You are on page 1of 23


Borella) <Mike Borella received a bachelor's degree in Computer Science and Technical Communication from Clarkson University (1991). He is currently a graduate student and teaching assistant in Computer Science at U. Cal. at Davis. This paper is the result of an independent study sponsored by Susan Ross, an assistant professor in Technical Communication at Clarkson. e-mail borella@toadflax.eecs.ucdavis or> I: What is Cyberspace? "Cyberspace. A consensual hallucination experienced daily by billions of legitimate operators, in every nation... A graphical representation of data abstracted from the banks of every computer in the human system. Unthinkable complexity. Lines of light ranged in the nonspace of the mind, clusters and constellations of data. Like city lights, receding..." - William Gibson, Neuromancer Even after reading William Gibson's cyberpunk novels, one's conceptualization of cyberspace, the electronic world of computers and computer networks, can be insubstantial. Gibson describes cyberspace as a world of simulated stimulation that a computer feeds to a "jockey" (computer operator) via a "cyberspace deck" (human-computer interface). Explorers in Gibson's cyberspace often have difficulty telling what is real and what is not. Frequently, in our world, the novice computer user has similar problems understanding how to use the potential wealth of information at their finger tips. In Gibson's uncharted future, people access computers by merging their thoughts with a database. Today we can "enter" cyberspace through keyboard and modem. But what actually is cyberspace? Is it real? What does it look like? What are some of the personal and legal issues emerging from this vastly uncharted new frontier? This paper will answer those questions and more as we explore cyberspace, meet its frequenters, and discuss its increasing role in the life of every human being, not just those who actually use a computer. Before we embark on our journey through the legal battles and

rights issues regarding cyberspace, we need a working knowledge of what it is and how computer operators use it. Envision a roadmap. Cities dot the otherwise sparse landscape and roads branch out in all directions, connecting every city. This network leaves no city unserviced. Although not every city is connected to every other, it is possible to reach any one city from any other. Like every other mass transit system, certain areas are more travelled than others. Some cities are larger than others and some stretches of road are more prone to traffic. The size and complexity of this roadmap defies the imagination - it encircles the world. But the cities are not actually cities. They are computers or groups of computers. The roads are telephone lines or fiber-optic cable. The system surrounds the globe in an electronic web of data. The travellers on these 'virtual' roads are packets of information which are sent from one city to another, perhaps via many. The roadmap is a worldwide computer "network." Each city is a depot or terminal for the packets, and is usually referred to as a "node." In reality they are mainframes owned by universities, companies, or groups of computer users. There are several worldwide computer networks currently in existence. Every individual who has an account on any mainframe in the world has their own unique electronic address. It is not unlike a mailbox, except that it can only receive mail of the electronic kind. Electronic addresses are similar to postal addresses in that they contain: --a name, or user identification which corresponds to the individual computer user who owns the particular address. --a local machine name, which is the specific mainframe that the userid is on. Local names are only used in the node consists of more than one mainframe. This is not unlike a street address. --a node name, which corresponds to the physical location of the node that the userid belongs to. This is not unlike a city address and/or zip code.

This is all a network needs to know before it can send information from one mailbox to another. Just like postal mail, if the user doesn't address mail correctly, the network will return it. In the case of e-mail (electronic mail) a simple misspelling will cause the network to return the mail, or send it to an improper destination. Each of the several worldwide networks has its own unique but similar method for addressing e-mail. Corresponding via electronic mail has been available to some academicians for over 20 years, but today it is possible for anybody with a computer and a modem to have their own mailbox. For the sake of convenience, many useful physical objects have been abstracted into cyberspace. Computerized filing systems (databases), bulletin boards, and electronically published digests and magazines proliferate in the virtual world of networks. Many of these electronic items are being treated differently than their "real" counterparts. Often, due to the convenience of having millions of pieces of data available in seconds, individual privacy rights are violated. This is leading to debate and litigation concerning the use of various aspects of cyberspace. The next sections cover the situations, people, and legislation of this untamed and largely undefined frontier.

