Date: 20 Jul 91 18:12:23 GMT From: sl4r7@cc.usu.edu Subject: File 7--Reasonable laws on computer crime All this talk of clamping down on hackers has made me think about what would make good laws on computer crime. Below is a summary of what I think would make for resonable laws on hacking (or cracking, whatever you like to call it.) Note, I have probably left out several things. I hope that a little bit of discussion will hone the list a bit and make it nice and pretty. (Optimistic aren't I :-) ) I try to separate several of the activities into different crimes that vary in seriousness. This list should go from the least serious to the most serious, more or less. 1. Computerized Nuisance: Using a computer system and/or network or communication system with intent to create a public nuisance. This would be a light misdemeanor. (This is meant to deal with those who do things like dial the entire phone exchange or any like thing to make themself a pest. I included intent to try to exclude those who are just incompetent and didn't realize what they were doing.) 2. Computer Trespass: This would include accessing a computer system without permission from the owner/operator. This does not include failed attempts to login and would also be a misdemeanor. (This is meant to cover those who break into a system and just look around without causing damage.) 3. Computer Vandalism: Using a computer to access a computer system or other service with intent to cause damage, but without intent to profit financially. Dammage would include deleting files, reformating disks, causing a crash, or depriving the owner/operator from using the system or the data on the system. On a first offense with minimal damage, this would be a misdemeanor. On second offenses or cases where the damage was estimated to cost over $5,000? this could be a 3rd degree felony. (This should cover hackers who deliberatly crash a system as well as ex-employees looking to get even. The latter is more likely IMHO. The estimation of value would need to be done by an unbiased third party.) 4. Computer Sabotage: As #3, but with intent to profit financially or commercially. This would be a felony, possibly a 2nd degree if the stakes were high enough. (I don't know how much this would be used, but it's a possibility.) 5. Theft of Information: Using a computer and/or network or communications system to obtain a copy of proprietary (non-public) data, information or software that is of significant value ($1000? determined by a third party) to the owner. I would divide this into two sections. The first would be for people who never intended to profit from the stolen information. This would be serious misdemeanor on the first offence, and a felony on any following offenses. The second would be for those who intended to make a profit. This would be a third degree felony or perhaps a second degree felony if the value were high enough and the offender had a record of this in the past. Credit cards, calling cards: I think misuse of these should be covered separately. Though if some one hacks a computer to get the card numbers it would probably be covered by the above laws. (I think they are already, perhaps some one who knows more about credit card laws could add more.) I haven't addressed laws about e-mail and the like, because I wanted to keep it as specific to computer break-ins as posible. (And I'm out of time :-) ) So, what do you think? Wait a minute! I've got to get my asbestos suit on. ------------------------------