TUCoPS :: Cyber Law :: compriv.txt

Computer Privacy Vs 1st & 4th Amendment

        COMPUTER PRIVACY VS. FIRST AND FOURTH AMENDMENT RIGHTS
                       (By Michael S. Borella)

<Mike Borella received a bachelor's degree in Computer Science and
Technical Communication from Clarkson University (1991). He is
currently a graduate student and teaching assistant in Computer
Science at U.  Cal. at Davis. This paper is the result of an
independent study sponsored by Susan Ross, an assistant professor in
Technical Communication at Clarkson. e-mail
borella@toadflax.eecs.ucdavis or sross@clutx.clarkson.edu>


I: What is Cyberspace?

            "Cyberspace.  A consensual hallucination experienced daily
        by billions of legitimate operators, in every nation...  A
        graphical representation of data abstracted from the banks
        of every computer in the human system.  Unthinkable
        complexity.  Lines of light ranged in the nonspace of the
        mind, clusters and constellations of data.  Like city lights,
        receding..."

                                        - William Gibson, Neuromancer

        Even after reading William Gibson's cyberpunk novels, one's

conceptualization of cyberspace, the electronic world of computers and

computer networks, can be insubstantial.  Gibson describes cyberspace as

a world of simulated stimulation that a computer feeds to a "jockey"

(computer operator) via a "cyberspace deck" (human-computer interface).

Explorers in Gibson's cyberspace often have difficulty telling what is

real and what is not.  Frequently, in our world, the novice computer

user has similar problems understanding how to use the potential wealth

of information at their finger tips.  In Gibson's uncharted future,

people access computers by merging their thoughts with a database.

Today we can "enter" cyberspace through keyboard and modem.  But what

actually is cyberspace?  Is it real?  What does it look like?  What are

some of the personal and legal issues emerging from this vastly

uncharted new frontier?  This paper will answer those questions and more

as we explore cyberspace, meet its frequenters, and discuss its

increasing role in the life of every human being, not just those who

actually use a computer.

        Before we embark on our journey through the legal battles and

rights issues regarding cyberspace, we need a working knowledge of what

it is and how computer operators use it.

        Envision a roadmap.  Cities dot the otherwise sparse landscape

and roads branch out in all directions, connecting every city.  This

network leaves no city unserviced. Although not every city is connected

to every other, it is possible to reach any one city from any other.

Like every other mass transit system, certain areas are more travelled

than others.  Some cities are larger than others and some stretches of

road are more prone to traffic.  The size and complexity of this roadmap

defies the imagination - it encircles the world.

        But the cities are not actually cities.  They are computers or

groups of computers.  The roads are telephone lines or fiber-optic

cable.  The system surrounds the globe in an electronic web of data.

The travellers on these 'virtual' roads are packets of information which

are sent from one city to another, perhaps via many.  The roadmap is a

worldwide computer "network."  Each city is a depot or terminal for the

packets, and is usually referred to as a "node."  In reality they are

mainframes owned by universities, companies, or groups of computer

users.  There are several worldwide computer networks currently in

existence.

        Every individual who has an account on any mainframe in the

world has their own unique electronic address.  It is not unlike a

mailbox, except that it can only receive mail of the electronic kind.

Electronic addresses are similar to postal addresses in that they

contain:

        --a name, or user identification which corresponds to the
        individual computer user who owns the particular address.
        --a local machine name, which is the specific mainframe that the
        userid is on.  Local names are only used in the node consists of
        more than one mainframe.  This is not unlike a street address.

        --a node name, which corresponds to the physical location of the
        node that the userid belongs to.  This is not unlike a city
        address and/or zip code.

        This is all a network needs to know before it can send

information from one mailbox to another.  Just like postal mail, if the

user doesn't address mail correctly, the network will return it.  In the

case of e-mail (electronic mail) a simple misspelling will cause the

network to return the mail, or send it to an improper destination.  Each

of the several worldwide networks has its own unique but similar method

for addressing e-mail.  Corresponding via electronic mail has been

available to some academicians for over 20 years, but today it is

possible for anybody with a computer and a modem to have their own

mailbox.  For the sake of convenience, many useful physical objects have

been abstracted into cyberspace.  Computerized filing systems

(databases), bulletin boards, and electronically published digests and

magazines proliferate in the virtual world of networks.  Many of these

electronic items are being treated differently than their "real"

counterparts.  Often, due to the convenience of having millions of

pieces of data available in seconds, individual privacy rights are

violated.  This is leading to debate and litigation concerning the use

of various aspects of cyberspace.  The next sections cover the

situations, people, and legislation of this untamed and largely

undefined frontier.