II: Databases A database is a collection facts, figures, numbers, and words that are sorted in a particular order and/or indexed. They are stored on a computer so that retrieval is quick and simple. Often, databases are used by the government, corporations, and private businesses to keep track of the names, address, phone numbers, and other relevant data about their clients, subscribers, members, etc. For example, most public libraries have databases containing information of every person who has a card at that library. Besides the name, address, and phone

number of the card holder, the library's database would also contain information regarding what books the holder is currently borrowing, whether they are overdue or not, and when each person's library card expires. Similarly, banks have databases containing information regarding the persons they transact with. Again, name, address and phone number is essential, but the bank would also be interested in social security number, credit rating, assets, mortgage information, and so on. By organizing this data on a computer, the bank increases its efficiency. It is able to serve more customers in less time, and provide monetary transactions within seconds. Anyone who has used a bank card at an automated teller can attest to this. But all databases are not used for such beneficial purposes. As we will see in the next section, even the information stored in "benign" databases can be used to violate privacy rights. In 1967, J. Edgar Hoover, then head of the FBI, created the National Crime Information Center (NCIC). This organization's purpose is to use a computerized database containing the criminal record of every United States citizen to increase the efficiency of all levels of law enforcement by facilitating quick exchange of information. The NCIC's federal databanks interface with over 64,000 state and local governments' computer networks, and even with some criminal databases of foreign countries. This widespread and far-reaching power is used by everyone from top FBI investigators to county and municipal patrol officers. For example, if a police officer pulls over a speeder in New York, they can check, within a matter of seconds, if that person is wanted in any other state, and if that person has a criminal record. The NCIC contains records on every person arrested in the United States, which amounts to approximately 40 million people, a number equivalent to one-third of the work force (Gordon and Churchill, p.

497). It goes without saying that the holders of this information have incredible power. However, at first glance, the existence of the NCIC's databases seem completely beneficial; in fact they do much to protect the privacy of the average American. Authorities can find out if an individual is wanted for a crime and detain that person if necessary, all with the push of a few buttons. Effective law enforcement does make the country a safer place for its citizens. But, as we will see, the current state of and uses for the NCIC do infringe upon individual privacy. There are many cases in which the NCIC databases have been found to hold inaccurate and incomplete information. Keep in mind that they only contain arrest records, not conviction records. If an individual has been acquitted of a charge, it does not necessarily get entered into the computers. An example of this was the legal battle fought by Los Angeles native Terry Dean Rogan. After Rogan lost his wallet, a man using his identification was linked to four crimes, including two murders. Rogan was mistakenly arrested, and an NCIC file was made about him. The file was inaccurate - it did not contain a description of him. As a result, he was arrested four times for crimes he didn't commit. Rogan successfully sued to city if Los Angeles in 1987 for violating his Fourth Amendment rights (Science Court Opinions, p. 99). But some victims of NCIC errors don't get off so easily. In 1979, Michael Ducross of Huntington Beach California made a minor traffic violation on his way to the supermarket one day. The police officer radioed for a check on Ducross. When a police station desk clerk punched up the NCIC database to see if Ducross had a file, he got a surprising result. Ducross was wanted for going AWOL from the Marine Corps 10 years earlier. He was seized and held for five months at Camp Pendleton. The Marine Corps eventually dropped the charges because he had never actually gone AWOL. Ducross was a Native American,

and he had left the Corps on a special discharge program available only to Native Americans and foreign citizens (Burnham, pp. 33-34). But these are just two isolated examples, right? Wrong! A study by the Congressional Office of Technology Assistance (OTA) conducted in 1982 found that, " many as one-third of state records lacked information about the disposition of the cases on file. Therefore, an arrest in one state, which may have resulted in a dismissal or an acquittal, could in another state influence the decision to withhold bail or to prosecute the defendant as a 'career criminal.' " (Gordon and Churchill, p. 514). The OTA study found that, at best, 49.5 percent of the NCIC Criminal History records were complete, correct, and unambiguous (Burnham, p. 74). It's bad enough that the NCIC files are largely inaccurate -that your Fourth Amendment rights protecting unlawful search and seizure can be lawfully violated if you have been previously arrested for a crime you didn't commit - but these computerized criminal files are used for much more than law enforcement, and are used by more than just law enforcement agencies. Approximately 90 percent of all criminal histories in the United States are available to public and private employers (Gordon and Churchill, p. 515). Nor is the NCIC without local competition. For example, one Rhode Island data merchant, whose clients are mostly prospective employers, keeps files on people who have been arrested but no necessarily convicted of a crime. That merchant includes in the files names of individuals taken from local newspaper stories (Consumer Reports). If arrest records but not conviction records are available, might not they influence hiring decisions? For example, might not an employer finding a record of arrests in the file of a person claiming a "clean record" on an employment application question the credibility of

