'Infojacking': Crimes on the Information Superhighway

By Marc S. Friedman , Esq.

You power up your computer, log onto the Internet, and look for information that will give you an advantage in making investments. In the past, accessing the Internet has turned out to be profitable. In your search, you encounter electronic messages among a group of "potential investors" describing real property owned by a small cruise line company. Apparently, Donald Trump is interested in the location, and the property should become valuable. You invest in the cruise line company's stock and its price rises -- and then crashes. It turns out that Donald Trump did not even know about the company, and the electronic messages from the "investors" had been placed on-line by one person -- an unregistered stock broker. Does this sound improbable? Well, that is what recently happened in Missouri.


Ordinarily, the law keeps pace with the technological changes in society. But rapid technical advancements like the Internet threaten to leave the law behind. This article describes the Internet, the "computer crime" laws which govern the Internet, and the types of crimes now appearing on the forerunner to the Information Superhighway (1).


Overview of the Internet


To a technical specialist, the Internet is a global network of computers based on TCP/IP and other high speed communications protocols with thousands of nodes and millions of users. For the rest of the world, the Internet is an exciting new way to communicate. The main uses of the Internet are to exchange electronic mail, transfer files between computers, and remotely access host computers. Over 100 countries allow millions of individuals and military, educational, governmental, and commercial organizations access to the Internet. Distance between the parties is irrelevant -- it is as easy for a Manhattanite to communicate with a Parisian as someone in Brooklyn. The Internet is also truly mass-media. The inherent limitation of traditional mass-media is that it is a one way street: the masses cannot talk back. On the Internet, masses communicate (i.e., net-surf) with masses.


Businesses are also net-surfing. Major corporations maintain "websites" that can solicit feedback and advertise new products on the world wide web. Eventually, Sony envisions consumers downloading samples of music and video before making purchases. Already, consumers can place mail orders for compact discs through the Internet. In 1994, the Rolling Stones selected an online agent to market their merchandise and to allow fans to download video clips and information about the band. (2) The Rolling Stones later broadcast five songs from a Dallas concert over the Internet. (3) These songs -- as well as other Rolling Stones' songs -- can be downloaded to a PC and played in ".wav" format.


This is all made possible by digitizing information (i.e., encoding it into a series of ones and zeroes). Digitized information can be copied endlessly and flawlessly. Indeed, software, games, multimedia, audio, video, still pictures, conversations -- virtually any type of information is now digitized.


Since the 1980's, digitization and cheap and widely available personal computers have made copying easy, perfect, and fast -- regardless of how many generations of copies have been made, how the information is stored, or how many people are copying it. Since quickly making thousands of perfect copies is possible for anyone with a PC, the only remaining barrier to widespread copying is access to material worth copying. Advanced communications networks like the Internet provide virtual access to material which really is worth copying.


Unfortunately, the wide variety of information that can be transferred, the open, unregulated nature of the Internet, and the irrelevance of geography means that the Internet also provides fertile ground for criminal enterprises. Since the Internet is composed of computers, crimes occurring on the Internet are "computer crimes." But defining a "computer crime" is difficult. A computer can be the subject of a crime by being stolen or damaged; it can be the site of a crime, (such as fraud or copyright infringement);or it can be the instrument of a crime, such as when it is used to access other machines or store information illegally. These are all computer crimes in the sense that a computer is involved, just as the theft of a target pistol, a murder committed with a handgun, and attaching a silencer to a revolver are all "handgun crimes."

The open, unregulated nature of the Internet means that the Internet provides fertile ground for criminal enterprises.

Since the Internet's purpose is to facilitate communications, traditional crimes such as conspiracy, solicitation, securities fraud, and even espionage can be committed via the Internet. Since so many different types of crimes can be committed with computers -- especially on the Internet -- it is difficult to draft effective "computer crime" legislation. Prosecutors have typically fit computer crime prosecutions into existing laws which were drafted without computers in mind.


Computer Crime Statutes


Federal and state legislatures responded to the problem by enacting statutes that prohibit "computer crimes." The first federal computer crime statute was the Computer Fraud and Abuse Act of 1984 (CFAA), 18 U.S.C. §1030 (1994). The difficulty in drafting effective computer crime legislation is illustrated by the fact that only one indictment was ever made under the C.F.A.A. before it was amended in 1986. (4) Under the C.F.A.A. today, it is a crime to knowingly access a federal interest computer (5) without authorization to obtain certain defense, foreign relations, financial information, or atomic secrets. (6) It is also a criminal offense to use a computer to commit fraud, to "trespass" on a computer, and to traffic in unauthorized passwords. Federal prosecution of criminals using the Internet is attractive because these crimes often occur in multiple states and present jurisdictional issues. Punishments for the foregoing acts include substantial fines and long jail sentences. Prosecutors' use of the C.F.A.A. is illustrated by the Morris case. (7)