II: Databases

        A database is a collection facts, figures, numbers, and words

that are sorted in a particular order and/or indexed. They are stored on

a computer so that retrieval is quick and simple.  Often, databases are

used by the government, corporations, and private businesses to keep

track of the names, address, phone numbers, and other relevant data

about their clients, subscribers, members, etc.  For example, most

public libraries have databases containing information of every person

who has a card at that library.  Besides the name, address, and phone

number of the card holder, the library's database would also contain

information regarding what books the holder is currently borrowing,

whether they are overdue or not, and when each person's library card

expires.

        Similarly, banks have databases containing information regarding

the persons they transact with.  Again, name, address and phone number

is essential, but the bank would also be interested in social security

number, credit rating, assets, mortgage information, and so on.  By

organizing this data on a computer, the bank increases its efficiency.

It is able to serve more customers in less time, and provide monetary

transactions within seconds.  Anyone who has used a bank card at an

automated teller can attest to this.

        But all databases are not used for such beneficial purposes.  As

we will see in the next section, even the information stored in "benign"

databases can be used to violate privacy rights.

        In 1967, J. Edgar Hoover, then head of the FBI, created the

National Crime Information Center (NCIC).  This organization's purpose

is to use a computerized database containing the criminal record of

every United States citizen to increase the efficiency of all levels of

law enforcement by facilitating quick exchange of information.  The

NCIC's federal databanks interface with over 64,000 state and local

governments' computer networks, and even with some criminal databases of

foreign countries.  This widespread and far-reaching power is used by

everyone from top FBI investigators to county and municipal patrol

officers.  For example, if a police officer pulls over a speeder in New

York, they can check, within a matter of seconds, if that person is

wanted in any other state, and if that person has a criminal record.

        The NCIC contains records on every person arrested in the United

States, which amounts to approximately 40 million people, a number

equivalent to one-third of the work force (Gordon and Churchill, p.

497). It goes without saying that the holders of this information have

incredible power.  However, at first glance, the existence of the NCIC's

databases seem completely beneficial; in fact they do much to protect

the privacy of the average American.  Authorities can find out if an

individual is wanted for a crime and detain that person if necessary,

all with the push of a few buttons.  Effective law enforcement does make

the country a safer place for its citizens.  But, as we will see, the

current state of and uses for the NCIC do infringe upon individual

privacy.

        There are many cases in which the NCIC databases have been

found to hold inaccurate and incomplete information. Keep in mind that

they only contain arrest records, not conviction records.  If an

individual has been acquitted of a charge, it does not necessarily get

entered into the computers.  An example of this was the legal battle

fought by Los Angeles native Terry Dean Rogan.  After Rogan lost his

wallet, a man using his identification was linked to four crimes,

including two murders.  Rogan was mistakenly arrested, and an NCIC file

was made about him.  The file was inaccurate - it did not contain a

description of him.  As a result, he was arrested four times for crimes

he didn't commit.  Rogan successfully sued to city if Los Angeles in

1987 for violating his Fourth Amendment rights (Science Court Opinions,

p. 99).  But some victims of NCIC errors don't get off so easily.

        In 1979, Michael Ducross of Huntington Beach California made a

minor traffic violation on his way to the supermarket one day.  The

police officer radioed for a check on Ducross.  When a police station

desk clerk punched up the NCIC database to see if Ducross had a file, he

got a surprising result.  Ducross was wanted for going AWOL from the

Marine Corps 10 years earlier.  He was seized and held for five months

at Camp Pendleton.  The Marine Corps eventually dropped the charges

because he had never actually gone AWOL.  Ducross was a Native American,

and he had left the Corps on a special discharge program available only

to Native Americans and foreign citizens (Burnham, pp. 33-34).

        But these are just two isolated examples, right?  Wrong!  A

study by the Congressional Office of Technology Assistance (OTA)

conducted in 1982 found that, "...as many as one-third of state records

lacked information about the disposition of the cases on file.