the applicant's claim and make a decision not to hire influenced by that doubt? Given that the applicant would not be aware that such a database had been consulted, he or she could not possibly mount a defense if the information in the file was inaccurate (e.g., someone else's arrests) or misleading (e.g. no arrests led to convictions). Since 40 million US citizens have an arrest record, the social cost is potentially high. In several states, including California and Connecticut, more than half of the information requests to criminal history databases were made by employers (Gordon and Churchill, p. 515). But the problems don't end there. In 1981, mainly because of John Hinckley's attempt on then President Ronald Reagan's life, about 400 files were added to the NCIC database. These were of people who had no criminal record and were wanted for no crime! Why were they being entered into the computers? Because these individuals were considered "a potential danger" by the Secret Service. Secret Service Director John R. Simpson stated that listing these people would provide an invaluable tool for tracking their location and activities (Epstein, p. 17). This shows that the government is only paying lip service to the "innocent until proven guilty" precedent that our freedom is based on. The "potential danger" would be to members of the FBI protectorate, including the President, Congress members, and controversial political and social figures such as Jacqueline Onassis. Considering how "accurate" the files have been proven to be, one can imagine the atrocities possible (and encouraged) under these provisions. But there are more culprits to this mess than just the government. The use of databases in the violation of privacy extends into the corporate world. The U.D. Registry Inc. was formed in 1977 by Harvey Saltz, a former deputy district attorney in Los Angeles. "Using a computer to store information obtained from legal charges filed by

landlords in the courts, Saltz says he currently has compiled more than a million records about such disputes all over the Los Angeles area. Over 1900 landlords pay Saltz an annual fee ranging from $35 to $ determine whether the individuals who come to them for housing have had arguments with other landlords in the past." (Burnham, p. 34). And just like the NCIC, Saltz's database was found to be less than reliable. In 1978, Lucky Kellener paid the rent to his brother's apartment. But when his brother was evicted, Kellener's name was included in the U.D. Registry files, defining him as an undesirable tenant. When Kellener went looking for a new apartment in 1981, he got repeatedly turned down and brushed off. Finally, a landlord told him that he had been blacklisted (Burnham, pp. 34-35). Another victim was Barbara Ward, who moved to Los Angeles and found that her newly rented apartment was infested with cockroaches. When she gave her landlord a thirty day notice, he countered with an eviction notice. When the landlord didn't show up in court, the judge threw the case out. But Ward was entered in the U.D. Registry as having an eviction notice, and when she wanted to rent an apartment later she was unable to (Burnham, pp. 34-35). In both cases, errors caused a major personal difficulty and breach of privacy. Also, in both cases the victim did not know of the U.D. Registry's existence. Therefore, neither could possibly confront the unfavorable, electronically-stored data, analogous to a "false witness," that led to their blacklisting. Perhaps the grandest scale of gathering information about people by a non-governmental agency was undertaken by the Lotus Development Corp. in conjunction with Equifax Inc. Lotus and Equifax developed "Marketplace: Households," a database of the names, addresses, and marketing information on 120 million residents of the United States (Fisher, p. C3). The purchaser of this information would probably be

