Technology Law Column

This page has been speech-enabled for Macintosh owners using the Talker Netscape Plug-in. Hit Escape to discontinue speech.

Published in the Chicago Daily Law Bulletin, August 10, 1995 at page 6.

Encode, Delete, Download-- You're Busted

Copyright 1995 by David Loundy

A reader of this column recently wrote to point out some legislation currently in a U.S. House of Represenatatives committee that would affect one of the statutes I discussed in last month's column. The proposed legislation would not only limit the Privacy Protection Act of 1980 (42 U.S.C. Section 2000aa), but arguably may also criminalize use of data compression (such as familiar programs like PKZIP, UUencode, Binhex, foreign alphabet character sets, etc.), software distributed by shareware or freeware, your ability to erase files from your computer's hard drive, digital cash, Netscape, etc., to name a few.

Senator Charles Grassley, R-Iowa, a board member of the Office of Technology Assessment, has proposed S-974, "The Anti-electronic Racketeering Act." In his statements to the Senate, he declared that "Eliot Ness needs to meet the Internet," and thus he is proposing legislation intended to crack down on computer crime and other threats posed by computer-using drug cartels, money launderers and terrorists. (For those of you playing along at home, Eliot Ness was the "G-Man" most noted for enforcing the "Noble Experiment" known as Prohibition, which was, of course, ended on a national scale in 1933, after only thirteen years of sporadic enforcement, by passage of the 21st Amendment to the Constitution).

One of the provisions in Senator Grassley's bill is an amendment to 18 U.S.C. Section 1962 (part of the Racketeer Influenced and Corrupt Organization provisions), which, in addition to making illegal the use of any computer or computer network in the furtherance of a racketeering activity, as defined in Section 1962(1), would also make it illegal to "damage or threaten to damage electronically or digitally stored data."

Based on Senator Grassley's statements, one may assume this is intended to be used to fight computer crackers and virus authors; however it does not distinguish these groups from, say, someone who wants to delete a file from his or her own hard drive, or who accidentally leaves a compact disk on the dashboard of his or her car on a bright summer day. Of course, five disks left on the dashboard to melt produces five "predicate" violations leading to a RICO offense.

Continuing on, Grassley's bill proposes the addition of a new section, 18 U.S.C. Section 1030A, which would make it unlawful to use a computer or computer network to transfer unlicensed computer software, regardless of whether the transfer is performed for economic consideration. It would also make it illegal to operate a computer or computer network primarily to facilitate racketeering activity or primarily to engage in conduct prohibited by federal or state law.

These sections would address cases such as U.S. v. LaMacchia, 871 F. Supp 535 (D. Mass. 1994), which I have discussed here in a previous column. In LaMachia, the operator of a bulletin board system used to distribute pirated computer software was held not to be punishable under the wire fraud statute, 18 U.S.C. Section1343, because by running a free service, his actions did not amount to a criminal copyright violation needed to trigger the wire fraud statute. 871 F. Supp. at 542-543.

Again, unfortunately, this section does not account for two common means used to distribute software. Software that is distributed for free ("Freeware") is unlicensed, as is public domain software. Shareware is commercial software, but it is arguably unlicensed at the point it is transferred-- a license is generally given after payment of the shareware fee is made after a trial period. At the time of the software's actual transfer, it is unlicensed. And, of course, running a bulletin board system used solely to distribute public domain software under this provision becomes a federal offense.

Even more mundane tasks, such as two programmers exchanging pieces of computer code (unlicensed software) could result in the 'corrupt programmers' being treated as if they were drug dealers.

While these are likely unintentional side-effects of the legislation, the same section also seeks to make it unlawful to distribute computer software that encodes or encrypts electronic or digital communications to computer networks that the person distributing the software knows or reasonably should know, is accessible to foreign nationals and foreign governments, regardless of whether such software has been designated as nonexportable.

This section is not as bad as it sounds-- it allows an affirmative defense to prosecution if the software uses a "universal decoding device or program that was provided to the Department of Justice prior to distribution."

Under this section, no software capable of encrypting messages is exportable, even if the government has allowed its export in the past, unless the Department of Justice is given the "key." This is even more strict than the Administration's failed "Clipper Chip" plan, which at least would require that two separate agencies keep portions of any decryption key, and which was supposedly intended to be a voluntary scheme.

Once again though, this section does not contain reasonable limits on its reach-- any software which "encodes" an electronic communication is prohibited, which would not only cover strong encryption programs such as Pretty Good Privacy (PGP) but also garden variety compression programs such as Macintosh Binhex and DOS PKZIP software used to shrink files for quicker transmission and archiving would be covered.

(Though it is comforting to know that you could still, say, distribute a pig-Latin conversion program, so long as you give the Justice Department a "universal decoding device". Otherwise, for each person that download the software, you have committed a criminal act.)

It is worth noting that the proposed law does not actually make it illegal for racketeers to use strong encryption software, it just makes certain types of distribution illegal.

Another feature of Senator Grassley's bill is that, in some instances, it loosens the privacy protections provided by the Privacy Protection Act of 1980 (42 U.S.C. Section 2000aa) which were discussed in last month's column.

The Electronic Frontier Foundation notes that this is a direct attack on the holding in Steve Jackson Games v. United States Secret Service, 816 F. Supp. 432 (W.D. Tex. 1993), aff’d, 36 F.3d 457 (5th Cir. 1994), in which the Court found the U. S. Secret Service liable for seizing Steve Jackson Games' computers and bulletin board system, without bothering to address the concerns raised by the seizure of a publisher's computer, its work product, or the publisher's BBS (complete with users' e-mail).

These are only some of the highlights of this proposed legislation. This article does not even address the provisions outlawing anonymous electronic financial transactions, the attempted extension of U.S. jurisdiction to cover any acts which begin and end in a foreign country, yet involve communications which merely pass through U.S. based computers, etc.

The legislature is to be applauded for discovering the wonders of modern communication. If nothing else, the legislature's new discovery has been providing a number of topics for this column.

The Internet is growing exponentially. The major on-line services, such as CompuServe and America On-Line are growing by leaps and bounds. Digital cash is not the future-- in many ways, it is the present (e.g. direct deposit, credit and debit cards). Some of this growth raises legitimate concerns which need to be addressed.

However, if Congress is going to try passing laws affecting these and related topics, it would make some sense if the drafters of the legislation actually tried to understand some of the issues involved before setting pen to paper (or hands to keyboards) to draft bills such as Senator Grassley's. Quick coverage of the events of the day is welcome in the context of news reporting, but often produces bad law in the legislative context.

[Technology Law] [E-Law Web Page]