6.805/STS085: How countries handle computer crime

By Michael W. Kim


Paper for MIT 6.805/STS085: Ethics and Law on the Electronic Frontier, Fall 1997

Introduction

In 1986, the passage of the Electronic Communication Privacy Act marked the first time that a major piece of legislation had specifically been passed to mandate restrictions on the use of computers. It was a historic moment, not only for the United States, but for the entire world, as it was the first time any governmental authority had done anything to try to contain what we now know as the Internet. This was only the beginning. In the ensuing years after the passage of the ECPA, many federal agencies from the FBI and Secret Service began to enforce this and other pieces of legislation, trying to crack down on this new wave of computer crime. Without direction from legislative bodies, however, and lacking precedent from previous cases, both the FBI and Secret Service were unclear as to their jurisdiction, and, as in previous expansions of federal power, proceeded with aggressive prosecutions in attempts to "stake their claim." Instead of culminating in strong legal precedents, however, that would send a message to computer users everywhere, their efforts ended up in the Robert Morris Internet Worm and Steve Jackson Games cases. Two cases that were tenuous at best in setting any strong legal precedents.

Since these early fiascos, however, much has been written and done to improve the viability of electronic law enforcement. The FBI now has a network of computer crime squads. The Justice Department has set up a set of guidelines outlining procedures for seizing and searching computers. Even the general US population as a whole is now more educated about computer crime, and many generally know what to do in order to protect themselves.

What is lost in this legal sea, however, is that the Internet, as well as Internet crime, extends far beyond the borders of the United States. According to InterGov International, 39 percent of Internet traffic is generated outside of the United States. In addition, a 1991 United Nations Commission on Crime and Criminal Justice study concluded that in survey of 3000 Virtual Address Extensions sites in dozens of countries, over 72 percent reported a security incident within the last 12 months. Clearly, law enforcement on the electronic frontier is not just an American problem.

Although the nature of the Internet is that its content and influence extend far beyond a nations borders, it is clear that as of yet, law enforcement can not and does not. Hence, a responsibility has been put on every national government to police its own section of the Internet that more or less happens to fall onto their soil. In the ensuing paragraphs, I will attempt to explain legal measures being taken by several nations in their efforts to curb Internet abuses and computer crime within their sovereign jurisdiction. Some countries have reacted quickly and legislated stringent standards. Others have been more lax in their response, or simply do not care to enforce this additional legislation. Whatever the case, however, it is clear that in order to effectively curb computer crime in the future, international cooperation of some kind will be required in order to provide boundaries to this otherwise infinite universe.

United Kingdom

On June 4, 1993, Neil Woods and Karl Strickland, citizens of the United Kingdom, became the first two people to be convicted and sentenced for violating the criminal conspiracy provision of the British Computer Misuse Act of 1990. It marked the first time that any successful action had been taken, in the United Kingdom or the Continent, to curb what had previously been seen as an uncontrollable virus of computer hacking in Europe. After all, British citizens had been bombarded for years with reports of the exploits of such groups as the Computer Chaos Club, and other minor hackers. This point was not lost from the prospective of the British government, who badly needed this legal victory.

The names of Woods and Strickland, better known as Pad and Gandalf, had been known by many across Europe for some time as a duo of extremely adept and dangerous hackers. Easily penetrating computer systems in fifteen different countries, Woods and Strickland had been responsible for many hacks including exposing the gaudy expense accounts of European Community President Jacques Delor, entering and bringing down a good part of Sweden's telephone network, and pilfering the confidential financial records of S.G. Warburg, the leading banker in London.

What made this conviction especially important, however, was the case of Paul Bedworth which, just a few months before, had ended in acquittal. At 14 years old, Bedworth's mother had furnished him with a $400 computer for a birthday present, which he then proceeded to use over the next five years to break into supposedly secure systems ranging from the White House to the Tokyo Zoo. After his capture and subsequent trial on the charge of criminal conspiracy under the Computer Misuse Act, a conviction appeared like a certainty, as Bedworth did not deny his hacking exploits, and did not offer any evidence in his defense other than to say he had a "pathological obsession" with computers. Most devastatingly to prosecutors, however, a jury of eleven, eight men and three women, voted unanimously to acquitt Bedworth, despite the fact that there had been evidence presented from the collaboration of eight different British police forces, as well as several overseas governments including Singapore and India. Many had feared the Bedworth case had permanently taken the teeth out of the Computer Misuse Act, essentially freeing hackers everywhere to roam as they pleased and claim addiction to this "disease." However, their fears were somewhat quelled by the convictions of Wood and Strickland, who will surely serve as precedents and examples for the near future.