Perhaps the most infamous crime committed on the Internet so far occurred when Robert Morris sent a computer "worm" across the Internet from the MIT computers on November 2, 1988. The "worm" replicated itself through the network much faster than Morris had anticipated, and thereby caused an estimated 6,200 Internet computers to shut down. (8) The cost of eradicating the worm from the machines was estimated variously to be in the hundreds of thousands, millions, or even hundreds of millions of dollars. (9) If Morris had coded his worm to be destructive, untold additional damage would have been done. Morris was subsequently charged with violation of § 1030(a)(5)(A) of the C.P.A.A., which prohibits intentional unauthorized access to a federal interest computer with a resulting loss of $1,000. Morris's defense was that although he did intend unauthorized access, he never intended to cause damage. But the District Court (and later the Second Circuit) found that intent to access the federal interest computer was sufficient by itself to warrant conviction. Morris was sentenced to three years probation, 400 hours of community service, and a fine of $10,500. (10)


Ironically, when Morris discovered the damage being done, he considered writing a "worm killer" antidote program, but decided that he had caused enough damage. Although the antidote might have been effective, it also would have exposed Morris to additional criminal liability on a second offense.


Morris' antidote worm raises the question of whether all worms or viruses are evil, and should be prohibited. For example, software vendors might want to release a "good" worm which looks for and reports suspicious activity, such as the caching of pirated software. (11) Whether this is also illegal under the C.F.A.A. is questionable. Already there is a legitimate program called, "Security Analysis Tool for Auditing Networks"(SATAN) which attempts to breach security devices. SATAN is intended to be used by system administrators to expose security flaws in networks. Is using SATAN a crime? Are SATAN's authors liable as accomplices if SATAN is used illegally? Only time will tell.

Often, a computer crime can be prosecuted under traditional laws.


A second curious feature of worms and viruses is that they are only harmful when activated. A copy of an inactive worm could be transmitted across the Internet without causing any harm, because until it is activated no harm is done. Under current federal laws, the programmer could be charged with attempt only. And a conviction would be unlikely, since arguably no attempt was made. But the danger is clear; one command and a destructive worm can activate and wreak havoc.


The danger of viruses is not at all restricted to the United States. In November 1995, Christopher Pile of Great Britain was prosecuted under that country's Computer Misuse Act of 1990 for creating two viruses named "Pathogen" and "Queeg." The viruses are particularly dangerous since they come with a third program whose only function is to conceal the viruses from standard virus checking software. For his crime, Mr. Pile was sentenced to 18 months in prison. Nevertheless, the damage was done -- the viruses spread throughout the world and inflicted widespread damage. In fact, Pike's prosecutor stated in court that one company alone had lost over $750,000. (12)


In 1986, Congress also passed the Electronic Communications Privacy Act of 1986, 18 U.S.C.§§2510-20, §§2710-20 (1992), (ECPA).This updated the Federal Wiretap Act to apply to the illegal interception of electronic (i.e., computer) communications or the intentional, unauthorized access of electronically stored data. On October 25, 1994, Congress amended the ECPA by enacting the Communications Assistance for Law Enforcement Act(13) (CALEA) and, in so doing, noted that, "In the eight years since the enactment of ECPA, society's patterns of using electronic communications technology have changed dramatically. Millions of people now have electronic mail addresses. Business, nonprofit organizations and political groups conduct their work over the Internet." (14)


Often, a computer crime can be prosecuted under traditional laws. For example, federal law prohibits inter alia threatening the President's life. This legislation was not drafted with e-mail in mind, but e-mail is one method for making such threats. In April of 1994, Matthew Thomas sent a message over the Internet to President Clinton stating that he was going to "come to Washington and blow your little head off." (15) The threat itself is a crime, and in June, 1994, Mr. Thomas pled guilty to the felony of violating Title 18 U.S.C. § 875(c). (16)

The Internet has enabled a global software piracy industry.

A more disturbing case of threats on the Internet involved University of Michigan student Jake Baker. (17) Mr. Baker posted a story to the Internet entitled, "Pamela's Ordeal" which graphically described the torture, rape, and murder of a woman who, coincidentally, had the same name as one of Baker's female classmates. Although Mr. Baker was jailed after his arrest on charges of violating 18 U.S.C. §875(c), the District Court eventually dismissed the charges. (18) The latest in this string of cases involves the electronic musings of an anti-hunting activist who remarked online that California State Senator Tim Leslie ought to be hunted himself after voting to allow a resumption of cougar hunting. The activist, Jose Savedra, was charged with terrorism, but the case has not yet gone to trial. (19)


