CASE COMMENT -------------- UNITED STATES v. RIGGS: JACKING INTO THE NET WITH THE ILLINOIS DISTRICT COURT -by Jay Wood ********************************************************************* The following article is a candidate for publication in the Rutgers Computer and Technology Law Journal, therefore it is (c) copyright 1992 by the author. You may re-post this file freely (as long as you don't make any changes), but you may not publish the text or a substantial portion thereof in any form (i.e., print it up and sell it, include it in your newsletter, etc.). If you mention this article, you must mention that it is a candidate for publication in the Rutgers Computer and Technology Law Journal (for the 1992-93 academic year); if you wish to quote from or reproduce a substantial part of the article, please contact me. Comments on the text are extremely welcome. -Jay Wood InterNet: jwood@andromeda.rutgers.edu CompuServe: 70540,1252 AOL: JayW9 ********************************************************************** (FOOTNOTES ARE AT END OF TEXT) I. INTRODUCTION The rapid pace of technological innovation has given many creative individuals the ability to work mischief without violating any statutes. The range of possible "offenses" often exceeds the imagination of the legislature. Prosecutors and courts who are faced with these individuals must make a difficult choice: they must either let these "criminals" go free, or attempt to stretch existing laws to cover the (purportedly) culpable conduct. Efforts to avoid this dilemma have frequently focused on criminalizing activities at the periphery of the undesirable conduct. Some legislatures have approached the problem (in the area of narcotics) with so-called "designer drug" laws.\1\ A United States District Court presented its solution to the problem in the area of "computer crime" in the case of United States v. Riggs.\2\ The facts of the case are deceptively simple. Robert Riggs was a computer enthusiast (a "hacker") who was able to gain access to a computer that was owned and operated by the Bell South telephone company. He accomplished this feat from his home, using a personal computer and a modem to connect with the Bell South computer over ordinary telephone lines.\3\ His access, although unauthorized, went undetected by the phone company, and he was able to find and copy a text file detailing the operations and maintenance of Bell South's Emergency 911 response system to a disk in his home.\4\ While pursuing his interest in computer and communication technology, Riggs had become acquainted with Craig Neidorf, an amateur journalist whose magazine "Phrack"\5\ was distributed by modem to computer and telecommunications hobbyists through an informal network of computer bulletin boards.\6\ Riggs and Neidorf agreed that the Emergency 911 information would be of interest to Phrack's readers, and made plans to include it in an upcoming issue.\7\ So that the document could be readied for publication, Riggs uploaded (transferred) a copy of the text file from his home in Georgia to a bulletin board system in Illinois, enabling Neidorf to retrieve it in his home in Missouri.\8\ Neidorf edited the report to remove features that would identify it's source, and sent the edited document (via telephone) to the Illinois BBS for Riggs' approval.\9\ At some point during this transaction, the operator of the Illinois bulletin board became concerned that potentially sensitive information was being exchanged through his equipment. Fearing that this might subject him to some sort of liability, he notified the appropriate authorities.\10\ As a reward for his diligence, his computer was confiscated by the Secret Service and his bulletin board was shut down.\11\ Neidorf and Riggs were located, and the instant prosecution began. The pair was charged with wire fraud,\12\ Interstate Transportation of Stolen Property,\13\ and one violation of the Computer Fraud and Abuse Act.\14\ Robert Riggs plead guilty to the charge of wire fraud, on the basis of his activities in gaining the unauthorized access to Bell South's computer.\15\ Craig Neidorf challenged the validity of the charges against him, and moved that they be dismissed.\16\ His challenge cited several grounds for dismissal, relying principally on the contention that he could not be charged under the National Stolen Property Act when nothing tangible had ever been removed from Bell South's possession, and nothing tangible had moved in interstate commerce.\17\ Based on its reading (by analogy) of the relevant precedents,\18\ the court found that the indictment was valid and denied Neidorf's motions for dismissal.