large consumer goods companies specializing in mail order. Databases like this are currently used by organizations to send unsolicited (junk) mail to potential buyers. Imagine the volume of junk mail if the entire business world had the names and addresses of almost half of the country's population on-line! Fortunately, on January 23, 1991, Lotus and Equifax announced that they had cancelled plans to release "Marketplace: Households" due to 30,000 letter and phone calls from individuals who wanted their files deleted from the product. Apparently, the companies decided that the privacy issues involved would make the product unviable. (Fisher, p. C3.) Ironically, a similar product, "Marketplace: Business", which contained database information on seven million U.S. businesses, was discontinued the same day. "Marketplace: Business" has been shipping since October 1990, but was not profitable without the revenues from "Marketplace: Households" (Fisher, p. C3). A similar example of the same type of database belongs to the Phone Disc USA Corporation. This small, Massachusetts based company has manually copied the names, addresses and numbers of 90 million people out of the white pages of telephone books from across the nation. They put this information on CD-ROM storage devices, and sell it to mass-marketers. In a recent ruling, the Supreme Court decided that it is legal to copy white pages listings because they are not copyrighted. For the next version of the product, co-founder James Bryant plans to copy every name from over 4000 sets of regional whites pages. (Kleinfield) Unlike the Lotus/Equifax undertaking, Phone Disc USA shows no signs of halting their product. How many of these computer databases and networks exist that the average American doesn't know about? Just about every government or private agency that interacts with the public has its own computerized index of names, addresses, social security numbers, etc. Every time you

open a bank account, apply for a credit card, attend a learning institution, register at a hotel, get medical aid, or obtain a loan, a new file is opened for you, without your explicit knowledge! And these are the easy ones to track; there are many databases you get into without anyone telling you. In fact, these "secret" records, not unlike the U.D. Registry's, are more effective if the "victims" don't know about them. Now that we are aware of the problem, we can ask the question, "What do we do?" First we must clarify one point - does the mere existence of these databases and computerized records intrude upon the individual's privacy, or does the use of them constitute privacy invasion? The best way to do this is to find out if similar privacy violations occurred before the advent of computerized files. The Census Bureau's charter contains the provision, "in no case shall information furnished under the authority of this act be used to the detriment of the person or persons to which this information relates." But, during World War I, the Justice Department was looking for the names and addresses of young men who were trying to evade the draft so they could track these dissenters down and prosecute them. Under pressure from the military, the Census Bureau disclosed this information (Burnham, pg. 24). Computers did were not used to record information until the mid-forties. One of the first organizations to use primitive databases (stacks and stacks of punch cards) for the purpose of information gathering on a large number of people was the Census Bureau. The violation of privacy did take place before computerized databases. The largest differences between a stack of papers and a computer file are that the computer file is easier to use, faster to find, able to be disseminated and/or transmitted quickly. An example of how efficient computer files are at finding people is the case of the

California Locator Service. This database is used to track parents who refuse to pay child support. The names of the wayward parents are filed in the database. The database is compared to that of the Franchise Tax Board. In the case of a match, the parent's tax refund is intercepted and sent to the parent with custody (Burnham, pp. 30-33). The Locator Service also has direct links to the Department of Motor Vehicles, the Employment Development Board, criminal databases, and several other computer networks to help locate the delinquent parent. According to manager Richard Beall, the service is able to provide at least some sort of information 62% of the time (Burnham, pp. 30-33). Imagine the difference if the California Locator Service were run by pen, pencil, or typewriter instead. The proper information on the wayward parent would have to be sent to all the associate agencies, processed, and answers given. The time to do this would be prohibitive enough to make the service slow and negligibly effective. The computer facilitates this sort of information sharing and retrieval. We conclude that computers aren't the inherent evil, but they help the government and other organizations to procreate the evil of privacy infringement more easily than if computer databases weren't used. So we can't necessarily eliminate the problem by eliminating the databases. Often the computer database used for the questionable activity is one that exists for a different purpose. Cases of this are the Census Bureau's information, and the NCIC. Both of these databases exist to serve beneficial purposes - population surveys and law enforcement, respectively. Eliminating all computer databases containing personal information would to too radical a step. Our society would grind to a standstill as bank records, medical files, legal reports, etc. (the list goes on indefinitely) would have to be hand copied and disseminated. Think of the examples of given at the beginning of this section