Therefore, an arrest in one state, which may have resulted in a

dismissal or an acquittal, could in another state influence the decision

to withhold bail or to prosecute the defendant as a 'career criminal.' "

(Gordon and Churchill, p. 514).  The OTA study found that, at best, 49.5

percent of the NCIC Criminal History records were complete, correct, and

unambiguous (Burnham, p. 74).

        It's bad enough that the NCIC files are largely inaccurate -that

your Fourth Amendment rights protecting unlawful search and seizure can

be lawfully violated if you have been previously arrested for a crime

you didn't commit - but these computerized criminal files are used for

much more than law enforcement, and are used by more than just law

enforcement agencies.  Approximately 90 percent of all criminal

histories in the United States are available to public and private

employers (Gordon and Churchill, p. 515).

        Nor is the NCIC without local competition. For example, one

Rhode Island data merchant, whose clients are mostly prospective

employers, keeps files on people who have been arrested but

no necessarily convicted of a crime. That merchant includes in the files

names of individuals taken from local newspaper stories (Consumer

Reports).

        If arrest records but not conviction records are available,

might not they influence hiring decisions? For example, might not an

employer finding a record of arrests in the file of a person claiming a

"clean record" on an employment application question the credibility of

the applicant's claim and make a decision not to hire influenced by that

doubt? Given that the applicant would not be aware that such a database

had been consulted, he or she could not possibly mount a defense if the

information in the file was inaccurate (e.g., someone else's arrests) or

misleading (e.g. no arrests led to convictions).

        Since 40 million US citizens have an arrest record, the

social cost is potentially high.  In several states, including

California and Connecticut, more than half of the information requests

to criminal history databases were made by employers (Gordon and

Churchill, p.  515).

        But the problems don't end there.  In 1981, mainly because

of John Hinckley's attempt on then President Ronald Reagan's life, about

400 files were added to the NCIC database.  These were of people who had

no criminal record and were wanted for no crime!  Why were they being

entered into the computers?  Because these individuals were considered

"a potential danger" by the Secret Service.  Secret Service Director

John R. Simpson stated that listing these people would provide an

invaluable tool for tracking their location and activities (Epstein, p.

17).  This shows that the government is only paying lip service to the

"innocent until proven guilty" precedent that our freedom is based on.

The "potential danger" would be to members of the FBI protectorate,

including the President, Congress members, and controversial political

and social figures such as Jacqueline Onassis.  Considering how

"accurate" the files have been proven to be, one can imagine the

atrocities possible (and encouraged) under these provisions.

        But there are more culprits to this mess than just the

government. The use of databases in the violation of privacy extends

into the corporate world.  The U.D. Registry Inc. was formed in 1977 by

Harvey Saltz, a former deputy district attorney in Los Angeles.  "Using

a computer to store information obtained from legal charges filed by

landlords in the courts, Saltz says he currently has compiled more than

a million records about such disputes all over the Los Angeles area.

Over 1900 landlords pay Saltz an annual fee ranging from $35 to $60...to

determine whether the individuals who come to them for housing have had

arguments with other landlords in the past." (Burnham, p. 34).  And just

like the NCIC, Saltz's database was found to be less than reliable.

        In 1978, Lucky Kellener paid the rent to his brother's

apartment. But when his brother was evicted, Kellener's name was

included in the U.D. Registry files, defining him as an undesirable

tenant.  When Kellener went looking for a new apartment in 1981, he got

repeatedly turned down and brushed off.  Finally, a landlord told him

that he had been blacklisted (Burnham, pp. 34-35).

        Another victim was Barbara Ward, who moved to Los Angeles and

found that her newly rented apartment was infested with cockroaches.

When she gave her landlord a thirty day notice, he countered with an

eviction notice.  When the landlord didn't show up in court, the judge

threw the case out.  But Ward was entered in the U.D. Registry as having

an eviction notice, and when she wanted to rent an apartment later she

was unable to (Burnham, pp. 34-35).

        In both cases, errors caused a major personal difficulty and

breach of privacy.  Also, in both cases the victim did not know of the

U.D. Registry's existence.  Therefore, neither could possibly confront

the unfavorable, electronically-stored data, analogous to a "false

witness," that led to their blacklisting.