Espionage laws also were drafted without the Internet in mind, but maybe applied to Internet users. The real threat is that sensitive information can be quickly sent overseas to hostile governments. Hans Heinrich Hubner was a hacker whose espionage group was able to use networks to access, steal, and subsequently sell American software to the KGB. (20) Not unreasonably, the federal government views certain American software as a military asset worthy of protection as a matter of national security. Unfortunately, any type of information, including software placed on the Internet, may be intercepted and sent abroad. Among the software used in America for encrypting data is a software package called Pretty Good Privacy (PGP) written by Phillip Zimmerman. This package is so secure that the U.S. Government considers it an armament and has prohibited its export. When the package was placed on the Internet by one of Zimmerman's friends, the government targeted Zimmerman for violating U.S. export laws. (21) Although the government decided not to prosecute Zimmerman, the debate over encryption technology rages on.(22)


The reason for the debate is two-fold:

1. legitimate retailers who market their wares on the Internet are concerned that hackers will intercept their customers' credit card numbers; and

2. ordinary citizens believe that their right to privacy should prevent the U.S. government from freely reading their electronic mail.

Their solution has been to use encryption software. How secure encrypted credit card numbers are is a relatively novel question. If a relatively weak encryption system (such as the one favored by the government) can be broken by hackers, then the potential losses are staggering.


Finally, on February 1, 1995, Senator Exon introduced the latest federal legislation of computer crime. Entitled the "Communications Decency Act of 1995," the bill is aimed at prohibiting obscene or harassing communications. (23) In the wake of the April 19, 1995 bombing of the Federal Building in Oklahoma City, Oklahoma, the Senate Judiciary Subcommittee on Terrorism, Technology and Government Information scheduled a series of hearings to determine whether the federal government could curb the dissemination of materials containing instructions on how to create explosives and anti-Semitic or racist pamphlets. (24) In early 1996, President Clinton signed the bill into law. The resulting law, the Communications Decency Act of 1996, came under immediate fire from the American Civil Liberties Union (ACLU) and major players in the computer and networking industry for its vague use of the term "indecent." On June 12, 1996, a panel of judges from the Third Circuit blocked the law on the grounds that it violated Constitutional free speech guarantees. (25) The government has vowed to appeal this decision. Other federal criminal statutes used to prosecute computer crimes include criminal copyright infringement, wire fraud statutes, the mail fraud statute, and the National Stolen Property Act.


By the mid 1990s, nearly every state has enacted a computer crime statute. New Jersey's laws are typical: in 1984, New Jersey amended its theft statute, N.J.S.A. 2C:20-1 et seq, to allow a person to be convicted of theft for knowingly or purposely altering, damaging, taking, or destroying computer equipment, data, or programs. The seriousness of the offense is measured by the value of the data, service, or equipment which is wrongfully altered, damaged, taken, or destroyed. Accessing a computer to commit fraudulent schemes or to interfere with financial instruments is also considered theft. The statute criminalizes wrongful access by itself and disclosure of data which is gained by wrongful access. Victims are entitled to compensatory and punitive damages, as well as the costs of investigation and litigation(including attorney's fees). Hackers may also be prosecuted under a state statute that corresponds roughly with the ECPA.


Copycats and Copyrights


It has been estimated that tens of billions of dollars of revenue are lost each year to copyright infringments on the Internet. Messages in certain newsgroups on the Internet appear to be almost entirely composed of copyright infringements. It is unlikely that the copyright owners posted these messages on the Internet for free public consumption. Although video, audio, and text can be pirated easily via the Internet, software is the most common target.


The Internet has enabled a global software piracy industry. Huge amounts of pirate or bootleg software can be (and are) copied (i.e., "cached")onto unwitting host machines. Within a matter of hours or even minutes, users around the world instantly make hundreds -- or even thousands -- of illicit copies. When the owners of the host machine learn what has happened, they purge the pirated software, but the damage is done. The complete cycle from copying to shutdown occurs so quickly that court papers often cannot be drafted, much less filed. Moreover, the host computer actually may be in Hong Kong or Bulgaria, and the pirates, anonymous users with bogus identifications and nicknames. Under §506(a) of Title 17 criminal copyright infringement may be prosecuted. (26) Copyright infringement is a serious problem on the Internet because once copyrighted material is on the network, there is virtually no limit to its distribution. To prove criminal copyright infringement, the government must show that

1. a copyright has been infringed,

2. willfully, and

3. for commercial advantage or private financial gain. (27)

Already criminal copyright infringement has been proved with respect to illegally copied software (often called "pirated" or "bootleg" software). Copying files illicitly on the Internet satisfies the first and second elements. The third element, commercial advantage, is satisfied when pirated software is traded for other pieces of pirated software (or for money.) (28)


At least in financial terms, copyright infringement is the most serious crime committed via the Internet. According to one commentator, a review of newsgroups such as alt.binaries.sounds.tv and alt.binaries.sounds.miscshows that the messages contained within the groups are almost entirely copyright infringements. It is unlikely that the holders of these copyrights posted these messages on the Internet for free public consumption. Although video, audio, and text can be pirated easily via the Internet, it is software which is most often targeted. No one truly knows what copyright infringement costs copyright holders each year, but the true figure is probably in the billions of dollars ( and possibly in the tens of billions).