of a library and a bank. We saw how these organizations used databases to improve their service to the public. These same databases can be used to invade the privacy of the public. For example if library databases are available to the public, they can be used to list the books or type of books that an individual reads. A magazine or book club might find library databases useful in deciding who to send unsolicited subscription or membership information to. Bank records can be used similarly to determine the financial status of an individual. What is comes down to is that any database containing personal information that is used for any other purpose than the one it exists for is a potential violation of privacy. As a case in point, under current law, our video rental histories have more protection than our medical or insurance records. Under a 1988 law, video rental records may only be released under court order. That law, often referred to as the "Bork bill," was inacted after video rental information about a Supreme Court nominee was made public in the press (Consumer Reports). Must we wait for similar abuses related to the medical, library, or bank records of persons in the public eye to similarly secure the privacy of these records? Is there a solution? Is there a middle ground where we can have the databases, but control how they are used? In the January 1988 issue of Omni magazine, experts from various legal and scientific fields were asked to comment upon the Terry Dean Rogan case (see above). Some responses were: (Science Court Opinions, p. 100). Sheldon L. Glashow, Nobel laureate and professor of physics at Harvard University: "A centralized computerized crime file is absolutely necessary for crime control, but it does jeopardize the rights of citizens...Under no circumstance but one should the NCIC files be made available for non-crime related purposes: The exception is the right of each citizen to examine his or her own file." Melvin Konner, M.D., professor of anthropology at Emory University: "Centralized data banks pose a new, probably serious threat to privacy, yet such data banks are too valuable to be forsworn. ...challenges should result in the emergence of a system of check and balances that will prevent the abuse of data."

John Money, professor emeritus of medical psychology and pediatrics at Johns Hopkins University and Hospital: " becomes imperative to have strictly enforced safeguards on the usage of such [computerized] lists. One such safeguard would be a legally guaranteed principle of freedom of information, so that an individual could access his or her name on the list and correct information falsely entered against it." George B. Schaller, director of science for Wildlife Conservation International: " a potential victim, I am pleased that the file might help insure my privacy - that is my property and person. The file should, however, be accessible for criminal matters only, or it will be misused." Furthermore, an interesting precedent may be set for privacy rights in the United States by the new European Community. The European Community is proposing a set of laws that would strictly limit how database information is used and who has access to it. Basically, the laws would instruct owners of databases to notify individuals of their inclusion, and these individuals would be able to obtain copies of the database information on them. Also, owners of databases would not be allowed to sell the personal information of an individual without the permission of that individual. "The proposals would prohibit...a publisher from selling a list of subscribers to a real estate developer - unless the subscribers agreed to be included. Banks would be required to notify credit card holders before selling their names to mail-order houses." (Markoff, p. D1). Interestingly enough, these proposed regulations have the U.S. based companies complaining the loudest. IBM, GTE, and AT&T claim that the proposed laws would strictly limit their business abroad (Markoff, p. D1). Privacy experts maintain that the companies are overreacting. Some of the restriction that are under consideration include: (Markoff, p. D1). --Companies must register all databases containing personal information with the which they are operating... --Corporations using personal data must tell the subjects of

their use... --Private companies can only collect or process personal data with the consent of the subjects. --Companies would not be able to transfer data to another country unless that country also offered adequate protection of records. Taking these experts' opinions and the precedents under consideration by the European Community, we have a basis for legislation concerning computer databases and the privacy of individuals. The following guidelines are suggested: 1) All individuals who have personal information stored in a computer database must be informed of this fact. They also must be given a chance to review their file(s) and to petition for changes if they find that the information held within is incorrect. 2) When a person is arrested and/or brought to trial because of the information in one of these databases, attention must be given to the question of the file's accuracy and completeness. 3) Files that exist for purposes of law enforcement (e.g., the NCIC) should not be used for anything other than law enforcement. A system of checks and balances should be maintained to guarantee this. 4) Files that exist for marketing or statistical purposes should inform all individuals who are included in the database of their inclusion, and give them an opportunity to request that their file be deleted. The constitution was written as anticipatory democracy, but its framers did not (and could not) anticipate the advent nor the power of the computer. Although the ideals of individual privacy have not changed over the last 200 years, the reality has. In the next section other outdated legal concepts that are in danger of violating the First and Fourth Amendment rights of every citizen are exposed. III: The Printed Word vs. The Electronic Word "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated and no warrants shall issue but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