        Perhaps the grandest scale of gathering information about people

by a non-governmental agency was undertaken by the Lotus Development

Corp. in conjunction with Equifax Inc.  Lotus and Equifax developed

"Marketplace: Households," a database of the names, addresses, and

marketing information on 120 million residents of the United States

(Fisher, p. C3).  The purchaser of this information would probably be

large consumer goods companies specializing in mail order.  Databases

like this are currently used by organizations to send unsolicited (junk)

mail to potential buyers. Imagine the volume of junk mail if the entire

business world had the names and addresses of almost half of the

country's population on-line!

        Fortunately, on January 23, 1991, Lotus and Equifax announced

that they had cancelled plans to release "Marketplace: Households" due

to  30,000 letter and phone calls from individuals who wanted their

files deleted from the product.  Apparently, the companies decided that

the privacy issues involved would make the product unviable.  (Fisher,

p.  C3.) Ironically, a similar product, "Marketplace: Business", which

contained database  information on seven million U.S. businesses, was

discontinued the same day.  "Marketplace: Business" has been shipping

since October 1990, but was not profitable without the revenues from

"Marketplace: Households" (Fisher, p. C3).

        A similar example of the same type of database belongs to the

Phone Disc USA Corporation.  This small, Massachusetts based company

has manually copied the names, addresses and numbers of 90 million

people out of the white pages of telephone books from across the nation.

They put this information on CD-ROM storage devices, and sell it to

mass-marketers.  In a recent ruling, the Supreme Court decided that it

is legal to copy white pages listings because they are not copyrighted.

For the next version of the product, co-founder James Bryant plans to

copy every name from over 4000 sets of regional whites pages.

(Kleinfield) Unlike the Lotus/Equifax undertaking, Phone Disc USA shows

no signs of halting their product.

        How many of these computer databases and networks exist that the

average American doesn't know about?  Just about every government or

private agency that interacts with the public has its own computerized

index of names, addresses, social security numbers, etc.  Every time you

open a bank account, apply for a credit card, attend a learning

institution, register at a hotel, get medical aid, or obtain a loan, a

new file is opened for you, without your explicit knowledge!  And these

are the easy ones to track; there are many databases you get into

without anyone telling you. In fact, these "secret" records, not unlike

the U.D. Registry's, are more effective if the "victims" don't know

about them.

        Now that we are aware of the problem, we can ask the question,

"What do we do?"  First we must clarify one point - does the mere

existence of these databases and computerized records intrude upon the

individual's privacy, or does the use of them constitute privacy

invasion? The best way to do this is to find out if similar privacy

violations occurred before the advent of computerized files.

        The Census Bureau's charter contains the provision, "in no case

shall information furnished under the authority of this act be used to

the detriment of the person or persons to which this information

relates."  But, during World War I, the Justice Department was looking

for the names and addresses of young men who were trying to evade the

draft so they could track these dissenters down and prosecute them.

Under pressure from the military, the Census Bureau disclosed this

information (Burnham, pg. 24).  Computers did were not used to record

information until the mid-forties.  One of the first organizations to

use primitive databases (stacks and stacks of punch cards) for the

purpose of information gathering on a large number of people was the

Census Bureau.

        The violation of privacy did take place before computerized

databases.  The largest differences between a stack of papers and a

computer file are that the computer file is easier to use, faster to

find, able to be disseminated and/or transmitted quickly.  An example of

how efficient computer files are at finding people is the case of the

California Locator Service.  This database is used to track parents who

refuse to pay child support.  The names of the wayward parents are filed

in the database.  The database is compared to that of the Franchise Tax

Board. In the case of a match, the parent's tax refund is intercepted

and sent to the parent with custody (Burnham, pp. 30-33).  The Locator

Service also has direct links to the Department of Motor Vehicles, the

Employment Development Board, criminal databases, and several other

computer networks to help locate the delinquent parent.  According to

manager Richard Beall, the service is able to provide at least some sort

of information 62% of the time (Burnham, pp. 30-33).  Imagine the

difference if the California Locator Service were run by pen, pencil, or

typewriter instead.  The proper information on the wayward parent would

have to be sent to all the associate agencies, processed, and answers

given.  The time to do this would be prohibitive enough to make the

service slow and negligibly effective.  The computer facilitates this

sort of information sharing and retrieval.

