietary27 and confidential, that

            it was worth $79,449 to Bell South, and that it contained

            information hackers could use to disrupt the operation of

            the 911 system.28  Four months later the grand jury revised

            that indictment, relying now only upon charges of wire fraud

            and interstate transportation of stolen property.29

               The charges against Neidorf fell generally into three

            categories: those alleging a broad conspiracy to commit wire

            fraud; those connected with the transfer of the E911 file

            from Georgia, through Illinois, to Missouri; and those

            connected with the publication of Phrack -- not only the

            issue containing the E911 file, but also two previous issues

            that allegedly advocated hacking activity.30

               One of these issues had contained an article titled "The

            Phoenix Project."31  This project, according to the

            government, was "a plan to solidify the hacker community by

            publishing hacking tutorials and disseminating other items



                                

               27"Belonging to ownership; belonging or pertaining to a
            proprietor; relating to a certain owner or proprietor.  Made
            and marketed by a person or persons having the exclusive
            right to manufacture and sell such; as a proprietary
            article, medicine, or food." Black's Law Dictionary 637
            (Abridged 5th ed. 1983).

               28Indictment, supra note 26.

               29U.S. v. Riggs superseding indictment reproduced in
            Computer Underground Digest Issue 1.15 (June 16, 1990).

               30U.S. v. Riggs, 743 F.Supp. 556, 559 (N.D. Ill. 1990).

               31Costikyan, supra note 1, at 26.


                                          87






            of interest to hackers, such as information on how to

            prevent law enforcement authorities from discovering hacking

            activity."32  Another charge related to a later issue of

            Phrack that allegedly contained such tutorials.33

               Shortly after Neidorf's trial began in July 1990, the

            prosecution's case began to come apart.  A Bell South

            employee testified that the supposedly confidential document

            -- which Bell South had originally valued at $79,449, though

            it later reduced that figure to $20,000 -- was, in fact,

            available for $13 to anyone calling an 800 number.34

            Prosecutors dropped the charges against Neidorf on July 27.

            Robert Riggs had already pleaded guilty.35

               The Steve Jackson Games Case               The Steve Jackson Games Case               The Steve Jackson Games Case

               Steve Jackson Games (SJG), a small, privately owned

            company in Austin, Texas, designs and manufactures role-

            playing adventure games of the type played with dice and

            elaborate rule books.  Many of these games have been part of

            GURPS, the Generic Universal Role Playing System, a series

            that includes such titles as GURPS Witch World, GURPS Conan

            and GURPS Riverworld. The company also operates a BBS called

            Illuminati, which SJG uses to facilitate communication


                                

               32743 F.Supp. 556, 558.

               33Id.

               34Costikyan, supra note 1, at 26.

               35Markoff, "U.S. Drops Computer Case Against Student,"
            The New York Times, July 28, 1990, at 9, col. 3.


                                          88






            between its customers and game authors.  In the spring of

            1990, SJG was preparing to publish a new game, GURPS

            Cyberpunk, a game in the tradition of William Gibson's

            award-winning science fiction novel Neuromancer and other

            fiction of the "cyberpunk" genre.36  The introduction to

            GURPS Cyberpunk describes this genre:

                    "Cyberpunk" is the term applied to a science
                 fiction literary "movement" of the 1980s.
                 Although there are several authors from the 1960s
                 and 1970s whose work appears cyberpunk in
                 retrospect, the term wasn't coined until the
                 publication in 1984 of William Gibson's novel
                 Neuromancer....
                    Neuromancer presented a view of the future that
                 was different.  Gone were the glass-domed cities
                 and utopias of Golden Age science fiction.  The
                 domes are still there in cyberpunk, but they're
                 occupied by the rich and guarded by security
                 forces that shoot first and don't bother to ask
                 questions....
                    The cyberpunk future is vibrant -- pulsating
                 with life, from the streets to the high-rises....
                    Cyberpunk is a style defined by two elements.
                 The first is the interaction of man with
                 technology.  Computers are as common as
                 dishwashers in the cyberpunk future, and the
                 dividing line between man and machine is sometimes
                 blurred....
                    The second element found in most cyberpunk work
                 is that of struggle.  The world is divided into
                 two groups -- the haves and the have-nots -- with
                 a vast chasm between them.37

               More familiar examples of cyberpunk include the movie

            Blade Runner and the short-lived television series Max




                                

               36Sterling, "Gurps' Labor Lost: The Cyberpunk Bust,"
            Effector (newsletter of the Electronic Frontier Foundation),
            Vol. 1 Number 2, at 1-2.

               37L. Blankenship, GURPS Cyberpunk 4 (1990).


                                          89






            Headroom.38  It is easy to understand why the genre, with

            its pervasive themes of technology and fighting against

            centralized authorities, is popular among computer hackers.

            Hacking, in fact, is itself a component of the genre.

               On March 1, 1990, agents of the Secret Service, search

            warrant in hand, raided the offices of Steve Jackson Games.

            The authorities seized from the company three computers, two

            laser printers and all of the drafts of GURPS Cyberpunk,

            both on computer disk and on paper.  The computers included

            not only the ones used in the drafting of GURPS Cyberpunk,

            but also the system that ran the Illuminati BBS.39  A total

            of about $10,000 worth of computer hardware and software was

            confiscated.40  The officers left behind broken locks,

            damaged filing cabinets and a ransacked warehouse.41  They

            refused to say what they were looking for.42

               When Steve Jackson visited the local Secret Service

            office in an attempt to recover some of his equipment, he

            was told by the agents that GURPS Cyberpunk was "a handbook


                                

               38Hafner and Markoff, Cyberpunk: Outlaws and Hackers on
            the Computer Frontier 9 (1991).

               39Electronic Frontier Foundation, Legal Case Summary,
            July 10, 1990; Lewis, "The Executive Computer: Can Invaders
            Be Stopped But Civil Liberties Upheld?" The New York Times,
            Sept. 9, 1990, at F12.

               40J. Wilson, "It CAN Happen Here," Computer Gaming World,
            June 1990, at 8.

               41Costikyan, supra note 1, at 23.

               42Lewis, supra note 39.


                                          90






            for computer crime."  When he explained that it was science

            fiction, they insisted, "This is real."43

               The confiscation of the company's computers and all the

            existing drafts of GURPS Cyberpunk nearly put Steve Jackson

            Games out of business.  Callers to the company's Illuminati

            BBS saw only the following message:

                    Before the start of work on March 1, Steve
                 Jackson Games was visited by agents of the United
                 States Secret Service.  They searched the building
                 thoroughly, tore open several boxes in the
                 warehouse, broke a few locks, and damaged a couple
                 of filing cabinets (which we would gladly have let
                 them examine, had they let us into the building),
                 answered the phone discourteously at best, and
                 confiscated some computer equipment, including the
                 computer that the BBS was running on at the time.
                    So far we have not received a clear explanation
                 of what the Secret Service was looking for, what
                 they expected to find, or much of anything else.
                 We are fairly certain that Steve Jackson Games is
                 not the target of whatever investigation is being
                 conducted; in any case, we have done nothing
                 illegal and have nothing whatsoever to hide.
                 However, the equipment that was seized is
                 apparently considered to be evidence in whatever
                 they're investigating, so we aren't likely to get
                 it back any time soon.  It could be a month, it
                 could be never.
                    To minimize the possibility that this system
                 will be confiscated as well, we have set it up to
                 display this bulletin, and that's all.  There is
                 no message base at present.  We apologize for the
                 inconvenience, and we wish we dared to do more
                 than this.44

               Forced to miss the publication deadline for GURPS

            Cyberpunk, Jackson had to lay off half of his staff, and for



                                

               43L. Blankenship, GURPS Cyberpunk (1990), at 5
            (introduction by Steve Jackson).