New Frauds -- Old Laws


Robert Morris was punished under the CFAA, but other fraud statutes have been used to successfully prosecute computer criminals. Although the Internet is a logical or virtual concept, it is manifested in the form of communications lines connecting computers. Fraudulent schemes conducted on the Internet therefore fall under Federal wire fraud statutes. (30) For the government to convict a defendant of wire fraud, the government must show:

1. a scheme to defraud by means of false pretenses;

2. defendant's knowing and willful participation in scheme with intent to defraud; and

3. use of interstate wire communications in furtherance of the scheme.(31)

The plan does not need to succeed to warrant criminal liability. (32)Prosecuting wire frauds committed on the Internet is peculiar since a message from Buffalo to Manhattan may leave the State of New York and be routed through Phoenix. In this case the communication is interstate even though the defendant may not have intended or even been aware of it. If the communication is not across state lines, then the statute is not satisfied. (33)


If the scheme perpetrated through the Internet contemplates using the U.S. Mail, (for example, victims mailing money to the accused) then the accused faces additional liability under the federal mail fraud statute.(34) Penalties for violations of these two acts include up to five years imprisonment and fines of $1,000, unless the scheme involves a financial institution, in which case the penalties are increased to a maximum of $1,000,000 and thirty years imprisonment.

Conventional fraudulent schemes have found new life on the Internet.


Mail fraud need not be committed by experienced criminals. Witness the activities of a 15-year old Utah boy who was recently arrested for bilking Internet users out of as much as $10,000. (35) The boy set up a mailbox using a false identity and then advertised computer parts of the Internet.(36) Customers were asked to pay c.o.d. or by certified check. (37) When the customer opened the box that supposedly contained the computer parts, it would be empty. (38) The customers would be unable to stop payment on the cashier's check and the money would be gone. (39)


Conventional fraudulent schemes have found new life on the Internet. Federal law enforcement officers estimate that over ten billion dollars worth of data is stolen in the United States each year. (40) Credit card fraud schemes are possible by convincing victims to e-mail their credit card numbers for a free weekend, or some other bogus prize. Securities scams are also perpetrated on the network in a cyberspace version of the boiler room stock game. False news is spread on the rosy prospects of a little-traded penny stock to spur interest. As the price rises, the con artists sell their shares for a hefty (and illegal) profit. This practice has become so common that the Pennsylvania Securities Commission, in conjunction with the North American Securities Administrators Association, issued an Investor Bulletin for investors.


Another fraud which could easily be committed on the Internet is an e-mail version of the Computer Matching Institute fraud. (41) Louis Rex Curtis advertised the "Computer Matching Institute" in newspapers. Respondents to the advertisements would be mailed an application to "psychologically" match them with the perfect partner. After mailing in the application --with a fee -- the applicants would never hear from Curtis again. Such a scheme is perfectly suited to the Internet because of the younger demographics of Internet users.


In terms of dollars, the largest fraud may have been committed by Jim Lay of North Carolina. (42) The scam reportedly cost six telephone companies$28 million. (43) Using the computer name "Knight Shadow," lay, an MCI Telecommunications, Inc. employee sold between 50,000 and 100,000 telephone calling-card numbers world wide. (44) Lay is now if federal prison.(45)


In a report released during the first week of June 1996, the Federal Trade Commission (FTC) indicated that it expects consumer fraud to increase on the Internet. (46) Already the FTC has investigated and halted several fraudulent schemes over the Internet, including a pyramid scheme that cheated investors out of $6 million. (47)

The largest Internet fraud may have been a scam reportedly costing six telephone companies $28 million.


At the corporate level, large companies, especially banks, are often the targets of computer fraud. A recent survey of 200 businesses yielded the startling statistic that 95 percent admitted to being victims of computer fraud. (48) Another recent survey by Ernst & Young found that of 1,290 businesses surveyed, nearly half suffered financial losses due to a break of information security in the past two years. Twenty of these respondents suffered losses in excess of $1 million.


In a September, 1995 incident, Citibank managed to recover all but $400,000 of $10 million that had been siphoned off by Russian hackers in fraudulent transactions. (49) According to William J. Cook, the author of the Justice Department's manual on computer prosecution, organizations often swallow losses quietly rather than notifying the authorities and advertising their vulnerability to shareholders and clients. (50) The British Banking Association has estimated that $8 billion was lost by banks alone through computer fraud.(51) According to a recently released report from the Senate's Permanent Investigations Subcommittee, major banks and corporations lost $800 million from intrusions by hackers in 1995. (52)


The problem of information assault over the Internet is now so widespread, however, that some companies are admitting their vulnerability. Rockwell International, Inc. claims to be under attack on a "regular basis" from hackers attempting to break into the company's computers via the Internet.(53)