There are basically two acts relating top computer usage that have been passed by the British government. They are the Data Protection Act of 1984, and the Computer Misuse Act of 1990. The first act generally deals with the actual procurement and use of personal data, while the second act defines the laws, procedures, and penalties surrounding unauthorized entry into computers. The next two paragraphs will go into more detail as to what exactly these two pieces of legislation encompass.

The Data Protection Act of 1984 is divided into eight basic principles. The first deals with procurement of data, and generally outlines ways in which data may be processed fairly and lawfully. The next principle deals with the possession of data, and that it should only be held in a specified and lawful manner for a specific purpose. The third item states that data will not used or disclosed for anything other than its intended purpose. The fourth says that once that purpose is finished, is should be disposed of immediately and properly. The following two principles mandate the integrity of the data, stating that it should remain relevant and viable for its intended purpose, and should be kept accurate and up to date at all times. Finally, the last two points deal with the actual ownership of data, saying that it is up to the data user to maintain their own data and make sure adequate security measures are in place to prevent its unauthorized access, alteration, disclosure, or destruction. This act looked very peculiar at the time of its passage, and continues to today, because it seems to place the blame of hacking on the victim, and not on the aggressor. In otherwords, if a person hacks into ones computers, the computer owner is liable for not effectively defending their own computer from attacks.

As a result of the Data Protection Act's curious bestowment of security burden on the victim, in 1990, Parliament passed the Computer Misuse Act to supersede many of the provisions of the 1984 act. The act grew out of public outrage over the growing proliferation of destructive hackers, and resulted in a very tough piece of legislation. Its most significant components were the first three of eighteen sections, which effectively shifted the blame and responsibility of unauthorized access from the attacked to the attacker. Not only did it criminalize expected actions such as unauthorized access, modification, and destruction of material, but it also removed the burden of intent in order to find someone guilty under the act. In other words, someone who succeeded in accessing an unauthorized computer, even if he had no explicit intent of doing so, could be convicted under the act. The next six sections defined the jurisdiction of the act, and it was made broad enough to include prosecuting actions on British soil, at British soil, as well as the procedures for the proper prosecution of conviction of non-British citizens. The remaining sections dealt with the enforcement aspects of the legislation, outlining procedures for trial, search warrants, extradition, and what to do in case proceedings were held in either Scotland or Northern Ireland, who maintain their own separate court systems.

Following the convictions of Wood and Strickland, prosecutions of hackers grew in number as more and more of them were brought to Her Majesty's Royal Court. In 1997, Richard Pryce, 19 of Holburn, England, plead guilty to twelve counts of gaining unauthorized access to computers, including those of the United States Air Force. He was caught when he was sixteen years old by the Computer Crime Unit of the New Scotland Yard, who had received a tip from none other than the United States Air Force. Owing to the non-malicious nature of the intrusion, and the three year disruption to his musical career, the magistrate decided Pryce had suffered enough, gave him a stiff fine, and sent him on his way. In 1995 at Exeter Crown Court, Christopher Pile, also known as the "Black Baron," was sentenced to 18 months in prison for violating section 3 of the Computer Misuse Act. Specifically, he was charged with unauthorized access, unauthorized modifications, and inciting people to spread viruses. He was the first person convicted under section 3 of the act.

Despite its seeming successes, Scotland Yard, however, has not been as lucky. In 1996, a phone phreaker or a hacker broke into Scotland Yard's PABX (Private Automatic Branch Exchange) and racked up one million pounds worth of long distance phone calls before the scam could be stopped. Despite the fact that public network had been electronically "sealed" from hacking years before, authorities admitted that the PABX continued to be the weak link in the electronic information chain. Aside from being expensive and embarrassing, Scotland Yard still has no option but to blame themselves, for the nintruder or intruders have been rigorously pursued, but as of yet still have not been caught. Hackers like these are costing Britain alone almost $1.54 billion a year.