        We conclude that computers aren't the inherent evil, but they

help the government and other organizations to procreate the evil of

privacy infringement more easily than if computer databases weren't

used.  So we can't necessarily eliminate the problem by eliminating the

databases. Often the computer database used for the questionable

activity is one that exists for a different purpose.  Cases of this are

the Census Bureau's information, and the NCIC.  Both of these databases

exist to serve beneficial purposes - population surveys and law

enforcement, respectively.  Eliminating all computer databases

containing personal information would to too radical a step. Our society

would grind to a standstill as bank records, medical files, legal

reports, etc. (the list goes on indefinitely) would have to be hand

copied and disseminated.

        Think of the examples of given at the beginning of this section

of a library and a bank.  We saw how these organizations used databases

to improve their service to the public.  These same databases can be

used to invade the privacy of the public.  For example if library

databases are available to the public, they can be used to list the

books or type of books that an individual reads.  A magazine or book

club might find library databases useful in deciding who to send

unsolicited subscription or membership information to.  Bank records can

be used similarly to determine the financial status of an individual.

        What is comes down to is that any database containing personal

information that is used for any other purpose than the one it exists

for is a potential violation of privacy.  As a case in point, under

current law, our video rental histories have more protection than our

medical or insurance records. Under a 1988 law, video rental records may

only be released under court order. That law, often referred to as the

"Bork bill," was inacted after video rental information about a Supreme

Court nominee was made public in the press (Consumer Reports).  Must we

wait for similar abuses related to the medical, library, or bank records

of persons in the public eye to similarly secure the privacy of these

records?

        Is there a solution?  Is there a middle ground where we can have

the databases, but control how they are used?  In the January 1988 issue

of Omni magazine, experts from various legal and scientific fields were

asked to comment upon the Terry Dean Rogan case (see above).  Some

responses were: (Science Court Opinions, p.  100).

Sheldon L. Glashow, Nobel laureate and professor of physics at Harvard
University: "A centralized computerized crime file is absolutely
necessary for crime control, but it does jeopardize the rights of
citizens...Under no circumstance but one should the NCIC files be made
available for non-crime related purposes: The exception is the right of
each citizen to examine his or her own file."

Melvin Konner, M.D.,  professor of anthropology at Emory University:
"Centralized data banks pose a new, probably serious threat to
privacy, yet such data banks are too valuable to be forsworn.
...challenges should result in the emergence of a system of check
and balances that will prevent the abuse of data."

John Money, professor emeritus of medical psychology and pediatrics at
Johns Hopkins University and Hospital: "...it becomes imperative
to have strictly enforced safeguards on the usage of such
[computerized] lists.  One such safeguard would be a legally
guaranteed principle of freedom of information, so that an
individual could access his or her name on the list and correct
information falsely entered against it."

George B. Schaller, director of science for Wildlife Conservation
International: "...as a potential victim, I am pleased that the file
might help insure my privacy - that is my property and person.
The file should, however, be accessible for criminal matters only,
or it will be misused."


        Furthermore, an interesting precedent may be set for privacy

rights in the United States by the new European Community. The European

Community is proposing a set of laws that would strictly limit how

database information is used and who has access to it.  Basically, the

laws would instruct owners of databases to notify individuals of their

inclusion, and these individuals would be able to obtain copies of the

database information on them.  Also, owners of databases would not be

allowed to sell the personal information of an individual without the

permission of that individual.  "The proposals would prohibit...a

publisher from selling a list of subscribers to a real estate developer

- unless the subscribers agreed to be included.  Banks would be required

to notify credit card holders before selling their names to mail-order

houses." (Markoff, p. D1). Interestingly enough, these proposed

regulations have the U.S. based companies complaining the loudest.  IBM,

GTE, and AT&T claim that the proposed laws would strictly limit their

business abroad (Markoff, p. D1).

        Privacy experts maintain that the companies are overreacting.

Some of the restriction that are under consideration include: (Markoff,

p. D1).


        --Companies must register all databases containing personal
          information with the countries...in which they are
          operating...

        --Corporations using personal data must tell the subjects of
          their use...

        --Private companies can only collect or process personal data
          with the consent of the subjects.

         --Companies would not be able to transfer data to another
           country unless that country also offered adequate protection
           of records.

        Taking these experts' opinions and the precedents under

consideration by the European Community, we have a basis for legislation

concerning computer databases and the privacy of individuals.  The

following guidelines are suggested:

        1) All individuals who have personal information stored in a
           computer database must be informed of this fact. They also
           must be given a chance to review their file(s) and to
           petition for changes if they find that the information held
           within is incorrect.

