60 UMKC L. Rev. 139
UMKC Law Review
Fall, 1991
Note
THE CONSTITUTION IN CYBERSPACE: THE FUNDAMENTAL RIGHTS OF COMPUTER
USERS
Terri A. Cutrera [FNa]
Copyright © 1991 by the Curators of the University of Missouri; Terri A.
Cutrera
INTRODUCTION
Cyberspace is the name given by science fiction writer William Gibson [FN1] to the network of "electron states, magnetic fields, light pulses and thought s " [FN2] that connects one computer with another. The term was quickly embraced and incorporated into the colorful vocabulary of the computer culture and now refers to the world inhabited by more than one million computer users in the United States alone. [FN3] Limiting the population of the electronic frontier to the computer networkers in any one country, however, is impossible.
Cyberspace recognizes no national boundaries, and physical obstacles such as oceans and deserts that have historically compartmentalized people are non- existent. In this world of open and instantaneous access to vast quantities of information, individuals are free to associate with others of their choosing, regardless of geographical and social constraints, thus removing the "glue of social cohesion" [FN4] traditionally provided by local culture and governments. The destabilization that springs from such social unsettling terrifies totalitarian regimes [FN5] and the unparalleled opportunities for espionage and crime have been greeted with apprehension by the world's most democratic and progressive governments.
The reaction of the United States government to the challenge posed by the proliferation of computer technology, recently manifested by nation-wide computer crime dragnets, has raised questions regarding computer users' constitutionally guaranteed rights of privacy and due process of law. This Note will discuss the groups targeted by government computer crime crack-downs along with the protections afforded them by the Fourth Amendment to the United States Constitution and such federal statutes as Title III of the Omnibus Crime Control and Safe Streets Act of 1968 [FN6] *140 and the Electronic Communications Privacy Act of 1986. [FN7] Actual law enforcement procedures used during Operation Sun Devil, a nationwide computer crime sweep conducted by the Secret Service in 1990, will be examined in light of Fourth Amendment and statutory restrictions as well as Fifth Amendment Due Process requirements. Possible new developments in technology affecting the electronic monitoring of computer activity will be considered along with ways to modify the current laws to ensure continued protection of citizens' privacy rights in the future. Finally, specific recommendations will be made concerning present public policies and law enforcement methods that would aid the government in enforcing computer crime laws and deterring potential criminals, while enhancing the privacy protections afforded the computer-using citizen.
COMPUTER USERS AND CRIME
It's the culture of the nerd--the solitary libertarian down in his basement saying "don't tread on me...."
John Perry Barlow [FN8]
Computer networking attracts an eclectic group of people, drawn together by a common intellectual curiosity and a desire to reach out to others with similar interests and aptitudes. The stereotype of the typical computer user--a nerdy adolescent male glued to his computer terminal--was perhaps quite accurate in the pioneering days of the 60's and early 70's, but today with the advent of low-cost, user-friendly systems, the average networker has changed drastically. Computer services [FN9] are becoming increasingly important to large segments of society, especially such groups as housewives, the elderly, and the chronically ill who depend upon computer networks for social interactions and support. [FN10] In addition to personal computer users, of course, are the myriad of business organizations--large and small--that increasingly depend upon computers and electronic networking for internal and external communications as well as for transacting business worldwide.
Still, the vision of the lonely, introverted "hacker" [FN11] working long hours at his desk remains a permanent fixture of computer lore. Hackers [FN12] *141 have a reputation for treading a fine line between what are legal, permissible uses for their computers and what are not. One reason for this conflict with the law is the "hacker ethic" which postulates that " a ccess to computers--and anything which might teach you something about the way the world works--should be unlimited and total;" [FN13] and " a ll information should be free." [FN14] Another source of friction between computer users and the law arises from hackers' long standing feud with AT & T. Because computers use telephone lines as conduits for their electronic communications, and the costs of long distance phone access are prohibitive, hackers often try to obtain telephone services for free. [FN15]
In the last twenty years, hackers' skirmishes with the law have increased. Crackers (bad hackers who invade other computers) [FN16] devised methods of accessing corporate computer files from their home systems in a hi-tech thrill- seeking activity analogous to trespassing on off-limits property perpetrated by less precocious adolescents. Phone phreaking [FN17] began to cut into telephone company revenues. [FN18] Occasionally an unauthorized access would damage files in a target computer. The marketplace responded with private computer security firms, many started by ex-hackers themselves, which were generally quite effective in controlling the hacker problem by making outside access to systems more difficult and by installing anti-virus programs into systems to detect and contain externally injected programs. "Law enforcement had for years treated computer crime as a white-collar con, a second-fiddle felony," [FN19] happy to let private industry handle the problem. All of this changed in 1988 when national attention was drawn to a graduate student at Cornell University named Robert T. Morris. [FN20] Morris designed and let loose a worm program that was supposed to benignly check the security systems of Internet [FN21] by gaining unauthorized access to computers and reporting its progress. [FN22] The program malfunctioned and within a few hours disabled about 6000 computers nationwide. [FN23] With national attention focused on *142 the damage and confusion computer hacking can cause, federal authorities have begun, in the last two years, to launch aggressive, national computer crime sweeps to break up hacking groups and discourage potential hackers before they start. [FN24]
In attempting to enforce laws against computer crime the government is faced with a daunting challenge. It must protect national security and private industry from the hard core computer criminal [FN25] as well as from the occasional trespassing hacker, while maintaining the free flow of information along the net and respecting the privacy rights of the innocent computer user. Considering the fact that computer crimes can be perpetrated in a split second, from anywhere on the planet, usually without leaving a clue that a theft has occurred, the enforcement of computer crime laws is a monumental task.
LAW ENFORCEMENT STRATEGIES
In most cases, authorities first learn of an electronic information theft when the stolen material, often called a "trophy," surfaces on a computer bulletin board or is traded via floppy disks among computer users. [FN26] By this time it is much too late to catch anyone in the act of breaking into the victimized system. Law enforcement officials [FN27] are usually left with only covert means--primarily electronic surveillance--or sweeping search techniques to unearth the criminals.
Once a trophy appears on a bulletin board investigators have several options. Often an undercover agent infiltrates the computer bulletin board and monitors all activity for signs of culpability. [FN28] As another option the Secret Service may simply seize the system operator's computer (which contains stored records of all bulletin board activity), search through the material contained therein, and issue the appropriate warrants. [FN29] In some instances, officers have seized the computers of any person listed on the *143 suspect bulletin board's mailing list. [FN30] Of course, an ordinary telephone wiretap will also allow agents with a modem and computer to monitor a suspect's computer activity. The legality of these enforcement techniques will be discussed later with respect to statutory and Fourth Amendment search and seizure procedures. [FN31]
Although the investigative techniques involving bulletin boards are ineffective in unearthing stolen materials spread solely by physical transfer of data disks, another method exists that is ideally suited to solving these cases. A properly equipped van can drive down a residential street while electronically scanning computer activity in the surrounding houses for signs of stolen programs without ever alerting the subjects to the fact that a search is taking place.
Due to the electromagnetic nature of computer equipment it is possible to monitor computer activity from a location as remote as five hundred feet with specialized electronic surveillance equipment. [FN32] Computers, monitors, keyboards, and printers leak electronic signals in all directions in the form of radio frequency energy. [FN33] A receiver specifically designed for the task can pick up these radio waves and display the captured images on a monitor screen.
At first such spying techniques were very costly and therefore were applied on a limited basis, mainly in the realm of international espionage. [FN34] However, in 1982 Wim van Eck, a Dutch research engineer, published his design of an effective, low-cost "CRT [FN35] microspy" device. [FN36] Other scientists copied and improved van Eck's design, [FN37] placing the ability to remotely scan computer activity within the reach of law enforcement agencies, business organizations, and electronic hobbyists. Experts in the field of computer security have revealed that the FBI contacted them in the late 1980s for help in equipping a CRT surveillance team. [FN38] It therefore seems probable that such microspy technology is available to government investigators.
Computers can be shielded from remote surveillance, but such protection is quite expensive. [FN39] Over twenty years ago the United States government devised a set of standards for computer equipment--known *144 as TEMPEST [FN40]--designed to reduce radio frequency leakage and thus prevent remote eavesdropping. [FN41] TEMPEST equipment is used by the government and some large corporations, but it is generally beyond the means of the small business or private user. A less expensive yet somewhat effective means of protection from invasive scanning is to line the computer room with copper foil. Although espionage agents and hard core computer criminals might go to such lengths to ensure privacy, it seems unlikely that ordinary computer users would take this precaution, making their computer activity vulnerable to microspy scanning. [FN42]
All of these investigative methods invade the privacy of crime suspects as well as innocent bystanders to some degree. In order to determine how invasive the enforcement techniques may be, and what procedure the government must follow in order to conduct these searches and seizures, interested parties must look to the Fourth Amendment of the United States Constitution and the substantial body of court decisions and statutes that have grown up around it.
THE FOURTH AMENDMENT
The makers of our Constitution undertook to secure conditions favorable to the pursuit of happiness.... They conferred, as against the Government, the right to be let alone--the most prehensive of rights and the right most valued by civilized men....