               44E. Goldstein, supra note 8, at lines 253-275.


                                          91






            a while SJG operated on a precarious financial basis.45

            Eventually, using some old backups of their computer data

            and some fragments of early drafts that had been distributed

            to testers -- as well as reconstructing much from memory --

            Jackson and his staff were able to complete and publish

            GURPS Cyberpunk.46  But Jackson estimated that the raid and

            the delays it caused cost his small company more than

            $125,000.47

               The Secret Service returned most of Steve Jackson Games'

            property in June of 1990.48  Some of the equipment was

            irreparably damaged,49 and the Secret Service retained the

            drafts of GURPS Cyberpunk.50  Furthermore, the Secret

            Service's affidavit and application for the search warrant

            remained sealed, leaving it a mystery what the Secret

            Service had been looking for.51  There was no evidence, nor

            any formal accusation, that Steve Jackson Games had ever

            been involved in any kind of illegal activity.




                                
               45
                 Legal Case Summary, supra note 39; Costikyan, supra
            note 1, at 24.

               46Barlow, supra note 1, at 52.

               47Costikyan, supra note 1, at 24.

               48Sterling, supra note 36, at 3.

               49Costikyan, supra note 1, at 24.

               50Legal Case Summary, supra note 39.

               51Id.


                                          92






               When the warrant was finally unsealed several months

            later, it confirmed that Steve Jackson Games was never

            suspected of anything illegal.52  Furthermore, GURPS

            Cyberpunk had had nothing to do with the raid.  In fact, the

            object of the search had been none other than the E911 file

            published by Craig Neidorf in Phrack.53

               The link between the E911 file and Steve Jackson Games

            was an employee of the company named Loyd Blankenship and

            his association with a shadowy hacker group called the

            Legion of Doom, a group that was targeted by the Secret

            Service's crackdown.  Blankenship, known also as The Mentor,

            was a former hacker and the author of GURPS Cyberpunk.54

            During the time he was working on GURPS Cyberpunk, he had

            been in contact with some members of the Legion of Doom for

            the purpose of verifying the game's faithfulness to its

            genre.55  (In fact, the title page of the published book

            credits the Legion of Doom as "Hacking Consultants."56)

               From his home, Blankenship operated a BBS called The

            Phoenix Project, which took its name from the "Phoenix




                                

               52Kapor, supra note 1, at 116.

               53Sterling, supra note 36, at 3.

               54Id. at 2.

               55From commentary by SJG employee Walter Milliken posted
            to the Usenet newsgroup comp.risks.

               56Blankenship, supra note 43, at 1.


                                          93






            Project" announced in Phrack #19.57  Blankenship's BBS, like

            many others, had on it a copy of Phrack #24, the issue

            containing the edited E911 file.  The file was identified

            and reported to the Secret Service by Henry Kluepfel, a Bell

            security manager who was working with investigators.58

               Furthermore, the affidavit alleged, e-mail messages

            posted on the Phoenix Project BBS indicated that Blankenship

            and Legion of Doom member Chris Goggans (Erik Bloodaxe) had

            "established a password decryption service"59 for hackers

            attacking computer systems, a service to be provided through

            The Phoenix Project BBS.60

               Based on these facts, the Secret Service alleged

            interstate transportation of stolen property and computer

            fraud.61  On this basis it raided both the home and

            workplace of Loyd Blankenship, shutting down Steve Jackson

            Games in the process.





                                

               57Costikyan, supra note 1, at 24.

               58Application and affidavit for search warrant for Steve
            Jackson Games (case #A-90-54m), Feb. 28, 1990, at 11.

               59On most multiuser computer systems, users' logon
            passwords are stored in an encrypted file for security
            reasons.  Decryption of passwords stored in this file would
            reveal the passwords of all users, allowing the person
            possessing the decrypted passwords to freely access any
            account on the system.

               60Id. at 7.

               61Id. at 17.


                                          94






               The Hunt for the Legion of Doom               The Hunt for the Legion of Doom               The Hunt for the Legion of Doom

               The troubles of Craig Neidorf and Steve Jackson resulted

            from what was apparently one of the central objectives of

            the Secret Service's hacker crackdown: the eradication of

            the hacker group the Legion of Doom (LOD).62  The government

            perceived the Legion of Doom as "a closely knit group of

            hackers" engaged in disruption of telephone services, credit

            card fraud and theft of proprietary information.63  These

            descriptions of a highly organized and malevolent group of

            hackers echo the fears expressed at Congressional hearings

            during the 1980s of hacker conspiracies and "professional"

            hacker groups.64

               The reality, however, is that the Legion of Doom was far

            less dangerous and far less organized than the government

            apparently believed.  The membership of the Legion of Doom

            is probably impossible to determine.  One member said that

            the group never had more than 15 to 20 members and that

            "it's almost like if you say you're in, you are."65  And as

            is the custom in hacking circles, members generally used



                                

               62Markoff, "Drive to Counter Computer Crime Aims At
            Invaders," The New York Times, June 3, 1990, at 30.

               63E.g., Riggs/Neidorf indictment, infra note 26;
            Riggs/Neidorf superseding indictment, infra note 29; SJG
            search affidavit, infra note 58.

               64See Chapter 3, notes 35-41 and surrounding text.

               65Schatz, "The Terminal Men," The Washington Post, June
            24, 1990, at H6.


                                          95






            pseudonyms, though the true identities of some were revealed

            when they became ensnared in the crackdown.  A list of

            Legion of Doom members might include Robert Riggs (The

            Prophet), Loyd Blankenship (The Mentor), Chris Goggans (Erik

            Bloodaxe) and Len Rose (Terminus), as well as such

            mysterious figures as Acid Phreak, Phiber Optik and Lex

            Luthor.

               The group's foreboding name was taken from a group of

            comic-book villains that frequently clashed with Superman.

            "You wouldn't want a fairy kind of thing like Legion of

            Flower Pickers or something," one member explained.  "But

            the media ate it up too.  Probing the Legion of Doom like it

            was a gang or something, when really it was just a bunch of

            geeks behind terminals."66

               The Legion of Doom was not a "closely knit group,"67 and

            its agenda was not nearly so malevolent as the Sun Devil

            investigators alleged.  "We're just out to learn," Acid

            Phreak explained.  "We transfer data about records that we

            find in systems.  But we draw the line on how we use that

            data.  We use it to play around, not abuse it."68







                                

               66Barlow, supra note 1, at 49.

               67Goldstein, supra note 8, at line 214.

               68Schatz, supra note 65, at H1.


                                          96






               Exaggerated Fears               Exaggerated Fears               Exaggerated Fears

               The government's belief that the Legion of Doom was

            actively engaged in theft and fraud and disruption of

            telephone services may help to explain why the E911 file was

            seen as so dangerous.  Prosecutors, however, seemed not to

            have a clear idea of exactly what the file was.  The Secret

            Service, in the affidavit and application for the Steve

            Jackson Games search warrant, refers to the E911 file

            variously as a "document," as "source code" and as a

            "program."69  Similarly, the press release issued by the

            Department of Justice upon the indictment of Riggs and

            Neidorf said that the two "stole a copy of Bell South's

            highly proprietary and closely held computer program that

            controlled and maintained the E911 system."70  The

            government further claimed that Neidorf published the file

            "so that [other hackers] could unlawfully access the E911

            system and potentially disrupt or halt ... 911 service in

            the United States."71  William Cook, the assistant United

            States attorney who led the prosecution of Neidorf,

            described the E911 file to the jury as a "road map" to the

            emergency telephone system.  He explained that the file



                                

               69Affidavit, supra note 58.