        2) When a person is arrested and/or brought to trial because of
           the information in one of these databases, attention must be
           given to the question of the file's accuracy and
           completeness.

        3) Files that exist for purposes of law enforcement (e.g., the
           NCIC) should not be used for anything other than law
           enforcement.  A system of checks and balances should be
           maintained to guarantee this.

       4) Files that exist for marketing or statistical purposes should
          inform all individuals who are included in the database of
          their inclusion, and give them an opportunity to request that
          their file be deleted.

        The constitution was written as anticipatory democracy, but its

framers did not (and could not) anticipate the advent nor the power of

the computer.  Although the ideals of individual privacy have not

changed over the last 200 years, the reality has.  In the next section

other outdated legal concepts that are in danger of violating the First

and Fourth Amendment rights of every citizen are exposed.


III: The Printed Word vs. The Electronic Word

            "The right of the people to be secure in their persons,
        houses, papers, and effects, against unreasonable searches
        and seizures, shall not be violated and no warrants shall
        issue but upon probable cause, supported by oath or
        affirmation, and particularly describing the place to be
        searched, and the persons or things to be seized."

                - The Fourth Amendment to the Constitution of the
                  United States

        On March 1st, 1990, Secret Service agents raided the offices of

Steve Jackson Games, a small role-playing game company.  The agents

seized three computers, including one being used to run a bulletin

board, all company software in the proximity of these computers, and all

business records contained in the computers' storage.

        Why would the government want to virtually shut down a game

company? Because Steve Jackson Games was just weeks away from

publishing a science-fiction role-playing game called Gurps Cyberpunk.

The game is set in a high-tech future society where the players use

human/computer interfaces to "enter" computer networks and infiltrate

(or hack) through defenses to valuable data.  Playing the game does not

require the use of (or even the knowledge of how to use) a computer.  A

Secret Service agent told Steve Jackson that the Gurps Cyberpunk playing

manual was a "handbook on computer crime." (Barlow).

        As a result of losing their computing capabilities and data,

Steve Jackson Games temporarily shut down and had to lay off half of its

employees.  For three months, the Secret Service retained the equipment

and data even though they had no evidence that the game or any other

Steve Jackson game violated any law.  When some of the equipment was

finally returned in June, 1990, the Service kept the drafts of Gurps

Cyberpunk.  The rest of the equipment was "lost." (Barlow).

        According to the Fourth Amendment, the Secret Service agents

needed "probable cause" that criminal evidence will be at the scene of

the search to get a search warrant issued.  The Fourth Amendment also

specifies that the search should be as narrow as possible (in other

words, the Secret Service should have known exactly what they were

looking for.) By taking all computer records, the Service not only

effectively shut Jackson down, but violated  the Fourth Amendment.

        The only "probable cause" that the Secret Service had for

seizing Jackson's computers was that Jackson had hired a former "hacker"

to work on Gurps Cyberpunk.  A "hacker" is a member of an underground

subculture dedicated to breaking and entering computer systems.  While

this is illegal, the hacker community in general frowns upon the

stealing of data for personal profit, but does it instead for bragging

rights and the thrill of gaining illicit access to a "guarded" area of

cyberspace.  This is not unlike breaking the speed limit for kicks and

the excitement of defying authority.  If this is indeed why the Service

raided Steve Jackson Games,  this sets another frightening precedent

regarding privacy - will employers now check to see if applicants are

hackers along with the "normal" checks for arrest records?  This may be

an effect that the Service was looking for.  According to Steve Jackson,

the Secret Service suspected this staff member of wrongdoing at home,

not at Steve Jackson Games (Computer Underground Digest, 3.20).

        At the time of this writing, the search warrant remained sealed.

If the object of the search, according to the warrant, was evidence of

the staffer's wrongdoing, only evidence of that crime should have been

retained. If the object was the game, the agents should have taken just

the hard copy and soft copy regarding Gurps Cyberpunk.  By taking the

whole computer system of Steve Jackson Games, the FBI seriously hindered

the lawful commercial activities of the company.  By holding the

computer equipment and software for three months, Steve Jackson Games

was almost put out of business.  The non-relevant equipment and software

should have been returned promptly.