- The Fourth Amendment to the Constitution of the United States On March 1st, 1990, Secret Service agents raided the offices of Steve Jackson Games, a small role-playing game company. The agents seized three computers, including one being used to run a bulletin board, all company software in the proximity of these computers, and all business records contained in the computers' storage. Why would the government want to virtually shut down a game company? Because Steve Jackson Games was just weeks away from publishing a science-fiction role-playing game called Gurps Cyberpunk. The game is set in a high-tech future society where the players use human/computer interfaces to "enter" computer networks and infiltrate (or hack) through defenses to valuable data. Playing the game does not require the use of (or even the knowledge of how to use) a computer. A Secret Service agent told Steve Jackson that the Gurps Cyberpunk playing manual was a "handbook on computer crime." (Barlow). As a result of losing their computing capabilities and data, Steve Jackson Games temporarily shut down and had to lay off half of its employees. For three months, the Secret Service retained the equipment and data even though they had no evidence that the game or any other Steve Jackson game violated any law. When some of the equipment was finally returned in June, 1990, the Service kept the drafts of Gurps Cyberpunk. The rest of the equipment was "lost." (Barlow). According to the Fourth Amendment, the Secret Service agents needed "probable cause" that criminal evidence will be at the scene of the search to get a search warrant issued. The Fourth Amendment also specifies that the search should be as narrow as possible (in other words, the Secret Service should have known exactly what they were looking for.) By taking all computer records, the Service not only effectively shut Jackson down, but violated the Fourth Amendment. The only "probable cause" that the Secret Service had for

seizing Jackson's computers was that Jackson had hired a former "hacker" to work on Gurps Cyberpunk. A "hacker" is a member of an underground subculture dedicated to breaking and entering computer systems. While this is illegal, the hacker community in general frowns upon the stealing of data for personal profit, but does it instead for bragging rights and the thrill of gaining illicit access to a "guarded" area of cyberspace. This is not unlike breaking the speed limit for kicks and the excitement of defying authority. If this is indeed why the Service raided Steve Jackson Games, this sets another frightening precedent regarding privacy - will employers now check to see if applicants are hackers along with the "normal" checks for arrest records? This may be an effect that the Service was looking for. According to Steve Jackson, the Secret Service suspected this staff member of wrongdoing at home, not at Steve Jackson Games (Computer Underground Digest, 3.20). At the time of this writing, the search warrant remained sealed. If the object of the search, according to the warrant, was evidence of the staffer's wrongdoing, only evidence of that crime should have been retained. If the object was the game, the agents should have taken just the hard copy and soft copy regarding Gurps Cyberpunk. By taking the whole computer system of Steve Jackson Games, the FBI seriously hindered the lawful commercial activities of the company. By holding the computer equipment and software for three months, Steve Jackson Games was almost put out of business. The non-relevant equipment and software should have been returned promptly. Along with the computer equipment and software seized, the agents disconnected and confiscated Steve Jackson Games' BBS. A BBS, or Bulletin Board System, is a centralized, information gathering and dissemination point for many computer users. The BBS contains e-mail from and for those users, who can access the system with their home computer's modem through normal phone lines. Many users who don't