Justice Brandeis [FN43]
The Fourth Amendment to the United States Constitution provides:
The right of the people to be secure in their persons, houses, papers, and effects against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. [FN44]
Beginning in the later half of the nineteenth century and continuing to the present day, the Supreme Court has been called upon to issue a number of rulings exploring and clarifying the Fourth Amendment. [FN45]
In order to protect Fourth Amendment guarantees and to discourage illegal searches and seizures by federal officers, the Court developed the "exclusionary rule" by which improperly obtained evidence can be held inadmissible in court proceedings. [FN46] The exact source of this rule is a continuing subject of contention in constitutional law. In Boyd v. United *145 States, [FN47] and later in the landmark case of Mapp v. Ohio, [FN48] the Court argued that the exclusionary rule was derived directly from the Fourth Amendment. As Justice Brennan wrote " i n those formative decisions, referring to early search and seizure cases the Court plainly understood that the exclusion of illegally obtained evidence was compelled not by judicially fashioned remedial purposes, but rather by a direct constitutional command." [FN49] Other cases, however, such as Wolf v. Colorado [FN50] and United States v. Leon, [FN51] express the opposite view that the exclusionary rule "operates as a 'judicially created remedy designed to safeguard Fourth Amendment rights generally through its deterrent effect, rather than a personal constitutional right of the party aggrieved.' " [FN52] The resolution of this controversy is important because if the exclusionary rule is simply a judicial remedy imposed on law enforcement agencies by the Supreme Court through its "supervisory power" [FN53] it would command much less deference than if the rule were a constitutional imperative. The "judicial remedy" theory is gaining favor with the Court and a string of recent cases has restricted the judiciary's use of its supervisory power [FN54] and increasingly allowed exceptions to the exclusionary rule. [FN55]
Although it can be argued that the seizure of private communications for use as evidence is self-incriminatory, the contents of such communications will not be excluded from court proceedings as violative of the Fifth Amendment [FN56] if Fourth Amendment search and seizure protocols are followed. Despite the fact that in early decisions such as Boyd v. United States [FN57] the Court invoked the Fifth Amendment and argued that information contained in private papers was self-incriminating and hence inadmissible in criminal proceedings, this line of reasoning fell into disfavor. In the recent case of Andresen v. Maryland, [FN58] the Court *146 held that incriminating, personal records, legally seized, could be admitted into evidence without violating the Fifth Amendment. The Court reasoned that "there is no special sanctity in papers ... to render them immune from search" [FN59] and the "seizure of ... materials by law enforcement officers ... does not require the individual to aid in the discovery, production or authentication of incriminating evidence." [FN60]
The nature of "probable cause" for the issuance of warrants has, historically, been one of the more litigated aspects of the Fourth Amendment. Probable cause was defined in Brinegar v. United States [FN61] as " 'the facts and circumstances within the officers' knowledge and of which they had reasonably trustworthy information ... sufficient in themselves to warrant a man of reasonable caution in the belief that' an offense has been or is being committed." [FN62] In Camara v. Municipal Court, [FN63] the Court balanced the government interest in conducting a search against the degree of intrusion upon the private citizen's rights. [FN64] Not all courts have been willing to go along with this balancing test, but it is generally agreed that the probable cause test must be an objective one, based on facts and not on mere conclusions or opinions. [FN65] Of course, since the ruling in Leon, evaluating the adequacy of probable cause for the issuance of a warrant has become less important. Under Leon, evidence obtained with a facially adequate warrant that later turned out to have been issued upon insufficient probable cause, is still admissible in court as long as the investigating officers had an objective good faith belief that the warrant was valid. [FN66]
The advent of electronic surveillance techniques has posed a difficult challenge to the Fourth Amendment and the courts. In Olmstead v. United States [FN67] the Court, favoring a very literal interpretation of the Fourth Amendment, ruled that no warrant was necessary in order for federal agents to tap a telephone wire. The majority reasoned that the Fourth Amendment designated specific protected areas--namely persons, houses, papers and effects--and telephone lines were not among these zones of privacy. [FN68] Olmstead is best remembered now for the insightful dissents of Justices Holmes and Brandeis. [FN69] Justice Brandeis argued strongly that every citizen has an indefeasible right to personal privacy, recognized by the Founding Fathers and guaranteed by the Fourth Amendment and that wiretapping was a violation of that privacy. [FN70]
*147 Other courts obviously agreed with Brandeis' viewpoint because the restrictive reading of the Fourth Amendment applied by the Olmstead majority was gradually eroded over time. [FN71] In 1967 Katz v. United States [FN72] formally overruled Olmstead. The majority in Katz found that emphasis on the nature of a particular targeted area deflected attention from the real issue of Fourth Amendment infringement. [FN73] Justice Stewart wrote
For the Fourth Amendment protects people, not places. What a person knowingly exposes to the public, even in his own home or office, is not a subject of Fourth Amendment protection.... But what he seeks to preserve as private, even in an area accessible to the public, may be constitutionally protected. [FN74]
Scholars have debated the best way to apply the Katz expectation standard. The test cannot be a purely subjective expectation of privacy, since the government could nullify the Constitution merely by announcing that an activity is no longer afforded Fourth Amendment protection and thereafter no one could reasonably expect that activity to be private. [FN75] Furthermore, the test cannot be purely an objective expectation of privacy since some very low probability events occasionally occur which lead to a legitimate arrest. [FN76] One of the most reasonable interpretations of the Katz test is to apply a balancing evaluation between the utility of the law enforcement procedure and the diminution of the citizens' privacy and freedom. [FN77]
CONGRESSIONAL REGULATION OF ELECTRONIC SURVEILLANCE
These are not the areas we learned in law school, and we're trying to search out the best ways to deal with it....
Senator Patrick Leahy [FN78]
Shortly after the Katz decision, the United States Congress passed comprehensive legislation on the subject of wiretapping and electronic surveillance. This legislation comprised Title III of the Omnibus Crime *148 Control and Safe Streets Act of 1968 [FN79] and addressed both wire [FN80] and oral [FN81] communications.
Title III defined instances in which government authorities needed a court order to conduct a surveillance [FN82] and the procedures by which a valid warrant could be issued. [FN83] Wiretapping or electronic eavesdropping were only allowed when investigating certain enumerated federal crimes. [FN84] Although Title III specifically required a showing of probable cause before a warrant could be issued, [FN85] it did not define what probable cause standard to apply. There is some dicta in Supreme Court decisions [FN86] to suggest that the probable cause needed to conduct a Title III surveillance is greater than that needed for an ordinary search, but no court has yet ruled that this is the case. [FN87] Congress statutorily incorporated the exclusionary rule into Title III by making illegally obtained evidence inadmissible in front of any federal or state authority. [FN88] Because Title III prohibited the interception, defined as aural acquisition of the contents of wire communications, a door was left open for the use of pen registers [FN89] and other non-verbal means of recording target information. [FN90] For the most part, however, Title III worked well at first to protect the privacy interests of individuals yet still permit electronic surveillance to be used as a tool of law enforcement.
Title III was a step forward from its predecessor, section 605 of the Federal Communications Act of 1934, [FN91] but its rigid, definitional approach soon left the statute antiquated in the wake of advancing technology. In the years following Title III enactment, methods of non-voice communications proliferated. Business and individuals began using electronic mail operations, cellular and cordless [FN92] telephones, fax machines, video teleconferencing, paging devices, and large arrays of digitized *149 information networks. [FN93] "Communications between two persons were subject to widely disparate legal treatment depending on whether the message was carried by regular mail, electronic mail, an analog phone line, a cellular phone, or some other form of electronic communication system." [FN94]
To remedy these deficiencies, Congress passed the Electronic Communications Privacy Act (ECPA) in 1986 with the support of the business community, civil libertarians, and the United States Justice Department. [FN95] The ECPA amended the provisions of Title III to include "electronic communications" [FN96] as a protected form of communications. Instead of the approach used in Title III that protected only the specifically described actions and devices, the ECPA took a broader tack and specifically listed those devices that were not to be included under its protections. As gleaned from the legislative history and evidenced by 18 U.S.C. § 2510(12), an electronic communication is an electrical transfer of information that is not carried by sound waves and cannot be characterized as containing the human voice. [FN97] An electronic communication is entitled to ECPA protection unless it is specifically excluded. [FN98] This definition of electronic communication is flexible and thus fairly likely to keep pace with advancing technology.
The ECPA made several important modifications to Title III. A wire communication was recharacterized as an "aural transfer" and the definition was changed to no longer require a common carrier for transmission, to allow for the use of switching stations, and to specifically exclude the radio portion of a cordless telephone communication. [FN99] The definition of "intercept" was expanded to include aural or "other acquisition" of a communication through the use of a "device." [FN100] The requirement that a warrant specify the facility or site of the anticipated communication was amended to read that the order need not designate a target site if specificity is not practical. [FN101] This opened the way for law enforcement agents to conduct roving surveillances of target suspects. [FN102]
*150 In some ways the protection afforded electronic communications is less encompassing than the protection given wire and oral communications. Criminal investigations involving electronic communications that are eligible to obtain warrants are not restricted to a list of enumerated felonies, as are operations involving wire and oral communications. A warrant for surveillance of electronic communications can be issued for the investigation of any federal felony. [FN103] Also, the exclusionary rule provision of 18 U.S.C. § 2515 was never modified to include electronic communications. [FN104] The ECPA states that " t he remedies and sanctions described in this chapter with respect to the interception of electronic communications are the only judicial remedies and sanctions for nonconstitutional violations of this chapter involving such communications." [FN105] Representative Robert Kastenmeier, the bill's sponsor, suggests that this provision protects radio amateurs who accidentally intercept electronic communications or private citizens who illegally (but without intent to invade the privacy of another) obtain TV satellite communications by limiting the designated penalty to a minor fine for the first offense. [FN106] However, the language of sections 2515 and 2518(10)(c) taken together seems to have the effect of abolishing the exclusionary rule and allowing improperly obtained electronic communications to be introduced as evidence in criminal proceedings. No court has yet been presented with this problem and curiously, the United States Attorney's Manual [FN107] does not differentiate between oral, wire and electronic communications when stating that evidence obtained by unlawful electronic surveillance will be excluded from criminal trials. [FN108] As a result of the conflicting legislative history, statutory language and law enforcement directives, the exact legal treatment of improperly obtained electronic communications is unclear.
Whether Congress has the authority to exempt electronic communications from the exclusionary rule, if it were their intent to do so, raises interesting constitutional questions. Because the protection afforded these communications by the ECPA is statutory in nature, it remains to be determined if electronic communications do, in fact, fall under the auspices of the Fourth Amendment. If they are not constitutionally protected communications, then Congress, having given them more protection than the Constitution requires, would be free to exempt them from the exclusionary rule. Assuming, however, that electronic communications are constitutionally protected (which seems a likely result of a Katz expectation analysis), [FN109] then the next issue to be raised concerns the nature of the exclusionary rule itself. If the exclusionary rule is a constitutional right flowing directly from the Fourth Amendment, [FN110] then *151 it is unlikely that Congress could properly exempt electronic communications from it. To do so would be to order the courts to adopt an unconstitutional rule of decision, a course of action struck down as an illegal restriction of judicial power in United States v. Klein. [FN111] If, however, the exclusionary rule is merely a judicial remedy imposed by the courts to deter undesirable conduct, [FN112] then by restricting the scope of the rule Congress would not be meddling with the judiciary's power to interpret the Constitution. Since the recent trend of Supreme Court cases has been to restrict the judiciary's supervisory power [FN113] and afford less deference to the exclusionary rule, [FN114] it seems that if the question of a congressional limitation on the scope of the exclusionary rule were to come before the Court in the near future such legislation would probably be allowed to stand.