               70Indictment, supra note 26 (emphasis added).

               71U.S. Dept. of Justice, Press Release, Feb. 6, 1990
            (reproduced in Computer Underground Digest, Issue 1.00, Mar.
            1990).


                                          97






            "described in vivid detail each of the locations along the

            E911 path to an emergency call."72

               In fact, the E911 file, titled "Control Office

            Administration Of Enhanced 911 Services For Special Services

            And Major Account Centers," is an administrative document

            containing little technical information.  The document

            describes the 911 system very generally and defines some of

            the terms used in administration of the system -- terms like

            PSAP (Public Safety Answering Point), "an agency or facility

            which is authorized by a municipality to receive and respond

            to police, fire and/or ambulance services."73  It defines

            the responsibilities of the various entities involved in the

            911 system with regard to maintenance, testing and problem

            reporting.  The document is dry reading, filled with

            acronyms and other bureaucratic jargon:

                    The MMOC should notify the appropriate SSC/MAC
                 when the Host, Node, or all Node circuits are down
                 so that the SSC/MAC can reply to customer reports
                 that may be called in by the PSAPs.  This will
                 eliminate duplicate reporting of troubles.  On
                 complete outages the MMOC will follow escalation
                 procedures for a Node after two (2) hours and for
                 a PSAP after four (4) hours.  Additionally the
                 MMOC will notify the appropriate SSC/MAC when the
                 Host, Node, or all Node circuits are down.74



                                

               72Transcript of William Cook's opening statement at trial
            of Craig Neidorf, reproduced in Computer Underground Digest
            Issue 3.41 (Nov. 16, 1991), at lines 108, 482.

               73E911 file as reproduced in Phrack Issue 24, at line
            1071.

               74Id. at lines 1270-1276.


                                          98






               It also includes a glossary of terms used to describe the

            E911 system -- terms such as PSAP, selective routing and

            night service.75  Nothing in the file appears to provide any

            technical information that could be used to actually

            interfere with the operation of the system.

               Rather than a tool for sabotage, the republished E911

            file was more likely seen as a kind of trophy, an

            interesting glimpse at part of the complex telephone system

            with which hackers were fascinated.  In response to

            Neidorf's arrest, hacker Chris Goggans, known as Erik

            Bloodaxe, said, "No member of LOD has ever (to my knowledge)

            broken into another system and used any information gained

            from it for personal gain of any kind ... with the exception

            of maybe a big boost in his reputation around the

            underground.... The information [in the E911 file] is hardly

            something anyone could possibly gain anything from except

            knowledge about how a certain aspect of the telephone

            company works."76

               Like its descriptions of the E911 file, the government's

            charges of conspiracy against Craig Neidorf similarly

            reflected an exaggerated threat.  The indictment against

            Neidorf prominently mentions an article in Phrack #19 titled

            "The Phoenix Project," described by the government as "a



                                

               75Id. beginning at line 1438.

               76Goldstein, supra note 8, at lines 185-192.


                                          99






            plan to solidify the hacker community by publishing hacking

            tutorials and disseminating other items of interest to

            hackers, such as information on how to prevent law

            enforcement authorities from discovering hacking

            activity."77  In fact, the "project" announced in Phrack #19

            seemed more likely intended to boost morale in the besieged

            hacker community than anything else.  It was mostly devoted

            to announcing an upcoming convention for hackers, as well as

            the new Phoenix Project BBS:

                    SummerCon '88 is a celebration of a new
                 beginning.  Preparations are currently underway to
                 make this year's convention twice as fun as last
                 year's and the greater the turnout the greater the
                 convention shall be.  No one is directly excluded
                 from the festivities and the practice of passing
                 illegal information is not a part of this
                 convention....
                    Any security consultants or members of law
                 enforcement agencies that wish to attend should
                 contact the organizing committee as soon as
                 possible to obtain an invitation to the actual
                 convention itself....
                    The first step in what is called The Phoenix
                 Project, which is a re-birth of the hack/phreak
                 community is underway.  This first step is a
                 public education bulletin board system dedicated
                 to teaching the public about telecommunications
                 and computer systems.  The board is called The
                 Phoenix Project, and the number is (XXX)XXX-XXXX.
                 No illegal information is to be posted on this
                 system.  Our SysOp is The Mentor.  Thank you, and
                 call if you're interested.78





                                

               77743 F.Supp. 556, 558.

               78Knight Lightning (Craig Neidorf), "Phrack World News,"
            Phrack, Issue 19 (no date given), at lines 1531-1651
            (telephone number removed).


                                          100






               In addition to the E911 file, the Secret Service also

            expected to find at Steve Jackson Games a program providing

            a "password decryption service" established by Loyd

            Blankenship and Chris Goggans.79  But the evidence presented

            in the agency's own affidavit suggests that this service

            was, in fact, little more than idle chatter; it was neither

            "established" nor operational in any way.  It was merely an

            apparently half-serious suggestion made on the BBS by co-

            sysop Chris Goggans (under the pseudonym Erik Bloodaxe):

                 13/58 things...
                 Name: Erik Bloodaxe #2
                 Date: Tue Jan 23 22:57:29 1990

                 I think it's time for your friend at the Legion of
                 Doom to start a new service...(with great help
                 from friends)
                 Decryption service! On any unix or Prime, send the
                 etc/passwd file, or the UAF file to the sysop
                 directory, and you will be mailed back the
                 encrypted passwords...(on UNIX( any pw that the
                 deszip could bust)
                 The Prime UAF must be in binary, so kermit it from
                 the site, and xmodem it here.
                 In return, we will not distribute any information
                 gained from your site, but we will probably look
                 around it anyway...but it will remain between you
                 and us.
                 What do you people think? Bad idea? Good idea?
                 Hell...It is just another attempt by me to piss
                 everyone off.

                 ->ME80





                                

               79Affidavit, supra note 58.

               80Messages from The Phoenix Project BBS, attached to
            search affidavit and reproduced in Computer Underground
            Digest 2.11, Nov. 13, 1990.


                                          101






               Even if this "service" had been operational, Loyd

            Blankenship's connection to it was tenuous.  The Secret

            Service's conclusion that he was involved in trafficking in

            stolen passwords was apparently based entirely on a

            Blankenship's answer to another user's question about what

            "Kermit," mentioned in Goggan's message, was:81

                 23/47: kermit
                 Name: The Mentor #1
                 Date: Fri Jan 26 10:11:23 1990

                 Kermit is a 7-bit transfer protocol that is used
                 to transfer files to/from machines. It is mostly
                 found on mainframes (it's a standard command on
                 VAX, for instance). Kermit has the added advantage
                 of being able to work through an outdial (because
                 it is 7-bit).

                 Mentor82

               Kermit is a commonly used file transfer protocol83 and is

            certainly not limited to use in stealing passwords.  But

            based upon this straightforward technical explanation, the

            Secret Service alleged that Loyd Blankenship was involved in

            Chris Goggan's proposed password decryption scheme.




                                

               81Indictment as quoted in Computer Underground Digest
            Issue 2.11, Nov. 13, 1990.

               82Id.

               83A file transfer protocol is a set of standards
            regarding the transmission of data from one computer to
            another and how errors in transmission should be handled.
            The Kermit protocol is noted for its ability to complete
            file transfers over even noisy telephone connections and its
            ability to communicate between personal computers and large
            mainframes that may have different data formats.  See
            Freedman, supra note 9, at 385.