Although the Internet is made up of physical devices (computers, wiring, modems, etc.), the bulk of the network is composed of intangible intellectual property, some of which is owned by the U.S. Government. If this government property is stolen and sold, the seller faces criminal liability for the sale or conversion of Government property. Penalties include a $10,000 fine and ten years imprisonment unless the value of the property is less than$100 in which case penalties are reduced to $1,000 fine and one year imprisonment.(54) Information has been held to satisfy the statute. (55)


It would seem likely that the National Stolen Property Act (56) (NSPA)could also be applied to the unlawful transportation of information across state lines via the Internet. the NSPA provides criminal penalties for the interstate transport of any stolen property, not just the government's stolen property. The NSPA requires that "goods, wares, merchandise, securities or money," be the illicitly obtained items which are transferred across state lines. Early cases split on whether the "goods, wares, and merchandise" had to be tangible. In Dowling v. United States, (57) the Supreme Court seemed to settle the issue by holding the NPSA does not apply to copyright infringement, but rather requires that physical goods themselves have been stolen, converted or taken by fraud -- making the NSPA irrelevant in the intangible world of cyberspace. (58)


But in U.S. v. Riggs, (59) the court upheld the indictment of Robert J. Riggs, (a.k.a. Prophet) and Craig Neidorf (a.k.a. Knight Lightning) on charges of wire fraud (60) and violation of the NSPA for their theft of a Bell South text file containing 911 codes. (61) Riggs argued that "electronic impulses" did not satisfy this requirement. In support of his argument, Riggs cited Dowling's (62) holding that unauthorized copies of copyrighted musical material did not satisfy the statute. The District Court distinguished Dowling by ruling that Riggs had transferred, "confidential, proprietary business information, not copyrights." (63) Riggs' narrow distinction of copyrights from trade secrets has not gained widespread acceptance. In United States v. Brown, (64) the Tenth Circuit relied on Dowling and explicitly rejected Riggs by refusing to allow the United States to indict John M. Brown under the NSPA for retaining a hard disk containing misappropriated source code. The Brown court ruled that source code did not constitute "goods" under the NSPA. (65)


One item that certainly satisfied the requirement of being "goods" is the bust of Mickey Mantle that was stolen from Yankee Stadium in the mid 1970's. The bust was recently offered for sale through the Internet after the Hall of Famer's death in 1995. Acting on tips from Internet users, the FBI ran a sting, recaptured the bust, and arrested Robert Pagani for violating the NSPA. (66)


The Gutter of the Superhighway


The apparent anonymity that users feel when communicating through a PC helps explain the relatively high levels of network traffic in pornography.(67) It was recently reported that hackers had set up over a thousand hardcore pornographic images for distribution from the computers at the Lawrence Livermore National Laboratory. (68) Since this was a government computer, the scheme was clearly illegal. If the computer were a private one, the problem is more difficult.


Obscenity is determined -- at least in part -- on community standards. However, choosing the appropriate community standard is problematic. (69)For example, on July 28, 1994, a Memphis, Tennessee jury convicted Robert and Carleen Thomas, a married couple from Milpitas, California, of 11 counts of transmitting obscenity through interstate telephone lines. The couple distributed pornographic pictures via their computer bulletin board which was connected to the Internet. The conviction resulted in substantial jail terms for each of them. The same result could easily occur if, for example, a Times Square pornography shop went on-line. The shop, which might be staid by New York City standards, easily would be judged obscene by Memphis standards. Of course, the First Amendment's "community standard" paradigm does not apply overseas. For example, Hiroshi Kamebura of Tokyo was recently arrested for posting explicit pornographic images on his Internet home page. Whether Kamebura's home page was aberrant is questionable -- it was accessed over 100,000 times. (70)


Everybody with a computer and a modem can gain access to the Internet and, as a result, children as well as adults can gain access to this vast store of pornography. Distributing pornography to minors is a crime and, accordingly, adult bookstores do not usually admit children. On the Internet, however, customers could be minors or adults -- there is no way of knowing. The problems that arise when children conceal their minority to adults pale in comparison with the problems that arise when adults conceal their majority to children.


The problem is that by presenting himself as a minor, a pedophile can engage children in e-mail conversations and thereby arrange clandestine meetings. In fact, a private investigator in Milwaukee recently posed as" Jessica," a 14-year old girl on the Prodigy computer network.(71) The messages that she posted attracted a 45-year old convicted child molester named Bryan Thomas Sisson. (72) He later sent her nude pictures of himself and several diskettes of child pornography and arranged a rendezvous at a Milwaukee motel. (73) When Mr. Sisson arrived at the motel on June1, 1995, he was arrested by FBI agents and charged with crossing state lines to have sex with a minor and sending child pornography through the mail.(74)


Most e-mail users can be identified by looking at the origin of their messages, but this identity can be hidden by using an "anonymous remailer, "i.e., one who will resend the message with a fictitious origin. Thus, the child has no way of knowing that his or her e-mail "friend" is really a convicted child abuser in the next town. By the time the child discovers the ploy, it is too late.