Canada

In October of 1992, the North York Metro Police Department arrested a 15 year old boy who was attending school, raided his home, and confiscated two computers. According to BellCanada and Metro police, the young individual in hand was the notorious 911 dialer that had periodically clogged up the 911 lines for the entire Toronto area, severely hampering emergency services. Apparently, the youth had dialed into the 911 service by illegally breaking into the phone system, rerouting the call through several United States systems, before finally reentering the Toronto area. When arrested, he was charged with theft of telecommunications, 24 counts of mischief, and 10 counts of conveying false messages. What startled authorities, however, was not the crime itself, but the degree of complexity with which the youth had carried it out. It sent a message to Canadian authorities everywhere that computer crime can be committed by anyone, and must be rigorously prosecuted.

Besides being our geographical neighbor to the north, Canada's proximity and economic integration with the United States has created a computer network and Internet community very dependent to ours. Along with this technology, however, has also come computer crime both from United States, as well as from within. To Canada's credit, they have watched very closely the proliferation of computer crime in their neighbor south of the border, and have wasted no time in implementing legislative action to correct such measures. That, along with a well defined enforcement and command structure has given Canada an almost unmatched success rate in dealing with hackers. Some of their success stories include the apprehension of such notorious hackers as Darkman, Coaxial Karma, and SubHuman Punisher.

As stated before, the Canadian government has been very aggressive and unashamed in implementing computer crime legislation. There are basically two section in the Canadian criminal code, sections 342.1 and 430 that deal the most with computer crime. Section 342.1 is itself divided into two parts. The first part deals with most of the items that would traditionally be considered computer crime. It defines unlawful entry into systems, interception of transmissions, as well as mandating a harsh ten year prison sentence for violation of these laws. The second part defines data or computer programs, to give written documentation as to what kind of materials would qualify under the statute. Section 430 criminalizes the actual destruction, alteration, or interruption of data or data transmission. It does not set specific sentences, but one can assume they would be similar in nature to section 342.1. Other related codes that more generally refer to the misuse of telecommunications include section 184, the unlawful interception of telecommunications, section 326, theft of telecommunications, and section 327, possession of device to intercept telecommunications. I found that in cases of hacker prosecutions, telecommunications theft was often charged in conjunction with the other statutes.

The item, however, that truly distinguishes the Canadian government from all others who try to enforce computer crime laws is the clear definition of a jurisdictional boundary for computer crime. All sections pertaining to such events fall under the mandate of the Royal Canadian Mountain Police (RCMP), and specifically the Information Technology Security Branch (ITSB). This body, in consultation with the Treasury Board Secretariat (TSB) and Communications Security Establishment (CSE), are responsible for the information technology security of all of Canada. Their primary role is to educate the government on security matters, running seminars, printing document, and providing consultation, however, they are also tasked with working with local law enforcement officials to crack down on computer crime. The ITSB itself is broken up into three branches. The Security Evaluation and Inspection Team's (SEIT) primary function is to set up, secure, and be a consulting organization for any computers and networks set up by the government of Canada. The Computer Investigative Support Unit (CISU) is the legal branch of the RCMP. They provide legal counsel, acquire warrants, and direct the prosecution of computer criminals. Finally, the Counter Technical Intrusion Unit (CTIU) is responsible for performing periodic sweeps of governmental computer systems, assisting local police, and performing technical evaluations in cases of theft of communication. As one can see, with the defined layout and organizational structure written above, its no wonder that hackers consider Canada a difficult hack, although there are many that will always be up to the challenge.

In just one measure of a Canada's success in their war on electronic crime, it is estimated that of the $3 billion to $4 billion lost in North America due to telecommunications theft, only $100 million, or about 3%occurred in Canada. This despite the fact that Canada accounts for approximately 8% of the North American population, and a much greater proportion of its electronic traffic. In telecommunications conference held in Toronto, a group called the Stentor alliance attributed this success to the cooperative atmosphere, in fighting computer crime, that exists between government, law enforcement, and industry. Maybe it is conceivable that the United States should import another product from their northern neighbor, other than hockey.

