Experts say more laws won't stop computer hackers
By Raju Chebium
CNN Interactive Correspondent

May 5, 2000
Web posted at: 4:27 p.m. EDT (2027 GMT)WASHINGTON (CNN)


More legislation will not deter hackers from trying to infect the world's computer systems with viruses similar to the "ILOVEYOU" virus, computer and cyberlaw experts said Friday. Better security technology, diligent enforcement of existing laws, better-trained law enforcement officers and enhanced cooperation between the authorities and the computer industries are some of the measures the experts recommend.

"CEOs must personally involve themselves in security and privacy," said Jeff Richards, executive director of the Internet Alliance, an industry group based in Washington. "I think legislation in this case should be generally a last resort."

He said he feared that more legislation could restrict open access to the Internet. He added that an industry-wide commitment to boosting cybersecurity would also enhance consumer confidence.

Other experts noted that most hacking is committed by young people seeking attention and believing themselves to be mere high-tech pranksters. They said as long as there are computers there will be hackers -- and laws will do little to deter them.

"The culture now is that these kids think they are untouchable," said Anthony Lupo, a lawyer who specializes in e-commerce issues at Arent Fox, a Washington law firm.

Lupo said that while laws against cybercrimes are important, "I don't know what good more laws can do. The fix to this is technical."

He said he believes the Philippines government probably will vigorously prosecute the alleged culprit in Thursday's "I Love You" attack because failing to do so would be a public relations blunder, if nothing else. Lupo, who said he has visited the Philippines on business, said the country is eager to establish itself as a cybereconomy and is wooing international companies.

A Philippines Internet service provider has confirmed to CNN.com that a 23-year-old male from the Pandacan area of Manila, the capital of the island republic, is believed to be the author of the "ILOVEYOU" virus.

Millions of computer systems around the world were affected by the bug, which crippled email systems from the British Parliament to the Pentagon to networks in Asia. An U.S. expert said the damage may reach $1 billion worldwide as copycats try to infect computer systems.

Current federal and state statutes

The applicable criminal law in federal law is the Computer Abuse Act of 1984, which has been amended several times over the years, said Reed Freeman, another e-commerce lawyer at Arent Fox. The law imposes a $250,000 fine or a five-year prison term, or both, for each offense.

The law essentially criminalizes anyone who gains unauthorized access to computer systems, and many private individuals have used the law to sue Internet companies like Yahoo, Amazon.com and DoubleClick for placing "cookies" on computer hard drives, Freeman said. Cookies are data files that allow the implanter to track the sites a particular user visits.

Civil actions may be initiated under state laws governing theft, violation of privacy and even stalking, experts said. Internet legislation is pending in some 17 states.

Mark Rhoades, vice president for legislation at the U.S. Internet Council, another industry group in Washington, said Virginia has by far the most stringent Internet laws because about half of all emails in the U.S. go through America Online, based in Dulles, Virginia, a Washington suburb.

Experts said the "ILOVEYOU" case most likely is a federal criminal case because single states do not have the power to make their laws applicable in an international arena.

If the U.S. government decides to prosecute the crime, the question of sovereignty arises, Lupo said. The U.S. must have an extradition treaty with a country in order to bring a resident of that country to the United States to be tried in U.S. courts.