This work is licensed under a Creative Commons Attribution 4.0 International License.
August 19, 1997
CAMBRIDGE, MASS.—Radically new institutions like the Internet are often said to require different treatment from older ones—“Nor do men put new wine into old bottles.” But law is no endeavor for sudden change. While the Internet provides whole cloth for new forms of interaction, the same old scissors may still be adequate for shaping it.
A legislature can’t keep up with every technological quirk. For instance, take what happened in July to the InterNIC, the company that hands out the most popular set of domain names. These are the strings that represent computers in email addresses, Web site URLs, and other key methods by which people reach their friends and business partners. InterNIC is currently the sole guardian of the much-desired “.com” domain, among others.
One morning, the administrators of the InterNIC woke up to find that people looking for their site, www.internic.net, were being directed to another site displaying a protest of their policies—a site run by a competitor and critic named AlterNIC. for www.internic.net. In one clever stroke, the administrator of AlterNIC simultaneously expressed his opposition to the monopolization of the .com domain and showed that pluralism was technically possible.
What did Eugene Kashpureff, the AlterNIC administrator, do that was punishable? Everybody agreed that the hack was a misuse of his competitor’s name. Yet he did not enter anyone else’s computer system, pretend to be sending messages from somewhere else, or do any such things that laws are set up to handle.
All he did was slip some extra information into some fields that are perhaps too loosely-defined in routine messages he sent to other computers offering the Domain Name System. DNS is distributed across thousands of computer throughout the world, who depend on each other to keep information up to date. Because the software running DNS on many computers is too lax, it accepted Kashpureff’s hack and gradually spread misinformation around the Internet. How can you write a law to cover the software handling of protocols?
Network Solutions was quick to sue—which I found a reasonable response—and the FBI immediately came down on Kashpureff. Soon everything seemed to end civilly with a public apology from Kashpureff. But the FBI, I think, was far too eager to bring down heavy-handed punishment on a short-lived prank that was not clearly covered by any law. News reports indicated that Kashpureff was arrested four months later for the action in July.
Ideally, the solution will be technical. New versions of some DNS software do indeed look at the messages more carefully. But these versions will take time to be adopted widely, and are still vulnerable to those who are determined to replicate the hack. (Which is why an article like this one does not dare go into much detail about how it was done.)
So victims of computer hacks should be able to rely on legal action. But laws are often too rigid and broadly drawn, as we saw in the case of the Communications Decency Act, while criminal persecutions may be a waste of taxpayer money.
Law enforcement jumped too fast on another highly-publicized case in April 1994. Here, copyright was the issue. David LaMacchia, an MIT student, was allowing other people to store commercial software on an MIT computer where anyone who wanted could download it.
In a hysterical attempt to find a law that could be used to punish LaMacchia, prosecutors charged him with wire fraud. The judge quite properly threw out the charge and announced that no law covered what LaMacchia had done. A series of bills introduced into Congress (currently the WIPO Copyright and Performances and Phonograms Treaty Implementation Act of 1997, H.R. 2281/S. 1121) have tried to plug the hole.
LaMacchia was doing nothing fraudulent. The technical problem with the “wire fraud” charge was that it applies only to people who profit from their acts. LaMacchia was offering software as what he saw to be a public service that promoted freedom of information. Personally, I think people who want to perform a public service could do better by teaching literacy courses, or leading forums against racism, or even writing and giving away their own free software! But there was no justification for turning LaMacchia’s misdirected altruism into a crime. Standard lawsuits for copyright infringement are perfectly suitable for such a situation. The software manufacturers probably rejected that option because they couldn’t squeeze much money out of a student. That is no excuse for bringing down fire and brimstone, while making the public foot the bill.
It is fear that leads to overreaction. Companies and legislators know that the openness of the Internet enhances its risks, which they try to control through poorly thought out responses. Instead, they should pick their way carefully in the world of electronic communications, looking for reasonable applications of existing law.
This work is licensed under a Creative Commons Attribution 4.0 International License.
Editor, O’Reilly Media
Author’s home page
Other articles in
chronological order
Index to other articles