Italy

On September 8, 1994, hundreds of customs inspectors from the Guardia di Finanza (the finance police) unleashed a massive operation, called "hardware1." This operation, which seemed to materialize without logic or warning, was carried out on a nationwide scale as anywhere from 50 to 100 bulletin boards were shut down, and all hardware and software were confiscated. Many operators, understandingly, were taken aback as they were charged with everything from cooperating with the Mafia, to selling pirated software and CD-ROMs. Later, the chief prosecutor Parodi from the city of Turin explained the raids, saying that they had launched such an operation against BBSes because it had come to their attention that these "telecom pirates" were using their BBSes to connect with similar American boards, download pirated software, copy them, and sell them on the black market. In addition, he said that the finance police had uncovered evidence of a loose confederation of these BBS operators who were trafficking data between themselves in order further their profits. On face, it seemed like the Italian government had acted prudently and efficiently to save legitimate software manufacturers billions of dollars in revenue. The reality is quite different story.

To begin however, allow me to present the legal background in Italy, for laws involving computer crime. In the Operation Hardware1, Italian officials cited several parts of the Italian as well as European Economic Community (EEC) Code to justify their actions. Specifically, they cited EEC proposal 250/91, which establishes the integrity of copyrighted software, Italian Code section 518/92, which establishes penalties against selling pirated software and evading taxes on those items, and Italian Code section 633/41, which also protects copyrighted software. Although those were the laws invoked in the raids, they do not form the heart of Italian computer crime law, which is actually quite extensive. All legislation of that type is contained within Italian Code section 547, which was passed as part of a larger bill in December of 1993. There were basically twelve points in the bill. Four of the points deal with the possession, alteration, or destruction of data or computer systems. The last of those carried a maximum penalty of one million liars and recommendations for action by the plaintiff. Another four set penalties for unauthorized or pirated access into systems and subsequent interception of communications, which carry a maximum sentence of six years. The last four points were more diverse in nature. One makes it a crime to forge an electronic transmission. Another forbids the diffusion of computer viruses into the network. The third makes illegal the possession of devices to intercept or disrupt communications. The final point is probably the most intriguing, as it sets rather harsh penalties for disclosure of information to another without good cause.

Back to the Operation Hardware1 of 1994, despite the benevolent and seemingly legal nature of the operation, the Italian government had, apparently, once again lived up to its good name as a country who had problems when it came to government. Although the prosecutors were backed by the criminal code, it was difficult to justify their actions on only those grounds, because had copyright violations really been a problem, crackdowns would have occurred in the music and videotape industry as well. However, those raids never came. Thus, a multitude of theories swirled around as to why the raids occurred, and no is quite sure which one is correct. Of the those dozens of theories, three in particular were taken seriously into consideration by those who followed the Italian BBS scene.

The first one was that after the recent prosecutions of the Mafia, prosecutors were getting bored and decided to go after what they considered a "high profile story." As computers were leading edge, and as of yet not well understood, technology, it would be perfect way for the government to strike something the public did not exactly understand. One of many holes in this story, however, is that it would have required massive amounts of under the table communications which seemed unlikely.

Another theory was that the Italian government was acting, at the behest of the telecommunications industry, to clear out small BBS operators so they could move in with their massive communications networks and take over the Italian net. The flaw in this theory is that BBS users were generally private people with a small group of users, and that the communications giants would have been relatively unaffected had they chosen to begin a massive marketing campaign with or without the BBSes.

The final, and most intriguing theory, is one that goes back to the past Italian election. Following corruption scandals that basically decimated the ranks of the centrist Christian Democrat and Socialist parties, a power vacuum emerged that allowed the election of media mogule Silvio Berlusconi's right wing party. Although not fascist himself, Berlusconi gave prominent seats in his cabinet to the Alianza Nationale, the neo-fascist party, in order to form a government. It was then these fascists who orchestrated Operation Hardware1, as it was clear a disproportionate share of the BBSes hit were left leaning services, including Peacelink, a non-profit BBS which was brought down three weeks after the initial raids when they criticized the Berlusconi government. Because Berlusconi owned a good portion of Italian media, little was reported of these facts. Although carried out in the name of computer justice, the actions of the government were little more than a political suppression. This interpretation was further justified in 1995, when the Bits Against the Empire BBS, a node of the Italian Cybernet computer network was shut down because its efforts at free expression and counter-information were a threat to the democratic order. They were charged with subversive association with terrorist intent, although the outcome of the case is not certain.