\19\ Although the charges were dropped only a few days into the trial (when it became apparent that the document in question was neither very secret nor very valuable),\20\ the Riggs court's holdings (that the National Stolen Property Act and wire fraud statutes can apply to the computerized acquisition and dissemination of text information) remain good law and are likely to be persuasive to other judges as they attempt to map out the contours of criminal sanctions for computer activity. II. BACKGROUND For their efforts in making the Bell South documents available to the world, Robert Riggs and Craig Neidorf were charged with violating the Computer Fraud and Abuse Act of 1986,\21\ the National Stolen Property Act,\22\ and the wire fraud statute.\23\ No previous case had ever applied these statutes to a purely electronic transaction of the sort engaged in here. The closest analogies the court was able to find in the area of electronic communications were those dealing with the wire transfer of illegally acquired funds.\24\ Another sstrain of cases on which the court relied for guidance related to the theft of trade secret information.\25\ The trade secret cases are similar in that the value of the item stolen is frequently negligible (often nothing more than a sheet of paper), although the value of the information may be quite significant. In addition to these parallels, the court drew support from its understanding of the legislative intent behind the statutes under which Riggs and Neidorf were charged, and the appropriate construction that implies.\26\ A proper understanding of the history and purpose of these acts is therefore required in order to effectively evaluate the court's decision. A. The Computer Fraud and Abuse Act of 1986 The Computer Fraud and Abuse Act of 1986\27\ is an amended version of a 1984 statute entitled the Counterfeit Access Device and Computer Fraud and Abuse Act of 1984.\28\ The 1984 Act was intended to protect consumer credit records and computers in which the government had an interest, and proscribed the unauthorized access or use of a computer operated by or on behalf of the government of the United States.\29\ The amendment was occasioned by the great volume of criticism which the 1984 Act received, both for its narrowness and for what was perceived as poor drafting.\30\ Harsh criticism was leveled at the 1984 Act for its failure to define a number of key terms, such as "access," "authorization," and "use."\31\ It was also strongly suggested by the Justice Department and the National District Attorney's Association that a fraud offense (modelled after the federal mail and wire fraud statutes) be included in any amendment to the Act.\32\ This was attributable to a belief that existing statutes were insufficiently adaptable to many computer-related crimes,\33\ as well as to concerns, similar to those which motivated the passage of the National Stolen Property Act, that jurisdictional problems would prove insurmountable for states that are attempting to address these problems through local legislation.\34\ The 1986 Act attempted to address these concerns by defining some of its more ambiguous terms and expanding the scope of the prohibited activities.\35\ Congress refused, however, to include the fraud offense urged by the District Attorneys\36\ or to fully federalize computer-related crime.\37\ The most important change in the 1986 Act, as it relates to Riggs, is the addition of a provision prohibiting the trafficking in computer passwords.\38\ This section of the statute, intended to address the perceived problem of computer hackers trading passwords over "pirate bulletin boards,"\39\ directly implicated the questions that arose in applying the National Stolen Property Act to Riggs. In other words, does the electronic transmission of information to individuals in other states constitute interstate commerce? Apparently, by passing this Act, Congress intended to answer that question in the affirmative. B. The National Stolen Property Act The National Stolen Property Act (or NSPA) finds its origin in the National Motor Vehicle Theft Act,\40\ a 1919 law designed to fill the jurisdictional gap that is created when a criminal takes a stolen car to another state for its ultimate disposal.\41\ Because an automobile is a valuable thing that is uniquely suited for removal to another jurisdiction,\42\ it was felt that special federal legislation (based on the commerce clause power) was needed to aid the states in what are otherwise essentially local efforts at law enforcement.\43\ Demonstrating their continued concern that "criminals have made full use of the improved methods of transportation and communication, and have taken advantage of the limited jurisdiction possessed by State authorities in pursuing fugitive criminals,"\44\ Congress extended the NMVTA in 1934 to include property other than vehicles. The National Stolen Property Act\45\ prohibited the transportation in interstate commerce of "any goods, wares, merchandise, secu...
lazarusp22