It seems the exact legal status conferred to electronic communications by sections 2510 through 2520 of the ECPA is still a little vague. Nevertheless, given the fact that electronic communications can only be searched with a legally valid warrant, [FN115] the procedure for obtaining such a warrant [FN116] and the remedies for violations of these code sections [FN117] are quite straight-forward. What is not clear is whether evidence obtained in violation of the ECPA will be excluded from criminal prosecutions.
The ECPA benefits computer users by recognizing and protecting electronic communications storage [FN118] such as what occurs when a computer service saves or backs up messages on a bulletin board. Without the express provision stating that the government must have a warrant to access the contents of communications in electronic storage, [FN119] these communications would probably be available to the government without a warrant. [FN120] In United States v. Miller, [FN121] information kept by third parties was not given Fourth Amendment protection since the records *152 were out of the possession of the originator, there was no legitimate expectation of privacy concerning the information, and the originator assumed the risk that the records might be conveyed to the government. [FN122] This reasoning was upheld in Securities and Exchange Commission v. O'Brien [FN123] where the court concluded that "when a person communicates information to a third party even on the understanding that the communication is confidential, he cannot object if the third party conveys that information or records thereof to law enforcement authorities." [FN124] Since the same arguments could be made about information stored in a computer service's bulletin board files, without the express statutory protection provided by the ECPA, these records probably could be accessed without a warrant. Because the contents of computer bulletin boards are probably not afforded constitutional protection, Congress' failure to include electronic storage systems under the exclusionary rule section of the ECPA will most likely allow evidence obtained in violation of section 2703 to be introduced in criminal proceedings. Stored electronic communications are also admissible in court if an employee of an electronic storage service inadvertently obtains the contents of a stored communication apparently pertaining to the commission of a crime and divulges the contents of that communication to the government. [FN125]
OPERATION SUN DEVIL
The law had come to cyberspace....
John Perry Barlow [FN126][
Federal law enforcement officials, aware of the potential damage a malicious hacker could cause and responding to corporate complaints of extensive credit card and telephone toll fraud [FN127] as well as rising public concern about computer crime, [FN128] initiated several nation-wide computer fraud investigations in the late 1980s. Some of these investigations culminated in 1990 with well publicized searches, equipment seizures, and arrests.
The largest dragnet was "Operation Sun Devil," a two year investigation conducted by the U.S. Secret Service in cooperation with the U.S. Attorney's Office in Phoenix, Arizona. [FN129] On May 8, 1990 Secret *153 Service agents served twenty-eight search warrants in fourteen cities, [FN130] shutting down several on-line bulletin boards, and seizing forty computers and approximately twenty-three thousand computer disks. [FN131]
The subject of this investigation was the "Legion of Doom"--a loose association of hackers with such intriguing aliases as Phiber Optik, Acid Phreak, Knight Lightning, The Mentor, The Prophet, and Terminus. [FN132] The Legion was suspected of gaining unauthorized access to AT & T computers, electronically transmitting stolen files, and conspiring to gain access to secured systems. There is some confusion in the press as to how many people have actually been charged in connection with Operation Sun Devil (the number ranges from two to seven) and it seems that little of the confiscated equipment has been returned to its owners. [FN133] In some instances the amount of equipment seized was quite voluminous [FN134] and in others a large number of peripheral items were taken in addition to the computer equipment. [FN135]
National press generated by Operation Sun Devil alarmingly announced that the hackers were planning and had the potential to shut down 911 emergency telephone service in nine states. [FN136] This allegation, however, is not supported by the facts. In December 1988 an Atlanta area Legion of Doom member, Robert Riggs--a.k.a. The Prophet--cracked a Bell South computer with information provided by two AT & T employees and downloaded a document entitled "A Bell South Standard Practice (BSP) 660-225-104SV Control Office Administration of Enhanced 911 Services for Special Services and Major Account Centers, March 1988." [FN137] Riggs then posted his trophy on a UNIX bulletin board in Illinois called Jolnet. [FN138] The Bell document was downloaded from Jolnet by a twenty year old University of Missouri student named Craig Neidorf--a.k.a. Knight Lightning. [FN139] Neidorf published an electronic magazine [FN140] called Phrack which some say both encouraged hackers to break into private systems and provided hackers with information useful in accessing systems and *154 gaining free use of telephone lines. [FN141] Neidorf edited and retyped the Bell document and disseminated this altered version in the next issue of Phrack. [FN142] Meanwhile, the Jolnet system operator noticed the Bell document, thought it was suspicious, and forwarded a copy to AT & T who immediately alerted federal authorities. [FN143]
So began a two year investigation of Neidorf and the Legion of Doom. The Atlanta hackers were arrested on February 7, 1990. [FN144] Neidorf was arrested on February 15, 1990. [FN145] Phrack was seized along with Neidorf's equipment and records--including Phrack's subscriber list. [FN146] Neidorf was indicted for interstate wire fraud (in violation of 18 U.S.C. § 1343) and interstate transportation of stolen property (in violation of 18 U.S.C. § 2314). [FN147] At his trial, AT & T placed a value of $79,000 on the stolen document. An expert witness, obtained by Neidorf, was prepared to testify that the Bell document contained no access codes, was not proprietary, and was available to the public from another Bell system for $13.50. [FN148] When the government became aware of this information through defense's cross-examination of government witnesses, it moved to dismiss the charges on the fourth day of the trial, [FN149] leaving Neidorf with his system in shambles and with over $100,000 in legal bills. [FN150]
The Legion of Doom investigation, however, did not stop with Craig Neidorf. One subscriber of Phrack who had apparently received a copy of the Bell document was a former hacker named Loyd Blankenship--a.k.a. The Mentor--who lived in Austin, Texas. [FN151] On March 1, 1990, the Secret Service, under sealed warrant, searched Blankenship's home and workplace and seized, at both locations, all computer equipment, software, and documentation relating to computers. [FN152] Blankenship worked as an author for Steve Jackson Games, a small company that published adventure games and operated a computer bulletin board for adventure gamers. Due to the government seizures, Steve Jackson, who was not a *155 suspect in the investigation, lost three computers, two laser printers, several hard disks, all of the company software and most of the company business records. [FN153] Contained on some of the hard disks was the only copy of Jackson's soon to be published new product "GURPS Cyberpunk," a non-computerized science fiction role playing game. With his equipment gone, Jackson was forced to lay off employees and curtail business operations. [FN154] Charges have never been filed against either Blankenship or Jackson. [FN155]
Even though the government investigations of Neidorf and Steve Jackson Games were not successful, [FN156] Operation Sun Devil has resulted in several criminal indictments and convictions. In addition to the three Atlanta hackers, another alleged Legion member, Leonard Rose--a.k.a. Terminus--has pleaded guilty to wire fraud in United States District Court for the District of Maryland. [FN157] Rose's computer disks, originally seized in connection with the stolen Bell South document, yielded evidence that Rose had modified an AT & T UNIX software program in a way that would have allowed hackers to gain access to systems using the program and gather secure passwords. [FN158] In Arizona, authorities arrested Baron Majette--a.k.a. Doc Savage--who allegedly gained access to TRW's credit database, used information contained therein to obtain Citibank credit cards issued to assumed names at false addresses, and made purchases in excess of $50,000 on those cards. [FN159] According to Dale Bole, deputy director of the Secret Service's fraud division, several similar cases will be filed in the near future. [FN160]
LEGALITY OF ENFORCEMENT PROCEDURES
The Fourth Amendment demands that we temper our efforts to apprehend criminals with a concern for the impact on our fundamental liberties of the methods we use....
Justice William Brennan [FN161][
*156 There is no question that credit card scams are serious crimes that require prompt attention from law enforcement agencies. However, when a crime sweep catches and injures innocent people in the net along with the criminals, enforcement procedures should be reviewed to be sure they are in compliance with statutory and Constitutional safeguards. For example, suppose Loyd Blankenship had not been a game designer but had been a law student with continued access to the law library's computer terminals and modems. Could an investigator have obtained a warrant authorizing the seizure of all the law school's computers? If so, how can a law school protect itself and its equipment and still allow all students free access to computers? How can any computer owning employer protect its equipment from government seizure resulting from the private activities of one employee? In order to answer these questions, the specific law enforcement procedures used by the Secret Service in Operation Sun Devil and their compliance with the ECPA and the constraints of the Fourth Amendment will be examined.
The investigation was initiated by a third party (the Jolnet system operator) alerting officials to a suspect communication on an electronic storage service. This seems to be exactly the eventuality anticipated and permitted by the ECPA in section 2702(b). [FN162] Once notified of the stolen communication, authorities with a warrant searched the contents of the bulletin board for activity involving the Bell South document. This search led officers to Riggs, who posted the document, and to Neidorf, who downloaded the document. From this information it seems there was probable cause, as defined in Brinegar, [FN163] to make Riggs and possibly Neidorf the targets of further investigation.