Besides this operation and the laws on the books, little other movements have been seen in enforcing Italian computer crime legislation. One case in point is in 1994, police officials learned of the existence of a Virus Creation Laboratory (VCL) in Italian servers. Cracked by the Data Processing Crime Section of the Italian police, an investigation was launched into finding the origin of this virus "factory." Yet, despite the fact that the program was traced back to a Bulgarian data bank, no charges were filed and no arrests were made. With its already colored history, it will be interesting to see what Italian computer crime will look like in the future.

Australia

A book called "Underground" by Suelette Dreyfus details the true story about an Australian computer underground group who wrecked havoc for over a decade on the Internet. They hacked into supposedly secure computer systems such as Citibank, the Pentagon, NATO, the FT 100, NASA, Lockheed-Martin, Deutsche Telekom, and Australian Telecom, as well as the Defence Data Network's NIC, one of the backbones of the Internet. It was only after raids by the Australian Federal Police and the police agencies of other countries that this group was finally brought down.(11) Today, these hackers based in Australia are known as Data King, Pheonix, Electron, and Nom. They were arrested, and brought to trial under the Australian Criminal Code provisions passed in the Telecommunications Act of 1991, which outlined much of the laws surrounding computer crime in Australia.

The Telecommunications Act of 1991 basically added sections 74 and 76 to the Australian Criminal Code. Section 74 outlines the definitions of carrier and data, so that they may be used in subsequent sections of the code. It also went on to specify what was considered a carrier and data belonging to the Commonwealth of Australia, encompassing everything from data that originates in Commonwealth computers, as well as data that leaves Commonwealth computers. Section 76B-1 makes a crime any unauthorized access to a Commonwealth computer system. Section 76B-2 is similar to the previous section, except that it elaborates on what is considered unauthorized access, as well as establishing intent as a qualifying factor for prosecution. Section 76B-3 makes it a crime to continue to examine the data. Section 76C deals with destruction, alteration, and impeding the data, while Section 76D focuses more on the method of entry. Finally, Section 76E provides punishment for those who specifically access a Commonwealth computer, and proceed to alter or destroy data.

1993 basically marked the watershed year for the Australian Federal Police Computer Crime Unit, the agency established to enforce the Telecommunications Act. In that year, the computer ring was busted, and six notorious hackers were put on trial in Australian Federal Court. Of those six, the main four were eventually convicted and three were sentenced to jail terms. Data King, the most notorious of the four, was given the lightest sentence, even though he had done the most damage when he hacked into such systems as the Australian National University and the Australian Defense Forces. He, however, was a minor and escaped with a fine and probation under Section 19A of the criminal code. The others were not as lucky. Phoenix, who had unwittingly fallen into a trap when he collaborated with a Federal agent, received the harshest sentence, most notably a year in jail and 500 hours of community service. The other two, Electron and Nom, were sentenced to six months in jail apiece, with 300 and 200 community service hours respectively.

Still, despite all the attention and grief caused by this four, one has to wonder whether the punishments they were levied were indeed enough. After all, the crimes that this group committed could indeed be considered exceptionally heinous and dangerous. Some the damage done included installing a Wankworm in the computer system at the Goddard Space Center which disrupted NASA operations, breaking into Canada's Northern TeleCom and seriously disturbing company functions, listening in on classified United States military communications on its System X network, which could have meant disaster for a group of US soldiers somewhere. Despite the magnitude of their crimes, however, the judgments stood. In last twisted instance of justice, however, Electron eventually became crazy following the trials, and was committed to a mental hospital.

Israel

On January 29, 1992, four computer hackers, two adults, two minors, were arrested in their Jerusalem home on a variety of computer crime charges. Apparently, these four individuals, using personal computers and inexpensive modems, had fraudulently obtained several confidential passwords necessary to enter Isranet. Isranet is the national bank computer network. >From there, they had broken into other international computer services, and stolen data from foreign public data banks, including personal credit card numbers and other services. Their arrest was a combined effort between security officers from Bezek, Israel's state controlled phone company, and the National Fraud Squad.