The Sisson case is not alone. A 51-year old Seattle man, Alan Paul Barlow, was recently prosecuted for transmitting sexually explicit messages to a14-year old girl via e-mail. (75) On March 15, 1996, a Florida man was arrested for kidnapping after he used the Internet to befriend a 13-year old suburban Chicago boy. The man, whose real identity remains a mystery, was arrested in Louisville, Kentucky as he stepped off a bus with the boy. (76) In March1994, a Massachusetts man was charged with the rape of two youths he met by exchanging computer messages. (77) In June 1995, David Luera, was fined $1,350 and sentenced to 240 hours of community service for downloading child pornography from the Internet. (78) Mr. Luera was also ordered to register as a sex offender. (79) In January 1996, Martin Crumpton of Birmingham, England gained the dubious distinction of being the first pedophile to be jailed in England for using the Internet to access child pornography. (80)The problem is so bad that America Online now offers parents a "kids-only" chat room. But pornography still occasionally reaches youngsters who goon-line.

The apparent anonymity that users feel when communicating through a PC .

Because of the anonymity -- particularly if the messages are encrypted and the user's identity concealed -- the Internet provides a particularly good way to distribute illegal pornography. According to the National Law Journal, the largest child-pornography investigation in U.S. history took place in March 1993, in connection with the importation of child pornography from computer networks in Denmark. Law enforcement cannot discover the content of encrypted material without passwords, and passwords are only available from the sender or the receiver. If they are careful, both parties can conceal their true identities. The only way to investigate such a scheme is an expensive, time consuming and possibly dangerous infiltration.


Finally, recent technological advances have blurred the definition of "kiddie porn." The traditional rationale for harsh punishment of child pornographers has been that they necessarily perpetrate sexual abuse on children. Now Scotland Yard has unearthed the use of computer graphics technology by pedophiles. (81) The pedophiles take pornographic images of adults, replace the adults' heads with those of children and slim down the limbs and torso of the adults to make them appear childlike. (82) The images can then be distributed over the Internet as "kiddie porn," but the pornographer can claim that it is simply pornography since no children were used.


Violating Foreign Laws at Home


Japanese laws also prohibit gambling, but SSP International Sports Betting, Ltd., a British bookmaker, is already taking cyber wagers from Japanese citizens in Japan via the Internet. Whether an American casino in Atlantic City or Las Vegas could lawfully compete with its British counterparts raises issues of both Japanese and American law. (83) Since there are no boundaries on the Internet, a business such as gambling, which is legitimate in Great Britain or St. Maarten, can be "projected" into a country (like Japan or the United States) which either bars or heavily regulates that Industry. Another example of the "projection" problem is the book Le Grand Secret. Le Grand Secret, authored by former French President Francois Mitterand's doctor, describes the declining health of the former French President. The book was recently banned in France for privacy reasons. Nevertheless, intrigued French citizens have accessed the book from Internet sites in Pennsylvania, California, Great Britain, and Switzerland. (84)

Le Grand Secret, banned in France, can be accessed from Internet sites in Pennsylvania.

Germany restricts neo-Nazi propaganda that is permissible in the United States. Singapore and China restrict the on-line discussion of topics such as religion and politics -- topics which are considered the most highly protected in the United States. Whether American cybernauts will face extradition to Germany or Singapore -- like the Thomases extradition from California to Tennessee -- is also an open issue.


On March 28, 1996, Attorney General Janet Reno stated that a wiretap of the Internet had allowed federal prosecutors to obtain enough evidence to charge an Argentine student, Julio Cesar Ardita, with three felony counts related to his hacking into U.S. military computers. (85) The U.S. extradition treaty with Argentina does not provide for his extradition to the United States, however. These cases illustrate the geographical problems presented by the Internet.


Net-Cops and Cyber-Punks


The coming years will show just how hard it is to prevent or prosecute computer crimes committed on the Internet. Technology is changing so quickly that traditional crime legislation cannot keep up. Moreover, even those acts which are already criminal can now occur at lightning speed. Adding to the problem is the international character of the Internet -- crimes in one country are not necessarily crimes in the next. Finally, nothing physical is transferred on the Internet, but the law has traditionally concerned itself with the regulation of tangible things and tangible beings. In the future, the best way to prevent "cyber crimes" will be "cyberlaw," i.e., laws written specifically to combat criminal activity on the Internet.





1. David Flaim, "Information Highwayman Are Plotting Larceny," Star Tribune, (Nov. 10, 1994).

2. "Stones Go Online," Daily Variety, Ltd. (July 19, 1994).