Problems arose from the extent of the surveillance conducted on Neidorf and the use of information contained in his computer records. In the course of the investigation officials learned of Neidorf's involvement with Phrack and of that publication's advocacy of hacking activities. [FN164] When Neidorf's system was seized [FN165] under a valid warrant, both the contents of the bulletin board he operated as well as the distribution list for Phrack were accessed. If the investigators specify with particularity that they are looking for a communication, investigators have the right under a warrant to obtain "an electronic communication" kept in electronic storage. [FN166] There is a question, however, as to which electronic communications the warrant allows access, and how specifically the communications must be described. It seems that Neidorf's communications as well as any activity pertaining to the Bell South document would be reasonable targets for a search; however, a bulletin board, being an *157 electronic mailbox containing public and private messages from all of its members, contains many other innocent communications. Just as reliable information that a letter containing specific drug-crime evidence is in a specific post office on a specific date does not give the government authority to open all the letters in the post office on that day, Neidorf's involvement with the bulletin board should not have allowed government officials to read mail from other users not involved in the investigation. Any person charged solely on evidence derived from a seized bulletin board, when he was neither a subject of the investigation nor an accessor of the subject documents, could challenge the evidence introduced in court as violative of section 2703 of the ECPA. [FN167] Using the postal service analogy, the aggrieved bulletin board user could seek the constitutional protection for electronic storage systems that was denied to other third party repositories under Miller [FN168] and O'Brien. [FN169] Even if he succeeds with this argument, however, the evidence could still be introduced in court unless the aggrieved party could also show that Congress' exemption of electronic storage facilities from the exclusionary rule is an unconstitutional usurpation of judicial power. [FN170] Winning on both of these counts appears very unlikely and hence the bulletin board user's remedy would probably be limited to the civil damages provided by section 2520 of the ECPA. [FN171]
Another issue arising from the seizure of Neidorf's records is the use of the Phrack distribution register containing a list of suspects for further investigation. The searches and seizures of May 8, 1990, were aimed at people whose names appeared as Phrack subscribers and who received the issue of Phrack containing Neidorf's edited version of the stolen Bell South document. In the absence of other evidence, being on a mailing list and receiving (perhaps unsolicited) stolen property [FN172] is questionable probable cause [FN173] for the issuance of a search warrant. The status of the Phrack subscribers lends itself to the innocent bystander rule, first elaborated in United States v. DiRe. [FN174] The Court in DiRe held that the mere presence of a person at the scene of a crime, without any other evidence against him, is not sufficient probable cause to justify a warrantless *158 arrest and a search. [FN175] However, since the Supreme Court has expressed a preference for the warrant process and the judgment of a neutral magistrate, [FN176] there is a subtle difference in the probable cause required to conduct a warrantless search and the probable cause required to obtain a warrant. Given that the government was highly interested in stopping computer crime, [FN177] a federal judge may have reasonably believed that receiving the stolen document--allegedly valued at $79,000--was sufficient probable cause to issue a warrant. At any rate, the probable cause was adequate for law enforcement officers to have an objective belief that the issued warrants were valid and hence, any motion to suppress evidence obtained against Phrack subscribers due to insufficiency of the warrants would be denied under the good faith exception of Leon. [FN178]
Perhaps the most troubling aspect of Operation Sun Devil is the scope of the seizures involved. Agents confiscated all computers, computer peripherals, [FN179] and data disks as well as many other electronic devices to which suspects had access. Critics claim the removal of computer equipment from the sites was not necessary since the sought after evidence could have been obtained by simply downloading the computer memory onto data disks. [FN180]
Law enforcement officials justify the seizure of the computers themselves by pointing out that it is possible to "spring-load" a computer in such a way as to delete sensitive documents at the press of a key. [FN181] Without an expert examining the system, any officer trying to copy the hard drive [FN182] contents of a booby trapped machine could irrevocably destroy the contents of the disk. Nonetheless, professionals knowledgeable in the field such as Judge William McMahon, Chairman of the American Bar Association's Modern Technology and Courts Committee and Mitch Kapor, designer of the Lotus 1-2-3 program, agree that spring loading rarely happens. [FN183] Hackers value the contents of their data disks too much to risk accidentally triggering the destruction program and crashing their systems.
One reason for the breadth of the seizures is that there are many places a skilled computer user can hide data. For example, "data can be written to blocks on a disk marked as 'bad' and added between software- *159 defined disk partitions." [FN184] Information can also be stored offline on other media, such as cassette tapes or answering machine tapes and kept away from the computer itself. [FN185] "The data may even be stored in nonvolatile memory of peripheral devices, such as laser printers and autodialers." [FN186] Because computer data is so easily destroyed, all repositories must be taken at once--the evidence will not be there for a second search. Still, a skilled technician should be able to investigate these possibilities on site without removing the equipment from the home or office. This points to the real crux of the problem--most federal agents do not yet possess the specialized expertise necessary to perform such a task. As one critic phrased it, " t his is all pretty magical stuff to them government agents . If I were trying to terminate the operations of a witch coven, I'd probably seize everything in sight. How would I tell the ordinary household brooms from the getaway vehicles?" [FN187] With national concern over computer crime rising, it is hoped specialized computer training will become available soon to most field agents in methods of downloading computer disks on site as well as checking peripheral devices for hidden information which, in turn, will alleviate some of the current broad sweeping search and seizure problems.
DUE PROCESS OF LAW
Procedural fairness and regularity are of the indispensable essence of liberty....
Justice Jackson [FN188][
The Fifth Amendment to the United States Constitution guarantees that "no person shall ... be deprived of life, liberty, or property, without due process of law." [FN189] The federal government is constrained by this amendment to provide procedural fairness--that is, the government must ensure that the decisional means by which laws are enforced are reasonable and evenly applied. [FN190]
The first step in procedural due process analysis is to ascertain if a deprivation of life, liberty, or property has occurred. Obviously, computers are chattel--property in the strictest sense of the term. In United States v. Place [FN191] the Court ruled that the seizure of personal effects is tantamount to seizure of the person, and hence an infringement of the individual's liberty interests. Also, since "liberty" can be defined as "the exercise of *160 fundamental constitutional rights" [FN192] the use of computers as publishing tools and communications devices invokes the First Amendment guarantee of freedom of the press and of speech and represents a significant liberty interest. A deprivation occurs when computers are seized by federal agents and continues for the period after the date of seizure while the government holds the equipment pending further investigation.
The key issue in this case is whether the process that is afforded-- the warrant issuance process--is adequate to justify the deprivation. To determine what procedures are required when a government action deprives an individual of a liberty or property interest courts employ the balancing test first delineated in Mathews v. Eldridge. [FN193] Three factors to be considered under Mathews are
First, the private interest that will be affected by the official action; second, the risk of an erroneous deprivation of such interest through the procedures used, and the probable value, if any, of additional or substitute procedural safeguards; and finally, the Government's interest, including the function involved and the fiscal and administrative burdens that the additional or substitute procedural requisites would entail. [FN194]
The private property and liberty interests affected by the seizure of computer equipment are significant. Computers are unique instrumentalities. No other single, physical possession--not even an automobile--represents such a versatile range of uses. One computer and its peripherals can represent all of the following: (1) a means of livelihood (several of the computers seized in Operation Sun Devil represented the sole source of income to the suspect family); [FN195] (2) a printing press used in the publication and distribution of printed material; [FN196] (3) a communications device that allows people to interact with others over vast distances; [FN197] (4) a medium to transact business and procure supplies necessary to the maintenance of daily life; [FN198] (5) a means of access to news, information and knowledge comparable to that found in a public library; [FN199] and (6) an educational tool vitally important to the development of gifted young people. In fact, this is only a partial list. The uses of a computer are limited only by the imagination of its operator.
*161 The second prong of the Mathews test concerns the risk of erroneous deprivations and the value of added safeguards in reducing that risk. [FN200] The fact that erroneous deprivations occur is clear from the events of Operation Sun Devil. [FN201] In over forty computer seizures, only a handful of indictments have been issued and of those, only a few convictions have resulted. In fact, the investigation of computer crime is so difficult and the proof so elusive, the whole process of computer crime enforcement lends itself to erroneous seizures. [FN202] They seem almost inevitable in any large dragnet operation. The current process of obtaining a warrant is, by necessity, the only pre-deprivation procedure available to subjects of investigation. This is the case because alerting a suspect that his system is about to be seized will doubtlessly ensure the destruction of any incriminating evidence contained in his computer. It seems reasonable, however, for some type of post-deprivation process to be made available to individuals, especially in cases where the seized equipment will be interned for long periods of time.
A post-deprivation hearing in which the suspect is informed of the probable cause that evoked the warrant, and allowed legal counsel if desired, could be the difference between an erroneous deprivation being inconvenient and being permanent. This would have been useful in Operation Sun Devil where the facts, such as the nature and the value of the stolen document, have changed so that probable cause that was sufficient to obtain a warrant in May 1990 may no longer be adequate to justify continued impounding of an individual's equipment. The only remedy a person currently has is to either file a private lawsuit to force disclosure of the contents of the warrant and the progress of the investigation, [FN203] or to wait for an indictment in order to move for suppression of the evidence.
The government interests involved in the enforcement of computer crime are quite important. Not only must the government guard national security information from international espionage and terrorists, but it must keep economic transactions safe by protecting banking and commerce from computer fraud, and help private companies secure their property against computer raiders. The magnitude of these interests is such that the search warrant procedure, even though it satisfies only one of the elements usually attributed to a fair hearing (that of a neutral decision maker), [FN204] is deemed adequate to justify the deprivation of a computer user's equipment. The costs to the government, however, in providing a *162 post-deprivation hearing would not be prohibitive. While any court presentation is expensive in terms of preparation time, the government might actually gain some benefits from the effort. The requirement to make a post-deprivation showing of probable cause to impound the seized equipment would not only provide investigators with a fixed time frame in which to work, but also the periodic review of the investigation's status would be useful in organizing and directing further efforts.
The government has other important interests at stake here such as maintaining the trust of computer-using citizens and preventing future computer crimes. As a result of the large computer crime sweeps, many hackers feel the government has singled them out for persecution. [FN205] They view the seizures not as evidence gathering measures but as punishment--"data death"-- summarily meted out by the Secret Service. Interestingly, several officials involved in Operation Sun Devil admit that the seizures are meant to have a deterrent effect. [FN206] " O f course, computers and computer media are going to be seized and kept as long as possible when the hacker-owners publicly claim they are going to bring down our telephone systems in retaliation for indictment," says a senior management consultant from a computer security firm. [FN207] Unfortunately, this sort of rhetoric leads only to an escalation of crime, not its prevention. As with other restraints on adolescent behavior that challenges authority, [FN208] the threat of harsh punishment and the status it confers within the peer group might actually make the act of system cracking more enticing. With hackers no longer trusting the Fifth Amendment guarantee that no punishment will ensue without fair process, break-ins may turn increasingly vicious and untraceable. Simply put, many of today's hackers are going to be tomorrow's leaders and scholars. Perhaps the best strategy for crime prevention is to clearly demonstrate that the justice system is fair and responsive.
The Mathews analysis indicates that the individual liberty interests involved in computer seizures are significant. The risk of erroneous deprivation in a computer dragnet operation is great but could be reduced by a careful post-deprivation review of the need to impound the seized equipment; and while the government interest in combating computer crime is important, it would not be compromised by providing an additional post-deprivation process. Since the federal government is required by the Fifth Amendment to provide procedural fairness to its citizens, and the Mathews test indicates that providing a post-deprivation hearing would come closer to achieving that end than the process presently employed, *163 the government should be required to institute such a post-seizure process in the future.
