home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Hacker Chronicles 1
/
HACKER1.ISO
/
cud2
/
cud210d.txt
< prev
next >
Wrap
Text File
|
1992-09-26
|
13KB
|
274 lines
------------------------------
From: Mitch Kapor
Subject: Massachusetts Computer Crime Bill
Date: Mon, Oct 29, 1990
********************************************************************
*** CuD #2.10: File 4 of 9: Massachusetts Computer Crime Bill ***
********************************************************************
{The following summary is reprinted with permission from The Well--
Moderators}.
Background
***********
The EFF has, for the past three months, been involved with an extensive series
of events concerning pending legislation in the state of Massachusetts
concerning computer crime. Unbeknownst to almost everyone a computer crime
bill had passed both houses of the Massachusetts legislature and was sitting
on the Governor's desk awaiting signature.
The original bill had a number of fundamental flaws, not the least of which
was the unproven assumption that a bill which broadly criminalized whole
ranges of computer-related activities was even called for. In fact, the bill
appeared to operate from the same set of assumptions that we have seen too
often in other EFF activities: an untested belief that more regulation is
necessarily better and a disregard for the consequences of such an approach in
stifling free speech and ordinary commerce. The result was a bill which was
both unwise as well as unconstitutional.
The bill, while arguably well-intentioned, would have had severe unintended
consequences such as making it a criminal act to teach a course in computer
security and making a criminal of a software customer who failed to renew a
license agreement.
In addition, there was virtually no real input into the process which led to
the bill's passage, although the formalities were followed.
For these reasons the EFF joined with the Software Council in requesting the
Governor veto the bill. Through a series of meetings with the Governor, his
staff, the Attorney General, the Bar Association, and members of the Council,
we were able to work out a compromise. It can be said without exaggeration
that the EFF played the key role in this process. Sharon Beckman, in
particular, was invaluable in spearheading the legal work, including the
drafting of a replacement bill.
The Bill Itself
*************
The language of the bill now balances property and free speech interests, and
is the first such legislation to do so, as far as we know. As such, after its
passage, it can serve as model legislation for other states as well as the
country as a whole.
The preamble of the bill explicitly recognizes that the integrity of computer
systems must be protected in a way which does not infringe on the rights of
users of computer technology, including freedoms of speech, association, and
privacy.
In its first provision, the bill makes it a crime to knowingly and without
authorization access a controlled computer system with the intention of
causing damage and actually cause damage in excess of $10,000. The second
provision of the bill is identical to the one above except that it covers
activities undertaken with reckless disregard of the consequences as opposed
to intent to cause damage and carries a lesser penalty.
The bill breaks new ground is in the area of enforcement. Prosecutions may be
brought only by the Attorney General and only after guidelines are established
regarding the conduct of search and seizure operations. These guidelines must
be consistent with the concerns stated in the preamble.
The bill also establishes a 17 person commission charged with recommending
future legislation in this area.
The Task Ahead
***************
Now that the Governor has sent a revised bill back to the Legislature, it is
up to them. We will be meeting with the Legislative co-sponsors of the bill
in the next few weeks to find out where they stand and, we hope, gather their
support.
Here is the text of the bill itself
Proposed text of Mass. Computer Crime Bill
Carefully balancing the need to make unlawful entry into
computer systems a criminal offense against the need to protect
the privacy and First Amendment rights of users of computers
has, and remains, a basic tenet guiding Massachusetts efforts
to prevent computer crime. To better strike this vital
balance, and pursuant to authority vested in me by Article LVI
of the Amendments to the Massachusetts Constitution, I am
returning for amendment S.1543, "An Act Prohibiting Certain
Acts Relative to Computers, Computer Data and Computer
Systems".
S.1543 would have the unintended effect of restricting access
to computers by legitimate users. Such restricted access would
inadvertently chill the energy and creativity which are the
hallmarks of Massachusetts business and industry.
I agree with the bill's sponsors that there is a need for
Massachusetts to make more clear that it is a crime to
unlawfully enter some one else's computer system and through
reckless or intentional behavior cause harm or damage.
Therefore, in lieu of vetoing S. 1543, I recommend that it be
amended by striking the language of the bill in its entirety
and substituting in its place the following:
AN ACT PROHIBITING CERTAIN ACTS RELATIVE TO COMPUTERS AND
COMPUTER SYSTEMS.
Be it enacted by the Senate and House of Representatives in
General Court assembled and by the authority of same, as
follows:
SECTION 1. The General Court hereby finds and declares that the
development of computer technology has given rise to new communication,
privacy and property interests of importance to individuals,
businesses, and government agencies in this Commonwealth. The
protection of computer systems is therefore vital to the welfare of
individuals and businesses in the Commonwealth.
The General court also finds and declares that computers and
computer networks have enabled new forms of communication,
including electronic publications, electronic bulletin boards,
electronic conferences, and electronic mail,m which are
protected by fundamental rights, including freedom of speech
and association and freedom from unreasonable governmental
intrusion.