3. Peter Howell, "Rolling Stones Go On Computer," Toronto Star Newspapers, Ltd. (Nov. 13, 1994).

4. See Baker, "Trespassers Will Be Prosecuted: Computer Crime in the 1990's," Center for Computer Law (Oct. 1993).

5. A federal interest computer is defined as a computer used by a financial institution, the government, or a computer which is one of two computers in different states. See, 18 U.S.C.A. § 1030(e)(2) (West Supp. 1994).

6. 18 U.S.C.A. § 1030(a) (West Supp. 1994).

7. United States v. Morris, 928 F.2d 504 (2d Cir. 1991).

8. Baker, "Trespassers Will Be Prosecuted: Computer Crime In the1990's," Center for Computer Law (Oct. 1993).

9. Ibid. See also, Davis, "It's Virus Season Again, Has Your Computer Been Vaccinated? A Survey of Computer Crime Legislation As A Response To Malevolent Software," 72 Wash, U.L.Q. 411, 418 (1994).

10. U.S. v. Morris, 928 F.2d 504, 506 (2d Cir. 1991).

11. Caching is the storage of large amounts of illicit files on unwitting host machines.

12. "UK Jails Virus Writer For 18 Months," Newsbytes News Network, Newsbytes Database (Nov. 16, 1995).

13. Communications Assistance for Law Enforcement Act, Pub. L. No. 103-416,1994 U.S. CODE CONG. & ADMIN. NEWS (103 Stat.) 4290.

14. House Report No. 103-827, 1994 U.S. CODE CONG. & ADMIN. NEWS, No. 9A, at p.3497.

15. Johnson-Laird, "THE INTERNET: The Good, The Bad, The Ugly,"39 (Sept. 29-30, 1994) (unpublished manuscript).

16. Ibid.

17. United States v. Baker, 890 F.Supp. 1375 (E.D.Mich. 1995).

18. Ibid.

19. "University of Texas Student's Flaming Remarks Made On Internet Get Him Charged With Terrorism," Apt Data Services Ltd. Computergram International No. 2934 (June 14, 1994).

20. Dierks, "Computer Network Abuse," 6 Harv. J.L. & Tech.307 (1993).

21. Shore, "Feds Target Software Expert Who Developed Code to Encrypt Data; Computers: Among Some Civil Libertarians, Phillip Zimmerman Has Achieved a Kind of Cult-Hero Status in the Growing Debate Over Electronic-Privacy Issues," Los Angeles Times, B3 (Aug. 14, 1994).

22. Hudgins-Bonafield Christine, "Will Spies Hold Your Keys? International encryption policy debate heads up as weak security becomes risky, "Network Computing Vol.7, No.4 p.78 (Mar. 15, 1996).

23. §314, 104th Cong., 1st Sess. (1995).

24. Janafsky, Michael, "Senate Panel Focuses on Internet as a Classroom for Violence," N.Y. Times (May 12, 1995) Section A, as 26 col. 3.

25. Ivey, Dave, "Internet Indecency Law Blocked: Judges Cite Free Speech Protection," Bergen Record Corp. (June 13, 1996) a A.1.

26. See Playboy Enterprises v. Frena, 839 F. Supp. 1552 (M.D. Fic. 1993)(Unauthorized downloading of Playboy pictures with computer constitutes civil and criminal copyright infringement).

27. 17 U.S.C.A. § 506(a) (West Supp. 1994).

28. Sega Enterprises v. Maphia, 857 F. Supp. 679 (M.D. Col. 1994).

29. Johnson-Laird, "THE INTERNET: The Good, The Bad, The Ugly,"31 (Sept. 29-30, 1994) (unpublished manuscript).

30. 18 U.S.C. § 1343, "Fraud by wire, radio, or television".

31. U.S. v. Cassiere, 4 F.3d 1006 (1st Cir. 1993); U.S. v. Ames Sintering Co., 927 F.2d 232 (6th Cir. 1990).

32. U.S. v. Ames Sintering Co., 927 F.2d 232 (6th Cir. 1990).

33. See United States v. Riggs 730 F.Supp 414 (S.D.N.Y. 1990).

34. 18 U.S.C. § 1341, "Mail Fraud".

35. Amhes, Gary H., " Juvenile Charged With Internet Crimes; Boy Allegedly Scams Users With Phone Ads For Computer Parts," Computerworld, page 12, (May 8, 1995).

36. Ibid.

37. Ibid.

38. Ibid.

39. Ibid.

40. Wilder, Clinton and Violino, Rob, "Online Theft--Trade In Black-Market Data Is Growing Problem For Both Business And The Law," InformationWeek, (Aug. 28, 1995).

41. See, United States v. Curtis, 337 F.2d 1091 (10th Cir. 1976).

42. Row, Jeri "N.C. Man Laments Calling-Card Scam; On His Way To Prison" Greensboro, N.C. News and Record (Apr. 30, 1995) (P. B1).