THE FUTURE OF COMPUTER PRIVACY RIGHTS
Ways may some day be developed by which the Government, without removing papers from secret drawers, can reproduce them in court, and by which it will be enabled to expose to a jury the most intimate occurrences of the home....
Justice Louis Brandeis [FN209][
As a result of technological advances, Justice Brandeis' prescient warning has become reality. The methods of crime investigation available today, while far advanced from those used in the Olmstead era, will doubtlessly be superceded by even more clever and invasive techniques in the near future. [FN210]
The remote scanning of private computer activity using CRT microspy devices, as discussed previously, [FN211] is just now surfacing as an electronic surveillance technique. The government, in an effort to conduct such scans without warrants, could analogize between computer monitors and cordless telephone receivers. [FN212]
Courts have considered two factors important in denying Fourth Amendment protections to the users of cordless telephones. The first is that the telephones broadcast radio signals from the receiver in all directions, thus making conversations open to the public. One court imaginatively described the emanations from cordless telephone as "analogous to a stone dropped into a pool of water, which results in the transmission of equal waves of energy in all directions, which will lap against any obstacle in the path of the emanating and ever enlarging concentric circles until the wave energy transmitted is totally diminished." [FN213] The second fact of significance is that the FCC has ordered that cordless telephone base units bear the legend "privacy of communications may not be ensured when using this phone," [FN214] so the court reasoned no one using the phone can reasonably expect privacy.
*164 Both of these facts are equally true of computers. Computers and their peripherals broadcast radio signals in all directions, just like waves emanating from a stone dropped in water. Also, computer monitors bear an FCC warning alerting users to the fact that they are unintentional radiators. The following statement can be found on the back of most computer monitors: "Certified to comply with the limits for a Class B computing device pursuant to subpart J of Part 15 of FCC Rules." This notice informs users that a computer monitor is a Class B device which means it "generates, uses, and can radiate radio frequency energy." [FN215] If the rationale applied to cordless phones is used for monitors, then computer users should have no reasonable expectation of privacy and remote scans could be conducted without a warrant.
There are, however, important differences between the two devices. Cordless telephones are a type of oral communications because they are designed to carry the human voice and are therefore judged according to the Katz expectation of privacy test. They are also specifically enumerated as not being protected under the ECPA. Computer monitors are electronic communicators because, at least at this time, [FN216] they do not carry information transferred by either sound waves or the human voice. [FN217] And since computer monitors are not specifically excluded from protection by the ECPA, they therefore fall under the auspices of that statute. Law enforcement officers wishing to conduct such an electronic surveillance would need to obtain a search warrant. Because the protection is statutorily conferred, however, computer users' privacy rights are precarious and are subject to change at the whim of Congress.
In fact, the challenge posed to privacy rights by remote scanning is relatively easy to solve. Many advances loom on the horizon whose treatments are even more enigmatic. Science is making tremendous strides in the fields of materials science, biophysics and genetic engineering. Would the provisions of the ECPA pertain to machines that are "grown" and not "built"? What about machines that are actually alive? Could investigators obtain a warrant to monitor devices implanted and incorporated into human beings, such as medical scanners, radio pagers, or memory assisted calculators, considering that courts in the past have been reluctant to issue warrants in cases involving bodily intrusion? [FN218]
These speculations point out some of the shortcomings of a definitional approach to privacy rights, no matter how broadly crafted. Advances in science produce ambiguities in the law. [FN219] People who dislike uncertainty *165 and who crave order and predictability have a tendency to define away ambiguities. [FN220] Such efforts have led to the ECPA. Although this legislation is well written and presently effective, Congress will inevitably be barraged with technological products and techniques to which they will have to either afford protection, by definition, or deny protection, by enumeration. The practice of allowing the legislature to statutorily allocate privacy rights is riddled with uncertainties of its own, and does not seem to be in keeping with the intent of the drafters of our Constitution. Perhaps the solution will lie in rephrasing the words of Justice Stewart: "the Fourth Amendment protects people, not places" [FN221] or things. A person has a constitutionally guaranteed interest in privacy regardless of where he is or what instrumentality he is using. Exploring the limits of the expectation of privacy by balancing subjective tests with objective tests will be more ambiguous than a definitional approach, but in the long run might also be more fair.
CONCLUSION
Computer hackers and law enforcement officials are presently engaged in a high stakes game of tug of war. At one end of the rope is virtual electronic anarchy with the proliferation of computer crime and resultant loss in personal property, and at the other is the curtailment of personal freedom of speech, association and privacy with mandatory forfeiture of personal property for non- compliance. The only rational ground, of course, is somewhere in the middle. Several proposals have surfaced in the wake of the recent computer crime sweeps that may aid the government in its task of enforcing computer laws and preventing future crimes and yet protect the rights of individual computer users.
They are:
1. The government should establish a national educational computer network. The computer systems currently available to students at their high schools are not adequate to meet their needs. Many adolescent hackers break into sophisticated systems to learn how they work and continue to access them to explore and utilize the computing capabilities. [FN222] A state of the art supercomputer would challenge young computer users, divert their energies to positive ends, and have as a spinoff the education of some first rate computer scientists as well. Access to this computer should be available to any qualified student through local phone lines so that no one will be forced to toll the calls. Although it would be expensive, [FN223] much of the cost could be picked up by private industry *166 since the project would reduce their losses due to computer crime and produce a well trained pool of experts from which to draw in the future.
2. The government should encourage private industry and computer security firms to make more use of sophisticated protection technology such as encryption devices and programs. [FN224] Unfortunately the government presently seems to be headed in the opposite direction. [FN225] A provision of a senate bill [FN226] introduced by democrats and incorporated into the Bush Administration Anti-crime Bill [FN227] states "it is the sense of Congress that providers of electronic communications services and manufacturers of electronic communications service equipment shall ensure that communications systems permit the government to obtain the plain text contents of voice, data, and other communications when appropriately authorized by law." [FN228] The impact of this law on international terrorism will be marginal since encryption equipment can be purchased from non-United States suppliers, or be home-made. Banning encryption will make it easier for the government to monitor private domestic systems, but it will also make it easier for hackers to break in to these systems. It seems more reasonable to promote encryption in order to decrease computer crime and obviate the need for government surveillance in the first place.
3. Law enforcement officers involved in computer crime investigations need additional training in computer science. A spokesman for the Secret Service, pointing out that the service has been investigating computer crime since 1984, denies the allegation that officers are inadequately trained and claims that the main problem affecting his agency is a lack of manpower. [FN229] If additional agents were assigned to the computer task force and trained in methods of searching computer disks and peripherals on site and downloading all information contained in the target systems, then the broad seizures currently employed would no longer be necessary. If it were not economically feasible to properly train as many officers as are needed to participate in simultaneous, multi-state computer dragnets then field agents could be instructed on how to secure a computer site until a specially trained expert arrives.
4. The guidelines pertaining to the seizure of computer equipment used by law enforcement and the courts need to be revised. Current *167 guidelines, developed by the National Institute of Justice based on a worst case scenario, call for the seizure of all equipment. [FN230] The ABA's Modern Technology and Courts Committee section of special court judges' conference is considering proposing a revision to these guidelines. [FN231] Judges should be aware of the First Amendment implication of computer seizures as well as the technical aspects of computer searches. Also judges should be especially diligent in determining that sufficient probable cause exists for a warrant to issue since electronic communications may be exempt from the exclusionary rule and hence any warrant later found to be legally insufficient could still yield evidence admissible in criminal proceedings. For these reasons computer users' privacy rights would be greatly enhanced by more selectivity and care in the issuance of warrants and the seizure of equipment.
5. A post-deprivation hearing should be made available to individuals whose equipment has been seized. The Due Process Clause of the Fifth Amendment guarantees all citizens procedural fairness and an analysis of computer seizures under the Mathews test [FN232] indicates that a post-seizure process should be afforded owners of confiscated equipment. This hearing will help reduce the risk of erroneous deprivation and will minimize the time seized computers can be impounded.
Operation Sun Devil has been an important learning experience for hackers and federal agents alike. The revisions to current policies suggested above would go a long way toward the goals of apprehending hardened computer criminals, deterring and redirecting straying hackers, and allowing free and private access to the paths of cyberspace to the growing number of computer users in this country.
Our Constitution guarantees all citizens the right to be secure in their persons and effects against unreasonable searches and seizures. It also provides that individuals will be accorded due process of law before punishment ensues. These concepts have survived two hundred years of changing technology and social conditions. The challenges posed by the proliferation of computer technology cannot change the ideas behind these guarantees. Cyberspace, after all, is the medium of ideas--the ideal place for the Constitution to prosper and grow.
[FNa]. J.D. Candidate, 1993, University of Missouri-Kansas City School of Law; M.A. in Chemistry, University of Oregon, 1979; B.S. in Earth & Planetary Sciences, Massachusetts Institute of Technology, 1976.
[FN1]. See WILLIAM GIBSON, NEUROMANCER (1984).
[FN2]. John D. Barlow, Crime and Puzzlement: In Advance of the Law on the Electronic Frontier, WHOLE EARTH REV., Fall 1990, at 45.
[FN3]. Prodigy, the largest and most commercial computer service, is offering T-shirts for sale proclaiming 1,000,000 subscribers. See generally Garfinkel, Computer Network Users Attempt a Mutiny, CHRISTIAN SCI. MONITOR, Dec. 5, 1990, at 12 (description of the Prodigy network).
[FN4]. Gladys D. Ganley, Power to the People via Personal Electronic Media, 14 WASH.Q. 2 (1991).
[FN5]. See id. (for an interesting discussion of how dissident Chinese students used BITNET--a worldwide academic computer network--during the 1989 Tiananmen Square protests).
[FN6]. Pub.L. No. 90-351, 82 Stat. 197 (1968).
[FN7]. Pub.L. No. 99-508, 100 Stat. 1848 (1986).
[FN8]. Craig Bromberg, In Defense of Hackers, N.Y. TIMES, Apr. 21, 1991, § 6 (Magazine), at 45.
[FN9]. In addition to local bulletin boards, large commercial services such as Prodigy, Compuserve, GEnie, BIX, Delphi, PcLink, America Online and USENET are aimed at private computer owners and are available in most major American metropolitan areas.