                                          102






               This tendency toward exaggeration was also demonstrated

            by the agents who raided Steve Jackson Games.  When he

            attempted to recover some of his equipment, agents insisted

            to Steve Jackson that GURPS Cyberpunk was a "handbook for

            computer crime" and that the techniques it described were

            real.  While the technology described in the book is

            extrapolated from that of today, no specific real-world

            techniques, only game rules, are described.  A roll of the

            dice, for instance, determines whether a player has

            successfully broken into a computer system.84  And much of

            the technology is fantastically futuristic, such as this

            description of the "Icon Interface":

                    This interface is very similar to the icon-
                 based operating systems used on personal computers
                 in the 1980s and early 1990s.  A two-dimensional
                 "screen" is projected directly onto the
                 character's optic nerve.  When he wishes to
                 execute a program or examine a database, he
                 mentally "selects" the appropriate icon.  To
                 connect to another computer, for instance, he
                 selects a telephone; to disconnect from a system,
                 he selects a door....
                    Installation requires a major surgical facility
                 and a minimum of 10 days.85

               About the only realistic hacking technique the book

            describes is searching through trash to find useful data

            (the success of which is still dependent upon a roll of the

            dice).86


                                

               84Blankenship, supra note 43, at 69.

               85Id. at 73.

               86Id. at 86-87.


                                          103








               The Electronic Frontier Foundation               The Electronic Frontier Foundation               The Electronic Frontier Foundation

               Another major player to emerge during 1990 -- as a direct

            result of the government's hacker crackdown -- was the

            Electronic Frontier Foundation, founded by Mitch Kapor,

            author of the popular spreadsheet program 1-2-3 and former

            CEO of the software company Lotus, and writer John Perry

            Barlow.  The EFF was founded shortly after Barlow was

            visited by an FBI agent investigating another (possibly

            mythical) hacker group called the NuPrometheus League.  The

            mysterious group had stolen some Macintosh source code87

            from the Apple computer company and distributed it widely to

            members of the computer industry and the press, and was the

            subject of an FBI investigation in 1989 and 1990.88

               According to Barlow, an FBI agent who visited him at his

            home in Wyoming -- evidently suspecting that Barlow might be

            part of the NuPrometheus League -- knew almost nothing about

            computers.  Barlow found himself explaining computer

            technology to the agent.  "You know things have rather

            jumped the groove when potential suspects must explain to

            law enforcers the nature of their alleged perpetrations,"


                                

               87Source code is "the language a program is written in by
            the programmer." Freedman, supra note 9, at 641.  Because
            source code reveals the inner workings of a program, and
            because it can be easily modified and adapted by other
            programmers, it is generally considered highly confidential
            and proprietary by its owner.

               88Markoff, supra note 62, at 30.


                                          104






            Barlow later wrote.  Much of the agent's visit was devoted

            to Barlow's explanation to the agent of exactly what had

            been stolen.89

               The FBI agent's visit demonstrated to Barlow one of the

            fundamental problems of the recent hacker crackdown: the

            lack of technical expertise among law enforcement officials.

                    I realized in the course of this interview that
                 I was seeing, in microcosm, the entire law
                 enforcement structure of the United States.  Agent
                 Baxter was hardly alone in his puzzlement about
                 the legal, technical, and metaphorical nature of
                 datacrime.
                    I also found in his struggles a framework for
                 understanding [the] series of recent Secret
                 Service raids on some young hackers.... And it
                 occurred to me that this might be the beginning of
                 a great paroxysm of governmental confusion during
                 which everyone's liberties would become at risk.90

               Mitch Kapor had received one of the copies of the

            NuPrometheus League's stolen Macintosh code and was also

            paid a visit by an FBI agent.  After hearing about Barlow's

            similar experience, Kapor began to see a larger problem:

                    I suddenly realized I wasn't alone, that I had
                 some direct connection to this, that NuPrometheus
                 was connected to all the other arrests of computer
                 hackers at the time, and I began to see how great
                 an injustice could be taking place within such a
                 huge investigation as Sun Devil.91





                                

               89Barlow, supra note 1, at 53-4.

               90Barlow, "A Man From the FBI: The Origins of the
            Electronic Frontier Foundation," Effector, March 1991, at 1.

               91Bromberg, "In Defense of Hackers," The New York Times
            Magazine, April 21, 1991, at 47.


                                          105






               These concerns led Barlow and Kapor to found the

            Electronic Frontier Foundation.  The EFF's mission statement

            recognized the "new world" of cyberspace and the difficulty

            of applying old laws to a new medium such as computer-based

            communication.  The EFF, the statement said, would "help

            civilize the electronic frontier," both through educational

            activities to increase understanding of the new media, and

            through supporting litigation to preserve First Amendment

            rights in the realm of computer-based communication.92  But

            the EFF's founders resisted the suggestion that the EFF was

            a "hacker defense fund":

                    I regard unauthorized entry into computer
                 systems as wrong and deserving of punishment.
                 People who break into computer systems and cause
                 harm should be held accountable for their actions.
                 We need to make appropriate distinctions in the
                 legal code among various forms of computer crime,
                 based on such factors as intent and the degree of
                 actual damage....
                    As I began to find out the real story behind
                 government raids and indictments last summer, I
                 became incensed at the fact that innocent
                 individuals were getting caught up in the
                 blundering machinations of certain law enforcement
                 agencies....93

               The EFF immediately became involved in the case of Steve

            Jackson Games.94  Its attorneys helped Jackson obtain the




                                

               92Electronic Frontier Foundation, Mission Statement, July
            10, 1990.

               93Kapor, "Why Defend Hackers?", Effector, March 1991, at
            1, 3.

               94Electronic Frontier Foundation, supra note 39.


                                          106






            return of his confiscated equipment95 and successfully

            sought to have the SJG search affidavit unsealed.96

               The EFF's most prominent early role, however, was

            probably its involvement in the defense of Craig Neidorf.

            With the aid of the EFF's attorneys, Neidorf moved to have

            the charges against him dropped on First Amendment grounds.

            In support of this motion the EFF filed an amicus brief in

            which it explained the importance of the issues in the case:

                    The indictment in this case has raised a
                 significant concern among BBS operators and users
                 as to the liability that they might face for the
                 communication of information that may turn out to
                 have originally been obtained without
                 authorization. . . . [M]any of these bulletin
                 board systems have ongoing discussions, or
                 conferences, about a wide variety of subjects, and
                 often, in the spirit of free and open
                 communication, individuals put postings on the
                 bulletin boards which could be construed as
                 advocating or supporting illegal activity.  While
                 the operators of these BBSs do not support such
                 activity, they would like to maintain a free, open
                 and robust interchange of ideas, and are concerned
                 about the liability they may face.97

               In challenging these charges stemming from Neidorf's

            publication of the E911 file, EFF's brief emphasized that

            Neidorf had been uninvolved in the illegal removal of the

            E911 file from the Bell South computer.  Neidorf, it said,

            acted as publisher, "much as the publisher of the Chicago


                                

               95Sterling, supra note 36, at 3.

               96Bromberg, supra note 91, at 49.

               97Motion of the Electronic Frontier Foundation for Leave
            to Appear as Amicus Curiae at 3-4, U.S. v. Riggs, 743
            F.Supp. 556 (N.D. Ill. 1990).