The National Fraud Squad has official jurisdiction over Israel's computer crime. Although backed by the force of law, unfortunately for us, they have only one or two officers that are specifically assigned to computer investigations, who are in charge of everything from calling card fraud, to electronic bank embezzelers. Consequently busts like the one described above are the exception, most of which occur when Bezek gets involved. Simply put, the government and public believe that computer hackers actually represent the smarter end of the Israeli population. In general, the law enforcement has not as of yet encountered any major problems with hackers that turn into professional criminals and warrant extra attention. To the contrary. Most Israeli hackers end up getting hired by the Israeli software industry to make a rather lucrative living. Although hacker busts do occur, they are very infrequent and usually result in charges being dropped.

The only other computer crime of note that occurred in Israel was the capture of Deri Schreibman, who was arrested and charged with disseminating illegitimate credit cards to people in the United States and Canada. Although it was widely rumored that he had also broken into computer systems such as the Washington Post and the Pentagon, lacking any legal backing, nothing ever came of his arrest. Although hacking is sure to become a wider problem as network access grows in Israel, as of yet the major computer crime epidemic has not found their way to this corner of the globe.

China

In order to evaluate computer crime in China, it is absolutely necessary to distinguish between mainland China and Hong Kong. Although they are now ostensibly one and the same country, one hundred fifty years of separation, and two radically different governments, have undoubtedly left two very different societies in their wake. They are divergent in every sense, from economic, political, to technological. It is in fact this contrast of worlds that is sure to prove the most interesting in the immediate years to come.

Like many of its earlier actions, China does not seem to possess any written law or code specifically outlining its computer crime statutes. Instead, trials are held by the force of military law, and harsh punishments are handed out, often in an execution style manner. These cases, however, have been extremely rare and far between, for in a report in WIRED magazine by Neal Stephenson, he journeys deep into China to find out that the general Chinese population have no real concept of the computers or the Internet. Their idea of network are the network of spies during the Cultural Revolution that were executed for espionage and treason. The reason for this is not necessarily that China is unable to accept the Internet's infrastructure, but more a play by the government to limit what it considers treasonous propaganda from entering the country. With the memories of Tiannamenn Square fresh in their minds, they are understandably skeptical of this new technology which the United States Supreme Court so eloquently called "the most democratic of all mediums." They wish to limit outside contact with pro-democracy and human rights groups, and thus, in conjunction with Singapore, are busy building a structure that will be able to filter out undesired content.

Nevertheless, the information age and computer crime is finding its way in the largest country in the world. The first incident of a computer crime as we know it, occurred in April of 1993, when Shi Biao, an accountant at the Agricultural Bank of China's Jilin branch, and his accomplice Yu Xilin, attempted to wire stolen money from Jilin to a bank in Shenzhen. The two were accused, and hence convicted, of invading the computers of the bank, and embezzeling almost $192,000. Biao and Xilin were then executed for their crimes, setting a strong precedent for future prosecutions. It would not be an unrealistic assertion to believe that individuals in the future who are caught on similar charges will be subject to the same form of punishment.

The main incident involving computer crime in Hong Kong comes on the heels of a raid conducted by the Police Commercial Crime Bureau (CCB) and the Office of the Telecommunications Authority (OFTA). On March 6, 1995, agents of the CCB and OFTA shut down the servers of seven Internet providers, cutting off thousands of customers, and severely disrupting business transactions throughout Hong Kong. At the time of the raid, OFTA had maintained that raids were part of a police investigation into commercial crimes involving computer hacking, violating portions of the Hong Kong Computer Crimes Ordinance of 1993. They claimed that because the servers were not licensed, they could have facilitated the operations of criminal hacker groups, which would violate the 1993 ordinance. However, all employees detained were only questioned on charges of providing telecommunications without a license, and other computer crime charges never arose again. In this case, the raid was a complete mixup between the CCB and OFTA. The OFTA had been conducting an investigation into the unlicensed servers, and had already negotiated with the Internet providers over these terms. The CCB, however, had claimed knowledge of computer crimes, and thus, initiated the raid with full knowledge and help of the OFTA. The tip on these crimes, however, had apparently come from an international telecommunications provider, meaning that either Hong Kong TeleCom or SuperNet had blown the whistle, possibly to take out its competition. The most puzzling part of this whole affair is that what this huge raid actually was a contention over was simple $700 licensing fee, an amount that clearly did not warrant such a drastic response from the Hong Kong CCB. Whatever the case, either an innocent miscommunications, or an effort subvert free speech, this raid proved just how little many people understand the information superhighway in Hong Kong.