[FN10]. The major computer services are replete with special interest groups, ranging from golden agers clubs to parents of exceptional children forums. Homebound people get encouragement and support from communicating with others similarly situated, and occasionally become emotionally dependent upon their computers. See Steven Levy, In the Realm of the Censor: The Online Service Prodigy Tells Its Users to Shut Up and Shop, MACWORLD, Jan. 1991, at 69.
[FN11]. See STEVEN LEVY, HACKERS: HEROES OF THE COMPUTER REVOLUTION (1984) (discusses the early days of hacking at the Artificial Intelligence Lab at Massachusetts Institute of Technology and the origin of the term "hacker").
[FN12]. Because "hacker" has taken on pejorative tones over the years, the term is continuously being supplanted by even more imaginative and descriptive appellations. For example, common slang equivalents for "hackers" are "cowboys," "jockeys," "phreaks," "cyberpunks," and even "datasphere desperados!"
[FN13]. Dorothy E. Denning, Concerning Hackers Who Break Into Computer Systems (paper presented at the 13th National Computer Security Conference, Washington, D.C., Oct. 1-4, 1990).
[FN14]. Id.
[FN15]. Interestingly, Steve Wozniak and Steve Jobs first acquired the capital to start Apple Computer by selling "blue boxes," electronic devices that attach to a telephone and enable "phone phreaks" to make calls around the world for the cost of a local telephone call. See Bromberg, supra note 8.
[FN16]. Michael Rogers, Beyond the Cutting Edge: A Slick Magazine for the Cyberpunk Crowd, NEWSWEEK, Aug. 19, 1991, at 61.
[FN17]. Phone phreaking refers to hacking that involves the telephone system--usually tolling (not paying the additional rates for long distance calls).
[FN18]. See Susan Christian, Hunting Down the Hackers; Vigilante Is on to Culprits' Modem Operandi and Wants Them to Pay Up, LOS ANGELES TIMES, Apr. 3, 1991, at E1.
[FN19]. Bromberg, supra note 8.
[FN20]. See Ganley, supra note 4.
[FN21]. Internet is a computer-to-computer communications system, founded in the mid 1970s, that ties together computers at universities, research laboratories, federal agencies, and non-classified military sites. Internet now serves about 180,000 computers worldwide. SEI Investigates Intrusion of Worldwide Computer Network, UPI, Oct. 4, 1991.
[FN22]. See Ganley, supra note 4.
[FN23]. Morris was convicted, after a jury trial, of violating the Computer Fraud and Abuse Act (18 U.S.C. § 1030(a)(5)(A) (1988)). The case is being appealed, requiring that the judiciary define such terms as "unauthorized access" and "intent to do harm." See, United States v. Morris, 1991 U.S.App.LEXIS 3682 (2d Cir. Mar. 7, 1991).
[FN24]. See John Markoff, Drive to Counter Computer Crime Aims at Invaders, N.Y. TIMES, June 3, 1990, § 1 (National Desk), at 1.
[FN25]. The threat of international espionage is best illustrated by the case of the Hannover Hacker. In 1986 a German computer programmer used his personal computer in Hannover to connect via international phone lines to academic and military computers in the United States, and circuitously, back to Germany and Japan. He sold the gathered intelligence information to the Soviet Union. See generally CLIFFORD STOLL, THE CUCKOO'S EGG: TRACKING OF A SPY THROUGH THE MAZE OF COMPUTER ESPIONAGE (1989) (describes the Hannover Hacker and how he was ultimately caught).
[FN26]. One of the most famous incidents to come to the government's attention in this manner was the theft, sometime in early 1989, of portions of Apple's highly secret source code that drives the Apple Macintosh. Perpetrated by a group called the "nuPrometheus League," disks containing bits of source code were mailed anonymously to well known figures in the computer world. Apple's reaction to the incident was understandably near hysteria. See Bromberg supra note 8.
[FN27]. Most computer thefts are national in scope so enforcement efforts are primarily the responsibility of the United States Secret Service with help from the Federal Bureau of Investigation and state authorities. See Markoff, supra note 24.
[FN28]. See id.
[FN29]. See Barlow, supra note 2.
[FN30]. See id.
[FN31]. See infra notes 161-87 and accompanying text.
[FN32]. See William J. Broad, Every Computer Whispers Its Secrets, N.Y. TIMES, Apr. 5, 1983, at C1.
[FN33]. See John Seaman, Halting Network Intruders, 17 COMPUTER & COMM. DECISIONS 82 (Jan. 29, 1985). This phenomenon is exacerbated by advances in computer technology that are producing faster machines. As the data rate increases shielding problems go up and the signals go farther and are easier to intercept. Broad, supra note 32.
[FN34]. See James B. Schultz, Defeating Ivan with TEMPEST, DEFENSE ELECTRONICS, June 1983, at 64.
[FN35]. "CRT" means "cathode ray tube," or in this context, a computer monitor.
[FN36]. See Vin McLellan, CRT Spying: A Threat to Corporate Security?, 4 PC WEEK 35 (1987).
[FN37]. See John Free et al., Bugging, 231 POPULAR SCI. cover (Aug. 1987).
[FN38]. See McLellan, supra note 36.
[FN39]. See Seaman, supra note 33.
[FN40]. TEMPEST is an acronym for Transient Electromagnetic Pulse Emanation Standard. Free et al., supra note 37.
[FN41]. See Schultz, supra note 34 (a good discussion of TEMPEST requirements and performance).
[FN42]. Whether or not CRT remote surveillance requires a search warrant is discussed when considering the future of computer crime enforcement. See infra notes 209-17 and accompanying text.
[FN43]. Olmstead v. United States, 277 U.S. 438, 478 (1928) (Brandeis, J., dissenting).
[FN44]. U.S. CONST. amend. IV.
[FN45]. See WAYNE R. LAFAVE & JEROLD H. ISRAEL, CRIMINAL PROCEDURE 78 (1985).
[FN46]. See Weeks v. United States, 232 U.S. 383 (1914).
[FN47]. 116 U.S. 616 (1886).
[FN48]. 367 U.S. 643 (1961) (Mapp made the exclusionary rule binding upon the states).
[FN49]. United States v. Leon, 468 U.S. 897, 938, 939 (1984) (dissenting opinion).
[FN50]. 338 U.S. 25 (1949) (Wolf refused to apply the exclusionary rules to the states. It was later overruled by Mapp, supra note 48.).
[FN51]. 468 U.S. 897 (1984).
[FN52]. 468 U.S. at 906 (quoting from United States v. Calandra, 414 U.S. 338, 348 (1974)).
[FN53]. See generally YALE KAMISAR ET AL., MODERN CRIMINAL PROCEDURE (7th ed. 1990) at 43-47 (discussion of the supervisory power of federal courts).
[FN54]. See, e.g., Bank of Nova Scotia v. United States, 487 U.S. 250 (1988) (a district court can not invoke supervisory power to dismiss an indictment for prosecutorial misconduct in a grand jury investigation); United States v. Hasting, 461 U.S. 499 (1983) (supervisory power can not be used to reverse a conviction in order to discipline improper prosecutorial behavior when that behavior is harmless error); United States v. Payner, 447 U.S. 727 (1980) (supervisory power does not authorize a federal court to exclude evidence that did not violate the defendant's Fourth Amendment rights).
[FN55]. See, e.g., Illinois v. Krull, 480 U.S. 340 (1987) (evidence gathered by an officer acting in reasonable reliance on a statute that later turns out to be unconstitutional is not subject to the exclusionary rule); United States v. Leon, 468 U.S. 897 (1984) (created a good faith exception to the exclusionary rule); United States v. Caceres, 440 U.S. 741 (1979) (IRS agent's failure to follow surveillance regulations did not require suppression of the evidence since internal sanctions already in place were adequate to remedy Fourth Amendment violations).
[FN56]. The Fifth Amendment states in part, "No person shall ... be compelled in any criminal case to be a witness against himself." U.S. CONST. amend. V.
[FN57]. 116 U.S. 616 (1886).
[FN58]. 427 U.S. 463 (1976).
[FN59]. Id. at 474.
[FN60]. Id.
[FN61]. 338 U.S. 160 (1949).
[FN62]. Id. at 175, 176.
[FN63]. 387 U.S. 523 (1967).
[FN64]. See id. at 534, 535.
[FN65]. See Spinelli v. United States, 393 U.S. 410 (1969); Beck v. Ohio, 379 U.S. 89 (1964); Aguilar v. Texas, 378 U.S. 108 (1964).
[FN66]. See 468 U.S. 897.
[FN67]. 277 U.S. 438 (1928).
[FN68]. See id. at 465.
[FN69]. See LAFAVE & ISRAEL, supra note 45, at 215.
[FN70]. See 277 U.S. at 474.
[FN71]. E.g., Clinton v. Virginia, 377 U.S. 158 (1964) (rejected the use of a spike mike even though it was not permanently imbedded in the wall); Silverman v. United States, 365 U.S. 505 (1961) (the use of a spike mike to eavesdrop on the conversations of an entire household was an illegal search).
[FN72]. 389 U.S. 347 (1967). Katz was convicted of transmitting wagering information across state lines on the basis of information obtained from a warrantless FBI wiretap of a public telephone booth.
[FN73]. See id. at 351.
[FN74]. Id. at 351.
[FN75]. See LAFAVE & ISRAEL, supra note 45, at 98-99.
[FN76]. See LAFAVE & ISRAEL, supra note 45, at 98-99. The example given by the authors is of a police officer happening upon a drug deal being conducted in a desolate corner of Central Park in the middle of the night. Even though the arrest is legal, the objective chances, estimated beforehand, of the criminals being discovered were quite small.
[FN77]. See id. at 99.
[FN78]. Vanessa J. Grimm, Leahy Doesn't Want Officers to Go Too Far, 9 GOV'T COMPUTER NEWS 110 (1990).
[FN79]. 18 U.S.C. §§ 2510-2520 (1982).
[FN80]. 18 U.S.C. § 2510(1) (1983) (defines "wire communication" as "any communication made in whole or in part through the use of facilities for the transmission of communications by the aid of wire, cable, or other like connection between the point of origin and the point of reception furnished or operated by any person engaged as a common carrier in providing or operating such facilities for the transmission of interstate or foreign communications").
[FN81]. 18 U.S.C. § 2510(2) (1982) (defines "oral communication" as "any oral communication uttered by a person exhibiting an expectation that such communication is not subject to interception under circumstances justifying such expectation").
[FN82]. 18 U.S.C. § 2511 (1982).