                                          107






            Tribune does when printing and distributing that

            newspaper."98  Therefore, the EFF maintained,  Neidorf

            should be accorded the full protection of the First

            Amendment.  This protection, the EFF argued, extended not

            only to the actual publication of Phrack, but also to the

            transfer of the E911 file from Illinois to Missouri, because

            that transfer was incidental to publication.  "If ... the

            publication of the E911 text was protected by the First

            Amendment, the transmittal of the information to and from a

            bulletin board prior to publication triggers First Amendment

            protections."99

               The EFF then argued that any statute criminalizing

            publication of information must serve an overriding

            governmental interest, must be narrowly tailored to serve

            that interest and bears a heavy presumption against

            constitutionality.  The interest in protecting confidential

            business information, it argued, was not an overriding

            governmental interest, and thus the government interest did

            not outweigh Neidorf's First Amendment rights to receive and

            republish the E911 file, which was of "public

            significance."100





                                

               98Memorandum, supra note 20, at 4.

               99Id. at 4.

               100Id. at 4-9.


                                          108






               In support of its argument, the EFF cited Smith v. Daily

            Mail Publishing Co.101  In that case, a newspaper had been

            prosecuted for violating a state law prohibiting publication

            of the name of a juvenile defendant without prior approval

            of a judge.  The Supreme Court struck down the law as

            unconstitutional.  Chief Justice Burger wrote that state

            action to punish publication of truthful information must

            serve a state interest "of the highest order."102  The

            interest here -- protecting the anonymity of juvenile

            offenders -- was recognized by the Court as legitimate, but

            not sufficiently compelling to outweigh First Amendment

            rights.  The EFF also cited similar decisions in Worrell

            Newspapers of Indiana, Inc. v. Westhafer,103 which declared

            unconstitutional a law prohibiting publication of a

            suspect's name before an arrest had been made, and Landmark

            Communications Inc. v. Virginia,104 which struck down a

            newspaper's indictment for publishing the name of a judge

            who was under investigation.

               Surely, the EFF argued in its brief, the interests

            involved in these cases -- protecting the anonymity of

            juvenile offenders in Smith, for instance, and apprehending



                                

               101443 U.S. 97 (1979).

               102Id. at 103.

               103739 F.2d 1219 (7th Cir. 1984).

               104435 U.S. 829 (1978).


                                          109






            criminals in Worrell -- were more compelling than the

            governmental interest in protecting confidential business

            information such as that supposedly contained in the E911

            file.  Yet even those higher state interests had failed to

            outweigh the First Amendment's protection for the

            publisher.105  The information published by Neidorf related

            to a matter of public significance -- relating, as it did,

            to the availability of emergency service to the public -- so

            the First Amendment interest in publication outweighed the

            interest advanced by the government,106 the EFF argued.  And

            far narrower means of protecting that interest are

            available, such as imposing liability upon the person who

            actually stole the information rather than upon the

            republisher.107  To punish Neidorf for publishing

            information he knew to be stolen, the EFF argued, would be

            analogous to prosecuting The New York Times for publishing

            the Pentagon Papers, "which it may have known or had reason

            to know had been stolen by Daniel Ellsberg."108




                                

               105Memorandum, supra note 20, at 6.

               106Id. at 8.

               107Id. at 9.

               108Id. at 13.  The EFF also cited Pearson v. Dodd, 410
            F.2d 701 (D.C. Cir. 1969), and Dietemann v. Time, Inc., 449
            F.2d 245 (9th Cir. 1971), to support a "distinction between
            publishing information one has stolen [as in Dietemann] and
            publishing information stolen by others [as in Pearson]."
            Memorandum, supra note 20, at 12.


                                          110






               Some of the charges against Neidorf related not to the

            publication of the E911 file but to two issues of Phrack

            that supposedly advocated hacking activity, one announcing

            "The Phoenix Project" and the other allegedly containing

            hacker tutorials.  Neidorf and the EFF challenged these

            counts of the indictment on First Amendment grounds as well.

            Since the charges centered around advocacy of illegal

            conduct, the brief argued, they had to meet the incitement

            standard established by Brandenburg v. Ohio.109  The Supreme

            Court's per curiam opinion in Brandenburg enunciated that

            test as follows: "[T]he constitutional guarantee of free

            speech and free press do not permit a State to forbid or

            proscribe advocacy of the use of force or of law violation

            except where such advocacy is directed to inciting or

            producing imminent lawless action and is likely to incite or

            produce such action."110



               The Court Responds               The Court Responds               The Court Responds

               The United States District Court for the Northern

            District of Illinois, where the case went to trial,

            recognized that with the Neidorf case it was plotting "a

            course on uncharted waters."111  In his decision ruling on



                                

               109395 U.S. 444 (1969).

               110395 U.S. 444, 447.

               111U.S. v. Riggs, 739 F.Supp. 414, 419 (N.D. Ill. 1990).


                                          111






            the first of two motions by the defendants to have the

            charges dismissed,112 Judge Nicholas Bua wrote:

                    Over the course of the past decade, advances in
                 technology and growing respect and acceptance for
                 the powers of computers have created a true
                 explosion in the computer industry.  Quite
                 naturally, the growth of computer availability and
                 application has spawned a host of new legal
                 issues.  This case requires the court to wrestle
                 with some of these novel legal issues which are a
                 product of the marriage between law and
                 computers.113

               In responding to the EFF's arguments, however, the court

            stayed within familiar territory, avoiding the more

            difficult questions of First Amendment applicability to a

            new medium.  The First Amendment, Judge Bua ruled, would not

            be a defense in any case.  "[T]he law is clear," he wrote,

            "that where an individual violates an otherwise valid

            criminal statute, the First Amendment does not act as a

            shield to preclude the prosecution of that individual simply

            because his criminal conduct involves speech."114  Chief

            support for this position came from United States v.

            Rowlee,115 a Second Circuit case that upheld the defendant's

            conviction for mail fraud based upon his activities in a

            society devoted to promoting tax evasion.  Rowlee's conduct,


                                

               112The first motion to dismiss was not on constitutional
            grounds, but rather alleged insufficiency of the indictment
            under the statutes involved.

               113739 F.Supp. 414, 416.

               114Id. at 559-560.

               115899 F.2d 1275 (2d Cir. 1990).


                                          112






            the circuit court had written, "was not protected by the

            First Amendment merely because, in part, it may have

            involved the use of language."116  If Neidorf had indeed

            participated in the scheme to defraud as alleged, Bua wrote,

            "then he is criminally responsible for his conduct in

            furtherance of the scheme, and the First Amendment does not

            shield him from that responsibility."117  According to

            Rowlee, Bua wrote, "the Brandenburg test cannot be

            reasonably applied to violations of the mail fraud or wire

            fraud statutes, which usually 'involve long-term, slowly-

            developing wrongs, not "imminent lawless action."'"118

               With the EFF's motions all denied by the court, Neidorf's

            trial began on July 23, 1990.  Within four days, testimony

            had revealed the E911 file to be largely in the public

            domain, and the charges against Neidorf were dropped.119



               Summary               Summary               Summary

               The explosive controversies of 1990, resulting from the

            Secret Service's crackdown on computer hackers, revealed the

            changing roles of some of the players in the regulatory

            process and the emergence of an entirely new player.


                                

               116Id. at 1278.

               117743 F.Supp. 556, 562.

               118Id. (quoting U.S. v. Rowlee, 899 F.2d 1275, 1280 (2d
            Cir. 1990)).

               119Markoff, supra note 35.


                                          113






               Where it had previously remained quietly on the

            sidelines, law enforcement agencies, particularly the Secret

            Service, initiated the controversies over free speech and

            computers in the process of executing computer crime laws.