The next couple years in the absorption of Hong Kong into China will be very interesting, not only politically, but also in terms of the Internet. In the Russian coupe of 1991, it was widely reported that the reason the efforts of the hardline extremists failed was because while they have taken control of the radio and television stations, they had failed to account for other forms of communication, including the Internet. As a result, reports of the coupe was disseminated throughout Russia, and the coupe collapsed. It will be interesting to see not only if China eventually legislates laws against computer crime, as the mainland itself will undoubtedly become more integrated, but also if it will impose the same punishments on the populace of Hong Kong. There will undoubtedly come a point where China must establish rules to regulate its burgeoning electronics and computer industry. One can only hope that such legislation does not result in the oppressive persecution of the population.

Denmark

In January of 1990, JubJub and Sprocket, two Danish high school kids who were Denmark's first hackers, were busted after they were discovered snooping around some of NASA's non public machinery. At this point, however, Denmark, and really no European nation, had passed any laws explicitly banning the hacking of computers. After muddling around in the courts for a while, the two were given a non-trial sentence of two years on probation, during which time they were expressly forbidden to hack any computers. If arrested again, they were warned, the case would go to trial and this time, a verdict would be returned.

Ironically, it was the publicization of the case of Sprocket at JubJub that spurred the growth of the hacker community in Denmark. To the governments credit, however, it also marked the beginning of law enforcement, as a man named Joergen Bo Madsen, a computer security expert working for both the University of Copenhagen and the Danish government began monitoring hacker activities off of the Institute of Computer Science at Copenhagen University (DIKU). In the winter of 1991, Madsen came out of hiding and with assistance of the Danish secret service, busted eleven hackers, including one Saron who had racked up a large bill on a stolen credit card. This time, people were prosecuted.

By December of 1993, the Inner Circle of Danish hackers, most of them students at the University of Copenhagen, were history. The university, fed up with students trying to break into theirs and other computer systems worldwide, called in Madsen and imposed a crackdown on all known hackers. Busted by the Danish police were scores of individuals including Zephyr, Dixie, WedLock, Netrunner, Darkman, and Le Cerveau. Some were placed in isolation before prosecutions, while others were outright released. What became of these individuals is unclear, other than the fact that one person, Joergen Bo Madsen, secured Denmark's computer systems from internal threats.

Miscellaneous Countries

On January 4, 1996, the iWatch program, a part of the Network Intrusion Detector package developed by Lawrence Livermore National Laboratory, captured and issued warrants for the arrest of an Argentine hacker who had been caught trying to break into the center's computer network. Although no damage was done, this intrusion provided proof that the problems or computer crime were spreading, even to the far corner of the South American continent. Argentina is definitely lagging when it comes to Internet and computer access, let alone computer crime. Up to seven years ago, telephones themselves were an expensive commodity, although things have improved with the privatization of the phone monopoly into three direct competitors. However, as networks that are up are now outdated, few outsiders come into contact with Argentinian hackers, thus, the problems of computer crime have not yet surfaced. Although the media in Argentina has romanticized the concept of hackers and hacking, no culture has developed yet to warrant such an interest. The government has approached the hacker problem by severely restricting Internet and BBS access, in hopes of forestalling the international wave of computer crime.

In Switzerland, legislation was passed in 1993 banning hacking, although no prosecutions have resulted as of yet from the statute. There have been only two hacking incidents of note, and both were resolved in a nonlegal manner. At the Swiss X.25 Network Telepac, an employee had let out the usernames and passwords used by internal employees to members of the hacker community. The information spread like wildfire, and for two years all Swiss and some German hackers used this information to make calls around the world until the system was finally disconnected. The other incident involved an individual who hacked into BAG (the Swiss equivalent of NIH) and had gained access to material on patients of the institute. At this point, however, no laws had been passed, so no prosecution was pursued.