have network access through a university or the organization they work for use a BBS to enter cyberspace. The BBS stores personal mail for these users and enables them to read it when they are logged on. U.S. postal mail is considered private. Electronic mail is the same as physical mail in that it should be protected by the same privacy rights that physical mail is. In the next section, the seizure of personal mail is explored in detail. Even though Steve Jackson Games did eventually publish Gurps Cyberpunk, the company was hit hard by the loss of its information. They had to recreate the game from rough drafts and memory. But, a positive result did come out of the SJG case. Mitch Kapor, founder of Lotus Development Corp, and associate John Perry Barlow, established the Electronic Frontier Foundation (EFF) with the purposes of educating the public about computer-based media and supporting litigation to extend First Amendment rights into the computer world. The EFF intervened in the Jackson case, pushing the government to restore SJG's equipment. In April, 1991 the EFF in conjunction with Steve Jackson Games filed a civil suit against the U.S. Secret Service and several of the individuals responsible for the raid and the withholding of Jackson's property. Unfortunately, at the time of this writing, more detail about this precedent setting case was unavailable. Although it will not set a legal precedent, there is a similar case on the books. The Alcor Life Extension Foundation is an organization that, for a large fee, will freeze an individual's body upon death. In December, 1987, the Riverside County Coroner's Office accused Alcor of hastening the death of cryogenic participant Dora Kent by prescribing her a lethal dose of barbituates (Computer Underground Digest, 1.04). In January 1988, law enforcement officers raided Alcor's headquarters and confiscated its computer equipment. Like the Steve Jackson Games case, the search warrant for the Alcor foundation did not

specify what information that should have specifically be confiscated. The section of the warrant pertaining to computer seizures follows: All electronic storage devices, capable of storing electronic data regarding the above records, including magnetic tapes, disk (floppy or hard), and the complete hardware necessary to retrieve electronic data including CPU (central processing unit), CRT (viewing screen), disc or tape drives, printer, software, and operation manuals for the above said computer, together with all handwritten notes or printed material describing the operation of the computer (Computer Underground Digest, 1.04). In other words, the officers were directed to seize all computers and computer equipment from the Alcor site. Even though the warrant states that only computer equipment "...capable of storing electronic data regarding the above records..." should be seized, this can be interpreted as a warrant to seize all computer equipment because any equipment is capable of holding data about Dora Kent. So once again, the warrant was very wide reaching and vague, exactly what the Fourth Amendment is supposed to protect against. But in this case, the issue became more focused. H. Keith Henson, a member of Alcor, claimed that personal e-mail belonging to himself and 13 other Alcor members was "stolen" by the raiding officers. Although Henson repeatedly tried to get the court to turn over the private e-mail, on the account that it had no relevance to the Dora Kent case, they would not return it. So Henson and his group sued the FBI for not intervening on their behalf in this case (Computer Underground Digest, 1.04). The stealing of private e-mail like in the Alcor case is another precedent that can have dangerous repercussions. This is the equivalent of law enforcement officers obtaining a search warrant for a post office because some of its employees were suspected of illegal activities, and proceeding to seize all mail contained in the post office and reading it, and not returning it to its intended recipients. At the time of this writing, Alcor case was settled out of

court. The result of the settlement was not available. As we can see from these examples, there is a fundamental difference in how the legal community in the U.S. views printed and electronic media. Print media is protected by the First Amendment; electronic media is not. This is a difference that should not exist. Almost all newspapers and magazines exist in electronic form before they are printed. Electronic digests follow the same process, but they leave out the final step - the actual printing. There have been cases of electronic hacker magazines being shut down for publishing hacked (stolen) documents. However there is a hacker magazine called 2600 that doesn't leave out the final step. Printed, not electronic, copies are sent to subscribers. 2600 has included similarly hacked documents, but has never been accosted. According to 2600 editor Emmanuel Goldstein, it is because of the physical printing, "I've got one advantage. I come out on paper and the Constitution knows how to deal with paper." (Barlow). Computer based media and e-mail should have the same Constitutional protection as the written word. But it doesn't. Why not? We can answer this question by tracing history back to the late 1700's when the Framers were writing the Constitution. They had no concept of computers or electronic communication at its current level. Because of this excusable lack of foresight, the Constitution and Bill of Rights do not contain specific provisions for computer based speech and the computerized press. In fact, the word "press" implies the printed press, not actual process of disseminating information to large numbers of people. In the Fourth Amendment, an individual's "papers" are safe from unreasonable search and seizure. Electronic, or unprinted, "papers" are not specifically protected. In strict interpretations of the Constitution, electronic media are not protected. Of course, this is nonsense since the only difference between an article