        Along with the computer equipment and software seized, the

agents disconnected and confiscated Steve Jackson Games' BBS.  A BBS,

or Bulletin Board System, is a centralized, information gathering and

dissemination point for many computer users.  The BBS contains e-mail

from and for those users, who can access the system with their home

computer's modem through normal phone lines.  Many users who don't

have network access through a university or the organization they work

for use a BBS to enter cyberspace.  The BBS stores personal mail for

these users and enables them to read it when they are logged on.  U.S.

postal mail is considered private.  Electronic mail is the same as

physical mail in that it should be protected by the same privacy rights

that physical mail is.  In the next section, the seizure of personal

mail is explored in detail.

        Even though Steve Jackson Games did eventually publish Gurps

Cyberpunk, the company was hit hard by the loss of its information.

They had to recreate the game from rough drafts and memory.  But, a

positive result did come out of the SJG case.  Mitch Kapor, founder of

Lotus Development Corp, and associate John Perry Barlow, established the

Electronic Frontier Foundation (EFF) with the purposes of educating the

public about computer-based media and supporting litigation to extend

First Amendment rights into the computer world.  The EFF intervened in

the Jackson case, pushing the government to restore SJG's equipment.  In

April, 1991 the EFF in conjunction with Steve Jackson Games filed a

civil suit against the U.S. Secret Service and several of the

individuals responsible for the raid and the withholding of Jackson's

property.  Unfortunately, at the time of this writing, more detail about

this precedent setting case was unavailable.

        Although it will not set a legal precedent, there is a similar

case on the books.  The Alcor Life Extension Foundation is an

organization that, for a large fee, will freeze an individual's body

upon death.  In December, 1987, the Riverside County Coroner's Office

accused Alcor of hastening the death of cryogenic participant Dora Kent

by prescribing her a lethal dose of barbituates (Computer Underground

Digest, 1.04).  In January 1988, law enforcement officers raided Alcor's

headquarters and confiscated its computer equipment.  Like the Steve

Jackson Games case, the search warrant for the Alcor foundation did not

specify what information that should have specifically be confiscated.

The section of the warrant pertaining to computer seizures follows:

            All electronic storage devices, capable of storing
        electronic data regarding the above records, including magnetic
        tapes, disk (floppy or hard), and the complete hardware
        necessary to retrieve electronic data including CPU (central
        processing unit), CRT (viewing screen), disc or tape drives,
        printer, software, and operation manuals for the above said
        computer, together with all handwritten notes or printed
        material describing the operation of the computer
        (Computer Underground Digest, 1.04).

        In other words, the officers were directed to seize all

computers and computer equipment from the Alcor site.  Even though the

warrant states that only computer equipment  "...capable of storing

electronic data regarding the above records..."  should be seized, this

can be interpreted as a warrant to seize all computer equipment because

any equipment is capable of holding data about Dora Kent.  So once

again, the warrant was very wide reaching and vague, exactly what the

Fourth Amendment is  supposed to protect against.

        But in this case, the issue became more focused.  H. Keith

Henson, a member of Alcor, claimed that personal e-mail belonging to

himself and 13 other Alcor members was "stolen" by the raiding officers.

Although Henson repeatedly tried to get the court to turn over the

private e-mail, on the account that it had no relevance to the Dora Kent

case, they would not return it.  So Henson and his group sued the FBI

for not intervening on their behalf in this case (Computer Underground

Digest, 1.04).

        The stealing of private e-mail like in the Alcor case is another

precedent that can have dangerous repercussions.  This is the equivalent

of law enforcement officers obtaining a search warrant for a post office

because some of its employees were suspected of illegal activities, and

proceeding to seize all mail contained in the post office and reading

it, and not returning it to its intended recipients.

        At the time of this writing, Alcor case was settled out of

court. The result of the settlement was not available.

        As we can see from these examples, there is a fundamental

difference in how the legal community in the U.S. views printed and

electronic media.  Print media is protected by the First Amendment;

electronic media is not.  This is a difference that should not exist.

Almost all newspapers and magazines exist in electronic form before they

are printed.  Electronic digests follow the same process, but they leave

out the final step - the actual printing.  There have been cases of

electronic hacker magazines being shut down for publishing hacked

(stolen) documents.