It is the intention of this act to protect the integrity of
computer systems without infringing on the rights described
above and without impeding the use and development of computer
and communications technology.
Therefore, the General Laws are hereby amended by inserting after
chapter 266 the following chapter:
Chapter 266A.
SECTION: 1.
(A) Whoever knowingly accesses a controlled access computer system
knowing such access to be without authorization and knowingly causes
the transmission of a program, information, code or command to a
computer or computer system, without authorization and intending that
such program, information, code or command will damage or cause damage
to a computer, computer system, network, information, data or program,
or withhold or deny, or cause the withholding or denial, of the use of a
computer, computer services, system or network, information, data or
program, and thereby causes loss or damage to one or more other persons
of $10,000 or more shall be punished by imprisonment in a jail or house
of correction for not more that 2 1/2 years, or a fine of not more than
25,000 or both.
(B) Whoever knowingly accesses a controlled access computer system
knowing such access to be without authorization and knowingly causes
the transmission of a program, information, code or command to a
computer or computer system, without authorization and with reckless
disregard of a substantial and unjustifiable risk that such program,
information, code or command will damage or cause damage to a computer,
computer system, network, information, data or program, or withhold or
deny, or cause the withholding or denial, of the use of a computer,
computer services, system, or network, information, data or program,
and thereby causes loss or damage to one or more other persons of
$10,000 or more shall be punished by imprisonment in a jail or house of
corrections for not more than 1 year, or a fine of not more than $5000,
or both.
(C) Prosecutions, Investigations, and Reporting by the Attorney
General
(1) Prosecutions under this section shall be brought only by
the Attorney General.
(2) Any Application for a warrant to conduct a search or
seizure of a computer, computer system, or electronic
communication system under this section must be approved by the
Attorney General or an Assistant Attorney General.
(3) The Attorney General shall, within six months of the
effective data of this Act, issue guidelines for the procedures
governing the investigation and prosecution of an offense under
this section, incorporating in such guidelines a requirement
that violations of this section be investigated by methods that
are least restrictive of the rights of freedom of speech and
association and the right to privacy implicated in computer
systems, and least disruptive to legitimate use of computer
systems, without jeopardizing compelling law enforcement
interests.
Such guidelines shall not provide a basis for dismissal
of an otherwise proper complaint brought under this
sections or for exclusion of evidence that is otherwise
admissible in a proceeding under this section.
(4) The Attorney General shall collect and compile
information on, and report to the General Court annually on,
searches, seizures, and prosecutions commenced pursuant to this
section.
SECTION: 2.
There is hereby established a study commission on
computer technology and the law. The Commission shall
consist of sixteen members who shall serve without
compensation. Notwithstanding any provision of section
six of chapter two hundred and sixty-eight A to the
contrary, the commission shall consist of the attorney
general or his designee who shall be chairman, the
secretary of the executive office of economic affairs
or his designee, the senate chair of the joint
committee on criminal justice, the house chair of the
joint committee on criminal justice, and twelve persons
appointed by the governor, including two
representatives from the Massachusetts Software Council
and one representative of each of the following
organizations, to be selected from a list of
recommendations provided by that organization: the
Massachusetts Bar Association, the Boston Bar
Association, the state council of the AFL-CIO, the
Boston Computer Society, and one representative from
the computer hardware industry, one r
Said Commission shall investigate the legitimate communication,
privacy, and property interests of individuals, businesses, and
government agencies within this Commonwealth implicated by new
computer technologies and shall evaluate the sufficiency of
existing Massachusetts law to protect and preserve those
interests.
The Commission shall report to the General Court the results of
its investigation and study, and its recommendations, together
with drafts of legislation to carry its recommendations into
effect, by filing its report with the clerk of the house of
representatives and with the clerk of the senate on or
before____.
Makes it a felony intentionally to cause harm to a computer or the
information stored in it by transmitting a computer program or code
(including computer viruses) without the knowledge and authorization of
the person responsible for the computer attacked.
Makes it a misdemeanor recklessly to cause harm to a computer or the
information stored in it by transmitting a computer program or code
(including computer viruses) without the knowledge and authorization of
the person responsible for the computer attacked.
JURISDICTION
Covers harm to any computer or program that involves $1,000 worth of
damage or tampering with medical records.
PENALTY
Find and/or imprisonment for up to five years for the felony. Fine and/or
imprisonment for up to one yer for the misdemeanor.
CIVIL CAUSE OF ACTION
Creates a new, civil cause of action for those harmed by a violation of the
Act for compensatory or injunctive relief.
DEFINITION OF "ACCESS"
Defines "access" -- a term used throughout the Computer Fraud and
Abuse Act -- to cover the remote transmission of a program to affect a
computer or the information stored in it.
********************************************************************
>> END OF THIS FILE <<
***************************************************************************
Downloaded From P-80 International Information Systems 304-744-2253 12yrs+