            The hacker community continued to act chiefly as catalyst,

            but by necessity found itself taking a more active role in

            the debate.  And in response to the evident disregard by law

            enforcement of the civil liberties of those it was

            investigating, the Electronic Frontier Foundation appeared

            to raise awareness of the civil-liberties issues that law

            enforcers appeared to be missing.


































                                          114






                                     CHAPTER FIVE:                                     CHAPTER FIVE:                                     CHAPTER FIVE:

                                      Conclusions                                      Conclusions                                      Conclusions

               The events of 1983-1990, beginning with the release of

            the movie WarGames and culminating in Operation Sun Devil

            and the legal controversies surrounding Craig Neidorf and

            Steve Jackson, reveal a chaotic interplay of political

            forces, some of them new to the scene.  With a new and still

            largely unfamiliar technology, such chaos is understandable,

            and it is possible that expressions of fear for the future

            of the First Amendment have been overstated.

               Computer-based communication is, however, a troubled

            medium, and it is by no means certain that it will receive

            the First Amendment protection it deserves.  That it

            deserves First Amendment protection should not be doubted.

            The broad availability of the technology and the freedom and

            diversity of the content make computer-based communication

            possibly the purest expression of the First Amendment in

            existence today.  If, as A.J. Liebling said, freedom of the

            press belongs to those who own one, then thanks to computers

            and networking, today anyone with a few hundred dollars can

            own one and can have access to a broader audience than any

            mimeographed newsletter or handbill could ever reach.  A

            threat to the freedom of computer-based communication does

            indeed represent a threat to the very heart of the First

            Amendment.

               Threats to the medium's freedom have resulted not from

            affirmative governmental desires to censor so much as from






            governmental failure to fully consider and recognize the

            nature of the medium.  An examination of the contribution of

            each of the important players considered in this thesis

            reveals a need to raise awareness of First Amendment issues

            and educate the uneducated about the powers (and

            limitations) of computer technology.



               Congress               Congress               Congress

               By and large, Congress did not intend the Counterfeit

            Access Device and Computer Fraud and Abuse Act of 1984 and

            the Computer Fraud and Abuse Act of 1986 laws to be aimed

            primarily at hackers.  Although deterrence and "sending a

            message" were part of their purpose, Congress realized that

            hackers were a minor threat at best to well-maintained

            computer systems.  Furthermore, witnesses and legislators

            seemed quite cautious about targeting only truly malicious

            criminals -- those who intended damage or sought financial

            gain -- rather than the merely mischievous.

               The primary thrust of this legislation was economic; it

            was to provide prosecutors the means to pursue white-collar

            criminals, usually insiders, whose crimes were strictly

            financial in nature.  These laws ultimately had little to do

            with the hacker subculture and certainly did not call for a

            wholesale persecution of hackers.

               Nonetheless, the hearings did demonstrate a fear of

            computers and of hackers.  The "hacker problem" was often

            exaggerated, and legislators tended to focus more upon the


                                          116






            mysterious technology rather than the act itself.  This may

            explain why it was felt prosecutors needed new laws

            explicitly covering computer crime despite the fact that

            they had evidently not had great difficulty prosecuting

            computer criminals under the old laws.

               Perhaps because the 1984 and 1986 laws were narrowly

            tailored to apply to computer criminals, Congress apparently

            did not perceive a First Amendment concern connected with

            computer communication.  There did appear to be a

            recognition among some legislators and experts that the

            field was complicated, and that the question of placing

            monetary value upon information was a tricky one.  But the

            First Amendment did not itself appear to be implicated.

               That Congress failed to consider the First Amendment may

            have contributed to subsequent problems, because prosecutors

            and courts were left with no clear idea of legislative

            intent in that area.  Furthermore, although Congress was

            concerned with computer crime rather than speech, its

            emphasis upon the technology of an act (the computer) rather

            than upon the act itself may be symptomatic of the same

            conceptual problems facing computer communication.  By

            singling out computers for special legal treatment, even

            though the crime may be the same as one committed with a pen

            and paper, Congress has set a precedent that could deny

            computer-based communication the constitutional protection

            other media receive.




                                          117






               Law Enforcement               Law Enforcement               Law Enforcement

               The early role of law enforcement agencies was largely to

            tell Congress what it wanted to hear: that it would be happy

            to have a new weapon to use in the fight against white-

            collar crime.  But enforcers were chiefly concerned with

            financial crimes such as embezzlement and fraud, crimes

            committed almost universally by "insiders" rather than

            hackers.  It is also significant that despite their

            willingness to add another statute to their arsenal,

            enforcers generally reported universal success in

            prosecuting computer crime under existing laws.

               Armed with the Counterfeit Access Device and Computer

            Fraud and Abuse Act of 1984 and the Computer Fraud and Abuse

            Act of 1986, however, law enforcement agencies in the United

            States -- particularly the Secret Service -- apparently

            interpreted these laws as a mandate to eradicate computer

            hackers of every stripe.  The sweeping crackdown of

            Operation Sun Devil and particularly the cases of Craig

            Neidorf and Steve Jackson Games suggest that in their zeal

            to root out the Legion of Doom, enforcers may have taken

            their authority beyond what Congress intended or the

            Constitution should allow.

               The actions of law enforcers during the events of 1990

            again reveal a basic fear and misunderstanding of computers

            and computer hackers.  This fear is almost certainly a

            result of simple ignorance.  Familiarity with computers and

            network technology reveals material such as the E911 file,


                                          118






            GURPS Cyberpunk or Loyd Blankenship's comments about the

            Kermit protocol to be harmless.  Yet the Secret Service

            evidently believed each of these to be dangerous -- and in

            the case of the E911 file and Blankenship's Kermit comments,

            these beliefs led the agency to take disruptive action that

            deprived Craig Neidorf and Steve Jackson of their rights.

               However, despite the sinister images painted by some in

            the computer underground, law enforcement agencies such as

            the Secret Service have acted not out of any desire to

            abridge First Amendment rights, but out of ignorance.  The

            errors made by the agents who raided Steve Jackson Games,

            like the confusion of the FBI agent who visited John Perry

            Barlow, are indeed "in microcosm, the entire law enforcement

            structure of the United States" -- they are struggling to

            enforce laws regarding a technology that is, by and large,

            alien to them.  Where they have overreacted with

            exaggeration and fear, it is ultimately because they do not

            understand.



               Electronic Frontier Foundation               Electronic Frontier Foundation               Electronic Frontier Foundation

               The Electronic Frontier Foundation, then, appears to be

            on the right track with its stated goals to "engage in and

            support educational activities that increase popular

            understanding of the opportunities and challenges posed by

            computing and telecommunications" and "develop among policy-

            makers a clear understanding of the issues underlying free




                                          119






            and open telecommunications."1  While coming to the legal

            defense of people like Craig Neidorf and Steve Jackson is a

            worthy goal -- and probably necessary if formal legal

            safeguards are to be put in place -- such legal struggles

            cannot alone solve the underlying problem.

               Indeed, the EFF's most important role in 1990 may have

            been that of educator and consciousness-raiser rather than

            litigator, as some of its legal arguments in the Neidorf

            case left something to desired.  For instance, its amicus

            brief asserted without support that information-gathering

            activity (such as Neidorf's receipt of the E911 file) enjoys

            the same First Amendment status as publication, a suggestion

            that would make a sweeping change in First Amendment law.  A

            long list of cases (chiefly Branzburg v. Hayes2 and Zemel v.

            Rusk3) shows that information gathering has never received



                                

               1"Goals of the Electronic Frontier Foundation," Effector,
            Sept. 1991, at 4.