[FN83]. 18 U.S.C. § 2518 (1982).
[FN84]. 18 U.S.C. § 2516 (1982).
[FN85]. 18 U.S.C. § 2518(3)(a) (1982).
[FN86]. See Berger v. New York, 388 U.S. 41, 69 (1967) (Stewart, J., concurring).
[FN87]. See LAFAVE & ISRAEL, supra note 45, at 221, 222.
[FN88]. 18 U.S.C. § 2515 (1982).
[FN89]. Pen registers record the telephone numbers dialed from a specified location by monitoring the electrical impulses created by the phone dial. See Lisa A. Wintersheimer, Comment, Privacy Versus Law Enforcement--Can the Two Be Reconciled?, 57 U.CIN.L.REV. 315, 327, 328 (1988).
[FN90]. See id. (for a discussion of loopholes created in the law by Title III).
[FN91]. See LAFAVE & ISRAEL, supra note 45, at 215-18.
[FN92]. See generally Alan Gadlin, Note, Title III Protection for Wireless Telephones, 1985 U.ILL.L.REV. 143 (1985); Kelley K. Hwang, Note, The Admissibility of Evidence Obtained by Eavesdropping on Cordless Telephone Conversations, 86 COLUM.L.REV. 323 (1986) (for discussions of the legal difficulties of applying Title III to cordless telephones).
[FN93]. See Robert W. Kastenmeier et al., Communications Privacy: A Legislative Perspective, 1989 WIS.L.REV. 715 (1989) (Rep. Kastenmeier sponsored the ECPA in the House of Representatives).
[FN94]. Id. at 720.
[FN95]. See id. at 734, 735.
[FN96]. 18 U.S.C. § 2510(12) (1988) (defines "electronic communication" as "any transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photoelectric or photooptical system that affects interstate or foreign commerce, but does not include: (a) the radio portion of a cordless telephone communication that is transmitted between the cordless telephone handset and the base unit; (b) any wire or oral communication; (c) any communication made through a tone-only paging device; or (d) any communication from a tracking device").
[FN97]. See LAFAVE & ISRAEL, supra note 45, (Supp.1989) at 22.
[FN98]. Civil libertarians would argue, of course, that Congress has no right to exclude a broad form of communication from Constitutional protection.
[FN99]. 18 U.S.C. § 2510(1) (1988).
[FN100]. 18 U.S.C. § 2520(4) (1988).
[FN101]. 18 U.S.C. § 2518(11) (1988).
[FN102]. See generally Michael Goldsmith, Eavesdropping Reform: The Legality of Roving Surveillance, 1987 U.ILL.L.REV. 401 (1987) (discussion of the law enforcement technique of roving surveillance).
[FN103]. 18 U.S.C. § 2516(3) (1988).
[FN104]. See LAFAVE & ISRAEL, supra note 45, at 24 (Supp.1989).
[FN105]. 18 U.S.C. § 2518(10)(c) (1988).
[FN106]. See Kastenmeier et al., supra note 93.
[FN107]. UNITED STATES ATTORNEY'S MANUAL, Vol. IIIa (1988).
[FN108]. Id. at § 9-7.110.
[FN109]. See supra notes 72-77 and accompanying text.
[FN110]. See supra notes 47-49 and accompanying text.
[FN111]. 80 U.S. 128 (1871). In 1863 Congress passed legislation allowing the Secretary of the Treasury to collect all abandoned or captured property in any rebellious state or territory. Provided he could prove he gave no aid or comfort to the rebellion, the owner of the confiscated property could sue for recovery in federal court. Klein was suing for the proceeds from the sale of a quantity of cotton, seized by the Secretary's agents. Although Klein apparently had not been loyal to the Union, he received a presidential pardon for his conduct. Congress, angered by the issuance of such presidential pardons, passed a law in 1870 requiring the court to dismiss any claim for recovery of property brought under color of a presidential pardon. The Supreme Court held that this legislation was unconstitutional because it encroached upon both judicial and executive power. Klein has been cited favorably in recent Supreme Court decisions. See, e.g., Public Citizen v. Department of Justice, 491 U.S. 440 (1989); Immigration & Naturalization Service v. Chadha, 462 U.S. 919 (1983).
[FN112]. See supra notes 50-55 and accompanying text.
[FN113]. See supra note 54.
[FN114]. See supra note 55.
[FN115]. 18 U.S.C. § 2511(2)(a)(ii) (1988).
[FN116]. 18 U.S.C. § 2518 (1988).
[FN117]. 18 U.S.C. § 2520 (1988).
[FN118]. 18 U.S.C. § 2510(17) (1988).
[FN119]. 18 U.S.C. § 2703 (1988).
[FN120]. See Kastenmeier et al., supra note 93, at 737.
[FN121]. 425 U.S. 435 (1976) (Miller involved government subpoenas aimed at a depositor's bank records). In response to the ruling in Miller, Congress enacted the Right to Financial Privacy Act (12 U.S.C. § 3401 (1988)) which provides some privacy protection to bank records. See Securities & Exch. Comm'n v. O'Brien, 467 U.S. 735, 745 (1984).
[FN122]. See 425 U.S. at 441-43.
[FN123]. 467 U.S. 735 (1984).
[FN124]. Id. at 743.
[FN125]. 18 U.S.C. § 2702(b) (1988).
[FN126]. Barlow, supra note 2, at 52.
[FN127]. See Dorothy E. Denning, Denning's Rebuttal, 34 COMM. OF THE ACM 42 (March 1991) (Association for Computing Machinery).
[FN128]. See Paula Hawthorn, Colleagues Debate Denning's Comments, 34 COMM. OF THE ACM 33 (March 1991). Hawthorn is the chairman of the ACM Committee on Scientific Freedom and Human Rights. She tells of a father interrupting a meeting of the 13th National Computer Security Conference with tears on his face describing his fear that a hacker might alter the computer monitoring system keeping his hospitalized son alive.
[FN129]. See Michael Hedges, Five 'Computer Nerds' Held in National Scam, WASH. TIMES, May 10, 1990, at A4.
[FN130]. Id. The cities were Chicago; Cincinnati; Detroit; Los Angeles; Miami; Newark; New York; Phoenix; Pittsburgh; Plano; Richmond; San Diego; San Jose; and Tucson.
[FN131]. See James Daly, Group Tries Taming 'Electronic Frontier,' COMPUTERWORLD, Mar. 25, 1991, at 77.
[FN132]. See Willie Schatz, The Terminal Men; Crackdown on the 'Legion of Doom' Ends an Era for Computer Hackers, WASHINGTON POST, June 24, 1990, Financial, at H1.
[FN133]. See Markoff, supra note 24; Barlow, supra note 2, at 51.
[FN134]. See Barlow, supra note 2, at 51. According to "Terminus" it required half a moving truck and a thirty-five page inventory to account for items removed from his residence.
[FN135]. "Acid Phreak" claims agents seized his books, telephone answering machine, cassette player, audio tapes, and even his alarm clock. See Barlow, supra note 2, at 49.
[FN136]. See Debbie Howlett, Computer Fraud: A Big-Bite Crime, USA TODAY, July 9, 1990, News, at 3A.
[FN137]. See Barlow, supra note 2, at 50 (Barlow calls the document "a blot on the history of prose" and the worst writing he has ever tried to read).
[FN138]. Id.
[FN139]. Id.
[FN140]. In this context, electronic means "virtual." No copies of the magazine existed in physical print.
[FN141]. See Donn B. Parker, Colleagues Debate Denning's Comments, 34 COMM. OF THE ACM 33 (March 1991).
[FN142]. Motions to Dismiss Wire Fraud and Transport of Stolen Property Claims For Hacker Publishing Activity Denied, But Charges Dropped, 7 COMPUTER LAW 37 (Sept.1990) [hereinafter Motions to Dismiss].
[FN143]. See Barlow, supra note 2.
[FN144]. The Atlanta hackers pleaded guilty to illegal entry into Bell South's computer network in violation of 18 U.S.C. § 1030(a)(5)(A) and were sentenced on Nov. 16, 1990. Each was directed to compensate Bell South the sum of $233,000. Riggs was sentenced to 21 months in jail, and his accomplices received 14 months each. Two of the three sentences have been appealed in federal court. See ABA Examining Seizure Rules: Bell South Hackers Appeal Sentences, 10 COMM.DAILY 2 (Nov. 28, 1990) [hereinafter ABA Examining Seizure Rules].
[FN145]. See Motions to Dismiss, supra note 142.
[FN146]. Id.
[FN147]. Id.
[FN148]. Id.
[FN149]. Telephone interview with Mike Godwin, Staff Council of the Electronic Frontier Foundation (Sept. 26, 1991).
[FN150]. EFF NEWS # 1.00, December 10, 1990, at 8 (available from the Electronic Frontier Foundation, 155 Second Street, Cambridge, Mass. 02141).
[FN151]. See Bromberg, supra note 8.
[FN152]. See Michael Hodge, South, AM.LAW., July 1991/Aug. 1991, Big Suits, at 28.
[FN153]. See Electronic Frontier Foundation, Legal Case Summary, Steven Jackson Games (available from the Electronic Frontier Foundation, 155 Second Street, Cambridge, Mass. 02141).
[FN154]. See Barlow, supra note 2.
[FN155]. On May 1, 1991 Steve Jackson Games filed suit against the Secret Service seeking the return of all seized property, compensatory damages, and punitive damages. The complaint asserts that the Secret Service didn't inform the judge who issued the search warrant that Steve Jackson Games was a publisher and that the warrant did not meet the special criteria for searching a publisher established under the Privacy Protection Act of 1980. See Hodge, supra note 152.
[FN156]. The investigations of Neidorf and Blankenship are not generally considered to have been part of Operation Sun Devil itself.
[FN157]. See Mark Potts, 'Hacker Pleads' Guilty in AT & T Case; Sentence Urged for Md. Man Among Stiffest Yet for Computer Crime, WASH. POST, Mar. 22, 1991, § 1, at A1.
[FN158]. See id.
[FN159]. See Henry Weinstein, 'Hackers Fraud' Sleuths Bring More Charges, LOS ANGELES TIMES, Mar. 30, 1991, Part D (Business), at 2. Majette pleaded guilty to a reduced felony charge in May, 1991, and was sentenced to 120 days in a "shock incarceration" center and five years probation and was ordered to pay restitution of nearly $20,000. Newsshorts, COMPUTERWORLD, July 22, 1991, at 6. Note: Majette's sentence seems surprisingly light when compared to those of the Atlanta hackers--supra note 144.