The French have been curiously quiet on the international computer scene, as few headlines have been made of the prosecution of computer criminals. The reason for this is not the lack of laws or effective hackers, however, but the fact that the French have actually pioneering computer law enforcement in Europe. In 1988, the French legislature passed laws making hacking illegal, and formed a Computer Fraud Agency (DST) to deal with the matter. They have been fairly effective in curbing computer crime as well as telecommunications fraud. Their list of trophies include NICK, Hardcore Hackers, Piratel and TeKila Underground. Part of computer law enforcement is made easier by the fact that listed on Carte France Telecom's (France's phone company) phone bill is a listing of a caller and a callee's phone number, making the theft of calling cards to hack almost useless. Thus, all they have to do to catch a hacker is find the location of the phone call, making their job a lot easier.

Conclusion

As one can see, the computer crimes are a problem that are not just limited to the United States. From highly integrated computer cultures such as Great Britain and Canada, to lesser integrated countries, such as Argentina and China, hackers from all over have found ways to encourage the legislation of newer and better computer laws. As in any case of legal issues, each nation has taken it up itself to establish, within its culture, the boundaries of what it considers "fairplay" over the Internet. What makes this situation different from all previous criminal laws, however, is that the basic nature of the Internet is that it knows no geographic or national boundaries. Although countries such as Singapore and the People's Republic of China are busily developing ways to regulate the Internet within their borders, I believe that it will eventually go the way of television and radio, where try as they might, it will ultimately be extremely difficult to regulate Internet access using this method. What makes this issue of international law more important and relevant than in cases of drug trafficking or espionage, however, is that attacks are often made from foreign soil for only minutes, maybe even seconds. Not only is it currently difficult to trace, prosecute, and reach a desired verdict, but if the case crosses many national borders, it may be almost impossible to secure extradition or decide which country deserves ultimate jurisdictional power over a given case. The United Nations has already created a United Nations Crime Prevention and Criminal Justice Programme to compile statistics and mediate criminal disputes between countries. I believe it and other programs must fulfill a similar with computer, in fact much more so, in order to effectively combat this growing problem. One thing I did notice, however, is that what is considered computer crime is fairly consistent across many national borders. Therefore, much more so than in other case, I feel there is hope in creating a set of standardized international computer crime laws.

Bibliography

Phrack Magazine Issues 35-47, Chris Goggans aka Erik BloodAxe, 1992-1994, http://www.soci.niu.edu/~jthomas3/phracks/phrack

"Computer Crime : An Emerging Challenge for Law Enforcement," David L. Carter PhD and Adra J. Katz PhD, 12/96, http://www.fbi.gov/leb/dec961.txt

"Hackers Take Scotland Yard's PABX For A Cool Million," Steve Gold, 8/5/96, www.apple.com.au/documents/newsbytes/1996/aug96/960807/2.html

The Web Police, http://www.web-police.org/

The Canadian Criminal Code, http://insight.mcmaster.ca/org/efc/pages/law/cc/cc.html

The Royal Canadian Mounted Police Information Technology Security Branch, http://www.rcmp-grc.gc.ca/html/itsb-e.htm

Italian Computer Crime Law, http://www.clarence.com/home/diritto/Comment2.htm

"Underground," Suelete Dreyfus, 1997, http://www.underground-book.com/about.htm

China Field of Electronic Frontier Foundation, http://www.eff.org/pub/Global/China/

"Lab Software Snares International Hacker," Lawrence Livermore National Laboratory Public Affairs Office, 4/2/96, http://www.llnl.gov/PAO/NewsReleases/April96/NR-96-04-01.html

"Discovery Of Data Processing Virus Factory In Italy," AFP Sciences, 2/17/94

"China Executes Computer Intruder," 4/26/93, AP Newswire

"Software Piracy Still A Big Problem In China," Jeffrey Parker, 3/6/95, Reuter News Service

"Boy, 15, Arrested After 911 Paralyzed By Computer Hacker," Caroline Mallan, 10/7/92, Toronto Star

"Computer crime costs Britain $1.5 billion a year," 1/24/96, Scripps Howard News Service

Computer Misuse Act of 1990, http://www.hmso.gov.uk/acts/summary/01990018.htm

Data Protection Act 1984, http://web.doc.ic.ac.uk/~ard/teach/DataProtectionAct.html

Electronic Privacy Information Center, http://epic.org

"Hackers Crack Into NASA Internet Site," http://www.canoe.com/CyberTechArchive/mar06_nasa.html

United Nations Crime Prevention and Criminal Justice Program, http://www.ifs.univie.ac.at/~pr2gq1/uno