               2"It is clear that the First Amendment does not
            invalidate every incidental burdening of the press that may
            result from the enforcement of civil or criminal statutes of
            general applicability." 408 U.S. 665, 682 (1971) (opinion of
            Justice White).

               3"There are few restrictions on action which could not be
            clothed by ingenious argument in the garb of decreased data
            flow.  For example, the prohibition of unauthorized entry
            into the White House diminishes the citizen's opportunities
            to gather information he might find relevant to his opinion
            of the way the country is being run but that does not make
            entry into the White House a First Amendment right.  The
            right to speak and publish does not carry with it the
            unrestrained right to gather information." 381 U.S. 1, 16-17
            (1964).


                                          120






            the First Amendment protection given to publication.

            Equally questionable is the EFF's reliance on Smith v. Daily

            Mail and Landmark Communications v. Virginia to support the

            requirement of an overriding governmental interest.  These

            cases provide shaky support in a case such as Neidorf's,

            where the legality of the information gathering is in

            dispute, because both cases are explicitly limited to

            publication of information obtained legally.4

               Although Neidorf was vindicated, the outcome of his case

            was not the victory sought by the EFF.  Neidorf did not win

            his case by virtue of First Amendment protection, nor did he

            win it by virtue of innocence; the prosecution dropped the

            case primarily because it had received incorrect information

            from Bell South about the availability of the E911 file.5

            The case raised questions to which it provided no answers.

            Could publication of confidential information really be

            transporting stolen goods?  What liability was faced by the

            republisher of information that had been obtained illegally

            by someone else?



                                

               4"If the information is lawfully obtained, as it was
            here, the state may not punish its publication except when
            necessary to further an interest more substantial than is
            present here."  Smith v. Daily Mail, 443 U.S. 97 (1979)
            (emphasis added); "We are not here concerned with the
            possible applicability of the statute to one who secures the
            information by illegal means and thereafter divulges it."
            Landmark Communications v. Virginia, 435 U.S. 829 (1978).

               5"Enforcement Questions Raised After Hacker Case
            Dismissed," Washington Post, Aug. 2, 1990, at C13, col. 1.


                                          121








               Hackers               Hackers               Hackers

               From the very beginning, computer hackers, a group that

            shuns attention, took on a central role in the controversy

            over computer security.  At first, their role was mainly

            that of catalyst.  The exploits of fictional hacker David

            Lightman in WarGames, given an air of authenticity by the

            subsequent arrests of the 414s, called public attention to

            the problems of computer security and the vulnerability of a

            computer-dependent society.  A few hackers, such as Neal

            Patrick of the 414s, did play a direct role in the early

            policymaking process by testifying before Congressional

            committees.  But such testimony -- which attempted to calm

            the hysteria by downplaying the danger and mystery of

            hacking -- had less of an effect on Congressional attitudes

            than did the perceived threat of an "electronic Messiah" or

            a "WarGames scenario."

               Later, it became clear that hackers, like the other

            players in this process, do have an agenda.  Actions such as

            Craig Neidorf's redistribution of the E911 file are not

            mindless vandalism, but are part of the hacker quest for a

            sort of ultimate "freedom of information," part of Levy's

            "Hacker Ethic."  Neidorf did not stand to gain anything

            personally -- except perhaps an enhanced reputation among

            hackers -- from his actions.  He sought merely to further

            the goals of decentralization and shared information.

            Whether or not these goals are wise, their advocacy is a


                                          122






            position entitled to the opportunity to compete in the

            marketplace of ideas.  Neidorf's alleged advocacy of hacking

            in Phrack was not in furtherance of any scheme to defraud,

            as the government alleged; it was in pursuit of political,

            social and economic change, based on the belief that all

            information should be free.  Brandenburg v. Ohio explicitly

            affirmed that the First Amendment does not permit government

            to forbid advocacy even of violence to effect social

            change.6  Can the government forbid advocacy of unauthorized

            access to computers in pursuit of such goals?



               The Courts               The Courts               The Courts

               Although courts will likely have a strong influence upon

            the formation of policy regarding the freedom of computer-

            based communication -- as they have for other media -- the

            events of 1990 do not provide an adequate sample by which to

            judge what this influence will be.  The only judicial

            opinion addressing the First Amendment issues connected to

            the Secret Service's hacker crackdown was that of Judge Bua

            in the Neidorf case, an opinion in which the First Amendment

            questions were sidestepped.  Because a trial court's opinion

            carries no precedential weight and the subsequent dropping

            of the charges against Neidorf left no opportunity for





                                

               6395 U.S. 444, 447-448 (1969).


                                          123






            appeal, the courts have yet to speak decisively in this

            matter.



               Recent Developments               Recent Developments               Recent Developments

               Two recent events may have significant implications for

            the future of computer-communication law.  On May 1, 1991,

            Steve Jackson Games and the Electronic Frontier Foundation

            filed a lawsuit against the United States Secret Service,

            citing, among other offenses, violations of the First and

            Fourth Amendments to the Constitution.7  The First Amendment

            charges were based upon the prior restraint that resulted

            from the confiscation of the GURPS Cyberpunk materials and

            from the seizure of SJG's BBS system.  Among many other

            charges, the lawsuit alleges that the Secret Service's

            affidavit was invalid because it swept within its scope

            numerous forms of First-Amendment-protected expression.

            Perhaps most significantly, the lawsuit specifically

            includes in that category "a BBS that was a forum for speech

            and association protected by the First Amendment."8

               The lawsuit, filed in the U.S. District Court for the

            western district of Texas, was hailed by EFF attorney Mike

            Godwin as "the most important case brought to date to


                                

               7Electronic Frontier Foundation, Press Release, May 1,
            1991.

               8Complaint and Demand for Jury Trial, Steve Jackson Games
            Inc. et al. v. U.S. Secret Service et al., U.S. District
            Court, Western District of Texas, Austin Division.


                                          124






            vindicate the Constitutional rights of the users of

            computer-based communication technology."9  The SJG lawsuit

            may succeed where the Neidorf trial failed: It may provide

            the watershed case in which a court could define the First

            Amendment's applicability to computer-based communication.

               In an unrelated case, on October 29, 1991, the U.S.

            District Court for the Southern District of New York handed

            down a ruling that may prove to be a significant development

            in the law regarding computer communication.  In Cubby v.

            CompuServe, Inc.,10 Judge Peter K. Leisure dismissed a libel

            suit against the CompuServe information service regarding

            allegedly defamatory statements posted in one of its many

            forums, tackling the sticky question of sysop liability:

                    The requirement that a distributor must have
                 knowledge of the contents of a publication before
                 liability can be imposed for distributing that
                 publication is deeply rooted in the First
                 Amendment....
                    While CompuServe may decline to carry a given
                 publication altogether, in reality, once it does
                 decide to carry a publication, it will have little
                 or no editorial control over that publication's
                 contents....
                    CompuServe has no more editorial control over
                 such a publication than does a public library,
                 book store, or newsstand, and it would be no more
                 feasible for CompuServe to examine every
                 publication it carries for potentially defamatory
                 statements than it would be for any other
                 distributor to do so.11


                                

               9Press Release, supra note 7.

               101991 U.S. Dist. LEXIS 15545 (unreported as of November
            1991, retrieved from the LEXIS online database).

               11Id. at 9-11.


                                          125






               Judge Leisure's reliance upon the First Amendment seems a

            clearer affirmation than ever that the First Amendment

            applies unequivocally to computer-based media (though it

            remains unclear which existing model, if any, is the best

            fit).  The decision seems to adopt the "knowing" test for

            sysop liability: that the sysop can only be held responsible

            if he is aware, or could reasonably be expected to be aware,

            of the defamatory material.