[FN160]. See Weinstein, supra note 159.
[FN161]. Florida v. Riley, 488 U.S. 445, 466 (1989) (Brennan, J., dissenting).
[FN162]. 18 U.S.C. § 2702(b) (1988).
[FN163]. See supra note 61.
[FN164]. See supra note 141.
[FN165]. First Amendment issues arise concerning whether Phrack, a publication existing solely as electronic storage, should be afforded the protection usually given to printed media, but that is outside the scope of this Note.
[FN166]. 18 U.S.C. § 2703 (1988).
[FN167]. See supra text at notes 118-25.
[FN168]. See supra note 121.
[FN169]. See supra note 123.
[FN170]. See supra notes 110-11 and accompanying text.
[FN171]. 18 U.S.C. § 2520(b) (1988). Damages include equitable or declaratory relief, punitive damages and reasonable attorney's fees and litigation costs up to a maximum of $100 per day of violation or $10,000.
[FN172]. The main fact the government would have to ascertain is whether or not the recipients knew or were willfully blind to the fact that the document was stolen. This might be a difficult task since Neidorf edited and retyped the original document to conceal the fact it was stolen. Motions to Dismiss, supra note 142. If the recipient nevertheless knew the document was obtained illegally, even if he did not further transmit or use the document, he could be charged with misprision of a felony under 18 U.S.C. § 4 (1988).
[FN173]. See supra text accompanying notes 61-62.
[FN174]. 332 U.S. 581 (1947). DiRe was a passenger in a car in which another passenger sold counterfeit gasoline ration coupons to the driver, who was a government informant. DiRe was arrested and a later, warrantless search revealed counterfeit coupons on his person.
[FN175]. See 332 U.S. at 587; accord Ybarra v. Illinois, 444 U.S. 85 (1979).
[FN176]. See LAFAVE & ISRAEL, supra note 45, at 110.
[FN177]. See supra notes 127-28 and accompanying text.
[FN178]. See supra note 49.
[FN179]. Computer peripherals are any devices, such as modems, printers, or disk drives, that connect to the central processor unit.
[FN180]. See generally Barlow, supra note 2.
[FN181]. See ABA Examining Seizure Rules, supra note 144.
[FN182]. A hard drive is a data disk physically built into a computer which contains programs, files and the computer's operating system.
[FN183]. See ABA Examining Seizure Rules, supra note 144. Although the article also named Steve Wozniak, co-founder of Apple Computers, as concurring that hackers don't spring load computers, Mike Godwin, Staff Counsel for the Electronic Frontier Foundation, said that the article was incorrect and that Mr. Wozniak has never made a public statement concerning his opinion on this matter. See supra note 149.
[FN184]. Eugene Spafford, Colleagues Debate Denning's Comments, 34 COMM. OF THE ACM 33 (1991) (Eugene Spafford is an assistant professor of computer science at Purdue University).
[FN185]. See id. To date, no one has actually been found to have hidden information on an answering machine tape. Supra note 145.
[FN186]. See supra note 184. An autodialer is a device or a program that will dial a telephone number or a sequence of telephone numbers in response to a computer command.
[FN187]. Barlow, supra note 2, at 52.
[FN188]. KENNETH C. DAVIS, ADMINISTRATIVE LAW TREATISE § 7.20 (1958) (the quote is from Justice Jackson's dissenting opinion in Shaughnessy v. United States, 345 U.S. 206, 224 (1953)).
[FN189]. U.S. CONST. amend. V.
[FN190]. See JEROME A. BARRON ET AL., CONSTITUTIONAL LAW: PRINCIPLES AND POLICY 343 (1987).
[FN191]. 462 U.S. 696, 709, 717 (1983).
[FN192]. See JOHN E. NOWAK ET AL., CONSTITUTIONAL LAW 459 (3d ed. 1986).
[FN193]. 424 U.S. 319 (1976). The Court has continued to rely on the Mathews test to resolve questions concerning the adequacy of afforded process. E.g., Burns v. United States, 111 S.Ct. 2182 (1991).
[FN194]. 424 U.S. at 335.
[FN195]. See Barlow, supra note 2 (description of the seizure of a teenage suspect's computer while his mother, who used the computer during the day for typing and text layouts, watched); see also Schatz, supra note 132 (Leonard Rose used his home computers in his consulting business).
[FN196]. The First Amendment states that Congress shall make no law abridging the freedom of speech, or of the press. U.S. CONST. amend. I.
[FN197]. The right of free association, in this context, is protected by the concept of liberty contained in the due process clauses of the Fifth and Fourteenth Amendments. NOWAK ET AL., supra note 192, at 948.
[FN198]. On a typical computer service such as Prodigy or GEnie a member can access electronic banking, travel agencies, shopping malls, and even a grocery store.
[FN199]. Online computer services usually offer a variety of encyclopedias, information libraries, and even "ask the expert" rooms.
[FN200]. 424 U.S. at 335.
[FN201]. See supra text accompanying notes 126-60.
[FN202]. See supra notes 42-77 and accompanying text.
[FN203]. See Bromberg, supra note 8.
[FN204]. The essential elements of a fair hearing are: (1) adequate notice of the charges or basis for government action; (2) a neutral decisionmaker; (3) an opportunity to make an oral presentation to the decisionmaker; (4) a chance to confront and cross-examine witnesses or evidence to be used against the individual; (5) the right to have an attorney present the individual's case to the decisionmaker; (6) a decision based on the record with a statement of reasons for the decision. See NOWAK ET AL., supra note 192, at 484.
[FN205]. "The government's busting kids just for being curious.... It's like hacking's the worst thing since communism." See Schatz, supra note 132 (comments of hacker, Acid Phreak).
[FN206]. "We think the deterrent effect of Operation Sun Devil has been very beneficial...." See id. (comments of Earl Devaney, special agent in charge of the Secret Service's fraud division).
[FN207]. Donn B. Parker, Colleagues Debate Denning's Comments, 34 COMM. OF THE ACM 33 (March 1991).
[FN208]. Adolescent behaviors challenging authority such as trespassing on private property, graffiti writing and smoking are often undertaken for the thrill they confer on the risk-taker.
[FN209]. Olmstead v. United States, 277 U.S. 438, 474 (1928) (Brandeis, J., dissenting).
[FN210]. In order to keep pace with the advancing electronic frontier, Lawrence Tribe proposed the following constitutional amendment at the First Conference on Computers, Freedom & Privacy, sponsored by Computer Professionals for Social Responsibility, March 25-28, 1991: "This Constitution's protections for the freedoms of speech, press, petition and assembly, and its protections against unreasonable searches and seizures and the deprivation of life, liberty or property without due process of law, shall be construed as fully applicable without regard to the technological method or medium through which information content is generated, stored, altered, transmitted or controlled." NAT'L L.J., Sept. 16, 1991, at 32.
[FN211]. See supra text accompanying notes 32-42.
[FN212]. Cordless telephones were judicially denied Fourth Amendment protection in a number of state cases litigated prior to enactment of the ECPA. See, e.g., State v. Smith, 438 N.W.2d 571 (Wis.1989); State v. Delaurier, 488 A.2d 688 (R.I.1985); State v. Howard, 679 P.2d 197 (Kan.1984).
[FN213]. State v. Smith, 438 N.W.2d at 574.
[FN214]. Id. at 577. The court seems to be applying the purely subjective version of the Katz test that many scholars strongly disfavor.
[FN215]. 47 C.F.R. § 15.105(b) (1990).
[FN216]. Computer scientists are working on interactive computer systems that "speak" to human operators and someday will respond to commands given to them in human speech. Would this be enough to reclassify a computer monitor as a medium of oral communication?
[FN217]. See LAFAVE & ISRAEL, supra note 45 (Supp.1989), at 22.
[FN218]. E.g., Winston v. Lee, 470 U.S. 753 (1985) (court ruled that surgery to remove a bullet from suspect would be an unreasonable search).
[FN219]. E.g., Pennsylvania v. Muniz, 110 S.Ct. 2638 (1990) (the effect of videotaping on Fifth Amendment rights); Tanks v. Greater Cleveland Regional Transit Auth., 930 F.2d 475 (6th Cir.1991) (the effect of high tech drug testing procedures employing gas chromatography on a suspect's privacy rights); United States v. Yee, 1990 Dist. LEXIS 15908 (excellent description of the science behind DNA testing and its admissibility in court); United States v. Jakobetz, 747 F.Supp. 250 (D.Vt.1990) (forensic application of DNA technology for suspect identification).
[FN220]. See Barlow, supra note 2, at 55, 56.
[FN221]. Katz v. United States, 389 U.S. 346, 351 (1967).
[FN222]. See Denning, supra note 13.
[FN223]. Funding projections have not been made for this particular network, but in 1989 the White House Office of Science and Technology proposed the creation of a national high-performance computer network that would cost $2 billion over five years, with $400 million of that total earmarked for a national research and education network. 5 DATABASE SEARCHER 31 (Nov.1989). Inasmuch as the computers available to hackers would not have to be as sophisticated as those proposed by the White House, $400 million over five years would seem to be a reasonable upper limit for the cost of such a program.
[FN224]. Encryption is the process of scrambling messages or transforming them into code. When used for security purposes, encryption can limit system access to users who have a special key or who are located at specific terminals. Microsoft Corporation, the largest supplier of personal computer software in the United States, has decided to adopt encryption technology for protecting its data. Don Clark, Microsoft to Battle Sabotage, SAN FRANCISCO CHRON., June 3, 1991, Business, at B1.
[FN225]. See Privacy Protections; Govt. Asked to Ease Cryptographic Restrictions, 11 COMM. DAILY 4, June 13, 1991.
[FN226]. See S. 266, 102d Cong., 1st Sess. (1991).
[FN227]. S. 635, 102d Cong., 1st Sess. (1991).
[FN228]. S. 266, 102d Cong., 1st Sess. § 2201 (1991).
[FN229]. Brooks Boliek, Hackers, STATES NEWS SERVICE, Aug. 3, 1990.
[FN230]. See ABA Examining Seizure Rules, supra note 144.
[FN231]. See id.
[FN232]. See supra notes 193-207 and accompanying text.