in a newspaper or magazine and an article stored electronically, that is intended to be printed, is the act of printing. Using the Steve Jackson Games and Alcor cases as a basis, it is proposed that the following guidelines be legislated: 1) If computer information is to be seized, the search warrant must explicitly describe the data sought. The officers carrying out the search should seize only the storage devices (floppy disk, hard disk, magnetic tape) holding this information. 2) If the storage device(s) seized contain other information as well as the data described by the warrant, the wanted data should be copied them the storage device should be promptly returned. 3) If any electronic mail is confiscated, only the pieces from or to suspects of the crime should be read. The rest should be promptly returned unread to the addressees. By following these guidelines, we can avoid many violations of individual privacy that the Constitution, in its current wording, allows. In the final section a somewhat radical step to help our society into the information age is recommended. IV: Where Do We Go From Here? The untamed electronic frontier is an intimidating domain for the computer illiterate. Many view this mysterious technology as responsible for whittling away their personal rights and privacy. Thus they find it fearful and intimidating. Ironically, the only way that the electronic frontier can "dehumanize" an individual is if that individual is ignorant of what it really is. We've seen that we can't continue to function at our current level of society without computer technology, but unless the users of this technology are monitored, they can use it to invade the privacy of individuals. If the general populace is educated, they will have the background to challenge these intruders. But where do we start? As we have seen before, the outdated

wording of the Constitution promotes this dread image of computers and electronic media. Perhaps a good place to start would be with the Constitution. The current wording of the Bill of Rights is archaic, and it represents the mind-frame that many people still have. Computer technology and cyberspace must not be viewed as separate from or outside of laws protecting free speech and privacy. The First and Fourth Amendments don't explicitly mention electronic media. They should regard rights in the electronic world of cyberspace as just as important as those in the physical world. A new amendment stating that the rights guaranteed by the First, Fourth, and any other amendment for that matter, apply to cyberspace would prevent many of the violations we have discussed from happening. (As the final revision of this paper was about to be printed, word was received that Laurence Tribe of Harvard Law School had proposed discussion of just such an amendment. However, this author's proposal was developed independently of Tribe's.) If a new amendment is a step too far, then legislation and precedent setting legal decisions must be made. There seems to be a ray of hope in the Steve Jackson Games case, but it will take several such cases to approach the benefit of a Constitutional amendment. The global village is just around the corner. Whether it is a technological utopia of peace and freedom or an aspect of Orwell's "1984" depends on decisions made now.

Bibliography Article One: An Overview, (2600 Magazine, Spring 1990), pp.1-10.* Burnham, David, The Rise of the Computer State, (1980, Vintage Books). Barlow, John Perry, Crime and Puzzlement. ** Computer Underground Digest, Volume 1.04, April 11th, 1990. * Computer Underground Digest, Volume 3.20, May 12, 1991.* Consumer Reports, "What Price Privacy," (May, 1991, pp. 356-360). Epstein, Aaron, "The Shadow of Your File," The Progressive, (v47, Jun., 1983), p. 17. Fisher, Lawrence M., "Lotus Database Cancelled," (New York Times, Jan 24, 1991), p. C3. Gordon, Diana R. and Churchill, Mae, " 'Triple I' Will Be Tracking Us," The Nation, (New York, v238, April 28, 1984), pp. 497, 513515. Kleinfield, N.R., "The Man With All The Numbers," New York Times, Sunday, April 14th, 1991. Markoff, John, "Europe's Plan to Protect Privacy Worry Business," New York Times, Thursday, April 11th, pp. D1, D5. Pool, Ithiel de Sola, Technologies of Freedom, "On free speech in

an electronic age," (1983, Harvard University Press). Science Court Opinions - Case 6: Computer Privacy, Omni, (New York, Jan. 1988, v10), pp. 99-100. Wilson, Kevin, The Technologies of Control, (1988, University of Wisconsin Press). * These are electronic publications. If copies cannot be found, feel free to contact the author. ** This document was originally disseminated electronically, then was published in Harper's Magazine. The author used the original version.