               The Direction of the Law               The Direction of the Law               The Direction of the Law

               Concerns over the First Amendment rights of computer

            communicators are legitimate.  But the overall direction of

            the law leaves room for optimism.  The Secret Service's

            crackdown on hackers in 1990 served to bring the questions

            of free speech and computer media into the public eye, and

            it was directly responsible for the creation of the

            Electronic Frontier Foundation.  Although individuals such

            as Steve Jackson and Craig Neidorf may have been injured by

            the persecution they endured, their cases demonstrated the

            need for greater understanding of computers and computer-

            based communication.   The controversies of 1990 have

            ensured that the formation of policy regarding computer

            communication will receive the attention it deserves from

            not only special-interest groups like the Electronic

            Frontier Foundation, but from the mainstream legal community

            as well.  Noted constitutional scholar Laurence Tribe has




                                          126






            gone so far as to propose a constitutional amendment

            explicitly protecting computer communication:

                    If my own life as a lawyer and legal scholar
                 could leave just one legacy, I'd like it to be the
                 recognition that the Constitution as a whole
                 "protects people, not places."  If that is to come
                 about, the Constitution as a whole must be read
                 through a technologically transparent lens.  That
                 is, we must embrace, as a rule of construction or
                 interpretation, a principle one might call the
                 "cyberspace corollary."  It would make a suitable
                 Twenty-seventh Amendment to the Constitution, one
                 befitting the 200th anniversary of the Bill of
                 Rights....
                    The Twenty-seventh Amendment, to be proposed
                 for at least serious debate in 1991, would read
                 simply:
                    "This Constitution's protections for the
                 freedoms of speech, press, petition, and assembly,
                 and its protections against unreasonable searches
                 and seizures and the deprivation of life, liberty,
                 or property without due process of law, shall be
                 construed as fully applicable without regard to
                 the technological method or medium through which
                 information content is generated, stored, altered,
                 transmitted, or controlled."12

               Such a proposal, along with recent events such as Cubby

            v. CompuServe and the potential of Steve Jackson Games v.

            United States Secret Service, show that some of the

            strongest regulatory players may be on the side of freedom

            in cyberspace.










                                

               12L. Tribe, "The Constitution in Cyberspace," prepared
            remarks, keynote address at the First Conference on
            Computer, Freedom and Privacy, Mar. 26, 1991.


                                          127






                                    BIBLIOGRAPHY                                    BIBLIOGRAPHY                                    BIBLIOGRAPHY



            Books            Books            Books

            De Sola Pool, Technologies of Freedom (1983)

            Krasnow, Longley, and Terry, The Politics of Broadcast
               Regulation (3d. ed. 1982).

            Levy, Hackers (Paperback ed. 1984).

            Freedman, The Computer Glossary (4th ed. 1989)

            Hafner and Markoff, Cyberpunk: Outlaws and Hackers on the
               Computer Frontier (1991).

            Dvorak and Anis, Dvorak's Guide to PC Telecommunications
               (1990).



            Magazine Articles            Magazine Articles            Magazine Articles

            Costikyan, "Closing the Net," Reason, Jan. 1991, at 22.

            Kapor, "Civil Liberties in Cyberspace," Scientific American,
               Sept. 1991, at 116.

            Barlow, "Crime and Puzzlement," Whole Earth Review, Fall
               1990, at 45.



            Law Review Articles            Law Review Articles            Law Review Articles

            R. Neustadt, G. Skall, M. Hammer, "The Regulation of
               Electronic Publishing," 33 Fed. Comm. L.J. 331 (1981).

            K. Uyehara, "Computer Bulletin Boards: Let the Operator
               Beware," 14 Student Lawyer, April 1986, at 30.

            M. E. Katsh, "The First Amendment and Technological Change:
               The New Media Have a Message," 57 Geo. Wash. L. Rev. 1459
               (1989).

            R. Charles, "Computer Bulletin Boards and Defamation: Who
               Should Be Liable? Under What Standard?" 2 J. of Law and
               Technology, Winter 1987, at 121.

            E. Jensen, "An Electronic Soapbox: Computer Bulletin Boards
               and the First Amendment," 39 Fed. Comm. L.J. 217 (1987).





            E. Di Cato, "Operator Liability Associated With Maintaining
               a Computer Bulletin Board," 4 Software L.J. 147 (1990).

            J. Soma, P. Smith, R. Sprague, "Legal Analysis of Electronic
               Bulletin Board Activities," 7 W. New Eng. L. Rev. 571
               (1985).

            R. Beall, "Developing a Coherent Approach to the Regulation
               of Computer Bulletin Boards," 7 Computer/Law Journal 499
               (1987).

            J. Hurwitz, "Teletext and the FCC: Turning the Content
               Regulatory Clock Backwards," 64 Boston Univ. L. Rev. 1057
               (1984).

            R. Hindman, "The Diversity Principle and the MFJ Information
               Services Restriction: Applying Time-Worn First Amendment
               Assumptions to New Technologies," 38 Catholic Univ. L.
               Rev. 471 (1989).

            L. Becker, "Electronic Publishing: First Amendment Issues in
               the Twenty-First Century," 13 Fordham Urban L.J. 801
               (1985).



            Congressional Hearings and Reports            Congressional Hearings and Reports            Congressional Hearings and Reports

            Computer and Communications Security and Privacy: Hearings
               Before the Subcommittee on Transportation, Aviation and
               Materials of the Committee on Science and Technology,
               House of Representatives, 98th Cong., 1st Sess. (1983).

            Computer and Communications Security and Privacy: Report
               Prepared by the Subcommittee on Transportation, Aviation
               and Materials, Transmitted to the Committee on Science
               and Technology, House of Representatives, 98th Cong., 2d
               Sess. (1984).

            Computer Crime: Hearing Before the Subcommittee on Civil and
               Constitutional Rights of the Committee on the Judiciary,
               House of Representatives, 98th Cong., 1st Sess. (1983).

            Computer Fraud Legislation: Hearing Before the Subcommittee
               on Criminal Law of the Committee on the Judiciary, U.S.
               Senate, 99th Cong., 1st Sess. (1985).

            Health and the Environment Miscellaneous -- Part 4: Hearings
               Before the Subcommittee on Health and the Environment of
               the Committee of Energy and Commerce, House of
               Representatives, 98th Cong. (1984).

            Counterfeit Access Device and Computer Fraud and Abuse Act:
               Hearings Before the Subcommittee on Crime of the


                                         129





               Committee on the Judiciary, House of Representatives,
               98th Cong., 1st and 2d Sess. (1983-84).

            Computer Fraud and Abuse Act of 1986: Hearing Before the
               Committee on the Judiciary, U.S. Senate, 99th Cong., 2d
               Sess. (1986).

            Use of Computers to Transmit Material Inciting Crime:
               Hearing Before the Subcommittee on Security and Terrorism
               of the Committee on the Judiciary, United States Senate,
               99th Cong., 1st Sess. (1985).



            Cases            Cases            Cases

            U.S. v. Riggs, 739 F.Supp. 414 (N.D. Ill. 1990).

            U.S. v. Riggs, 743 F.Supp. 556 (N.D. Ill. 1990).



            Online Sources            Online Sources            Online Sources

            Jargon File version 2.9.6 (Aug. 16, 1991), distributed via
               the Internet.

            G. Spafford, What Is Usenet? (Sept. 9, 1991), distributed
               via Usenet.

            Computer Underground Digest, published every two to three
               weeks via Usenet.
























                                         130