43. Ibid.

44. Ibid.

45. Ibid.

46. "FTC Predicts Rampant Online Fraud," Information and Interactive Services Report (June 7, 1996) No. 18, Vol. 17.

47. Ibid.

48. "Computer Crime On The Rise," Information Week, p. 10 (Nov.13, 1995).

49. Kobay, M. E., "What a World We Live In," Computing Canada Vol. 22, No. 1 p.36 (Jan. 4, 1996).

50. Lavelle, "U.S. Sees Crime as a Threat," Nat'l L.J. (Jul.25, 1994) on A21.

51. "Computer Crime On The Rise," Information Week, p. 10 (Nov.13, 1995).

52. O'Connor, Rory J., "The Internet as a Threat: Is National Security at Stake?," Bergen Record Corp. (June 23, 1996) p.1.

53. Violino, Bob, "Internet Insecurity--Your Worst Nightmare--Technology managers championed the Internet as a new business tool. But the Net-even when protected by firewalls and other tools is far from secure. Now what?," Information Week, p.34 (Feb. 19, 1996).

54. Section 18 U.S.C. § 641 (1988 & Supp. IV 1992).

55. U.S. v. Girard, 601 F.2d 69 (2d Cir. 1979), cert. denied, 444 U.S.871 (1979) (DEA records containing identity of informants constituted, "thing of value"); U.S. v. DiGilio 538 F.2d 972 (3rd Cir. 1976), cert. denied, sub nom., Lupo v. U.S. 429 U.S. 1038 (1977) (Copies made of FBI files sufficient to constitute, "records" under the statute).

56. 18 U.S.C. § 2314 (1988 & Supp. IV 1992).

57. Dowling v. United States, 473 U.S. 207, 105 5Ct. 3127, 87 L.Ed.2d152 (1985).

58. See, United States v. Smith, 686 F.2d 234, 241 (5th Cir. 1982) ("the 'thing' or 'item' must have some sort of tangible existence; it must be in the nature of 'personal property or channels.'"). But see, United States v. Greenwald, 479 F.2d 320 (6th Cir. 1973) (holding that chemical formula was within the ambit of the NPSA).

59. U.S. v. Riggs, 739 F.Supp. 414 (N.D. Ill. 1990).

60. 18 U.S.C. 1343.

61. U.S. v. Riggs, 739 F.Supp. 414, 417 (N.D. Ill. 1990)..

62. Ibid. at 422; Dowling v. United States, 473 U.S. 207, 105 S. Cr. 3127,87 L.Ed.2d 152 (1985).

63. Ibid.

64. United States v. Brown, 925 F.2d 1301 (10th Cir. 1991).

65. Ibid. at 1302.

66. "20 Years Later - Crime May Be Solved On The Internet," Newsbytes News Network, Newsbytes Database (Nov. 6, 1995).

67. Johnson-Laird, "THE INTERNET: The Good, The Bad, The Ugly,"34 (Sept. 29-30, 1994) (unpublished manuscript).

68. Ibid. on 37.

69. "Other Crime News; News In Brief," Facts on File, Inc.,(Sept. 22, 1994) Sec. D2, p.686.

70. "Man Arrested On Japan's First Internet Porn Charges," Newsbytes News Network, Newsbytes Database (Feb. 2, 1996).

71. See Lewis, Peter H., "Sting On Internet Leads to a Child Sex Case," N.Y. Times (Jul. 14, 1995) Sec. A, p.21, col. 1.

72. Ibid.

73. Ibid.

74. Ibid.

75. Ibid. on 36.

76. "Kidnapped Child First Contacted Via Internet," Newsbytes News Network, Newsbytes Database (Mar. 19, 1996).

77. Lavelle, "U.S. Sees Crime as a Threat," Nat'l L.J. (July25, 1994) A21.

78. Sullivan, Richard, "What's Going on Online?," The Indianapolis News, (Jul. 6, 1995) Page CO1.

79. Burke, Anne, "Man pleads no contest, fined in cyber-porn: Sun Valley man possessed child pornography downloaded from Internet" Los Angeles Daily News (Jun. 30, 1995) p.7.

80. "Briton Jailed In Internet Porn Case," Newsbytes News Network, Newsbytes Database (Jan. 9, 1996).

81. "Scotland Yard Uncovers New Computer Kid Porn Trend," Newsbytes News Network, Newsbytes Database (Feb. 8, 1996).

82. Ibid.

83. "Spp International Sports, London Seeks to Feed The Vice Of Gambling-Addicted Japan Via The Internet," Api Data Services Ltd. Computergram International No. 2827 (Jan. 11, 1996).

84. See Carvajol, Doreen, "Book Publishers Worry About Threat of Internet," N.Y. Times (Mar. 18, 1996) Sec. A. p.1. col. 3.

85. "First Internet Wiretap Leads to a Suspect," N.Y. Times(Mar. 30, 1996) Sec. 1, p. 20, col. 4.