        However there is a hacker magazine called 2600 that doesn't

leave out the final step.  Printed, not electronic, copies are sent to

subscribers.  2600 has included similarly hacked documents, but has

never been accosted. According to 2600 editor Emmanuel Goldstein, it is

because of the physical printing, "I've got one advantage.  I come out

on paper and the Constitution knows how to deal with paper." (Barlow).

Computer based media and e-mail should have the same Constitutional

protection as the written word.  But it doesn't.  Why not?

        We can answer this question by tracing history back to the late

1700's when the Framers were writing the Constitution. They had no

concept of computers or electronic communication at its current level.

Because of this excusable lack of foresight, the Constitution and Bill

of Rights do not contain specific provisions for computer based speech

and the computerized press.  In fact, the word "press" implies the

printed press, not actual process of disseminating information to large

numbers of people.  In the Fourth Amendment, an individual's "papers"

are safe from unreasonable search and seizure.  Electronic, or

unprinted, "papers" are not specifically protected.  In strict

interpretations of the Constitution, electronic media are not protected.

Of course, this is nonsense since the only difference between an article

in a newspaper or magazine and an article stored electronically, that is

intended to be printed, is the act of printing.

        Using the Steve Jackson Games and Alcor cases as a basis,

it is proposed that the following guidelines be legislated:

        1) If computer information is to be seized, the search warrant
           must explicitly describe the data sought.  The officers
           carrying out the search should seize only the storage devices
           (floppy disk, hard disk, magnetic tape) holding this
           information.

        2) If the storage device(s) seized contain other information as
           well as the data described by the warrant, the wanted data
           should be copied them the storage device should be promptly
           returned.

        3) If any electronic mail is confiscated, only the pieces from
           or to suspects of the crime should be read.  The rest should
           be promptly returned unread to the addressees.


        By following these guidelines, we can avoid many violations of

individual privacy that the Constitution, in its current wording,

allows.  In the final section a somewhat radical step to help our

society into the information age is recommended.


IV: Where Do We Go From Here?

        The untamed electronic frontier is an intimidating domain for

the computer illiterate.  Many view this mysterious technology as

responsible for whittling away their personal rights and privacy.  Thus

they find it fearful and intimidating.  Ironically, the only way that

the electronic frontier can "dehumanize" an individual is if that

individual is ignorant of what it really is.  We've seen that we can't

continue to function at our current level of society without computer

technology, but unless the users of this technology are monitored, they

can use it to invade the privacy of individuals.  If the general

populace is educated, they will have the background to challenge these

intruders.

        But where do we start?  As we have seen before, the outdated

wording of the Constitution promotes this dread image of computers and

electronic media.  Perhaps a good place to start would be with the

Constitution.  The current wording of the Bill of Rights is archaic, and

it represents the mind-frame that many people still have.  Computer

technology and cyberspace must not be viewed as separate from or outside

of laws protecting free speech and privacy.

        The First and Fourth Amendments don't explicitly mention

electronic media. They should regard rights in the electronic world of

cyberspace as just as important as those in the physical world.  A new

amendment stating that the rights guaranteed by the First, Fourth, and

any other amendment for that matter, apply to cyberspace would prevent

many of the violations we have discussed from happening. (As the final

revision of this paper was about to be printed, word was received that

Laurence Tribe of Harvard Law School had proposed discussion of just

such an amendment. However, this author's proposal was developed

independently of Tribe's.)

       If a new amendment is a step too far, then legislation and

precedent setting legal decisions must be made.  There seems to be a ray

of hope in the Steve Jackson Games case, but it will take several such

cases to approach the benefit of a Constitutional amendment.

        The global village is just around the corner.  Whether it is a

technological utopia of peace and freedom or an aspect of Orwell's

"1984" depends on decisions made now.










































                                 Bibliography

      Article One: An Overview, (2600 Magazine, Spring 1990), pp.1-10.*


      Burnham, David, The Rise of the Computer State, (1980, Vintage
      Books).

      Barlow, John Perry, Crime and Puzzlement. **

      Computer Underground Digest, Volume 1.04, April 11th, 1990. *

      Computer Underground Digest, Volume 3.20, May 12, 1991.*

      Consumer Reports, "What Price Privacy," (May, 1991, pp. 356-360).

      Epstein, Aaron, "The Shadow of Your File," The Progressive, (v47,
      Jun., 1983), p. 17.

      Fisher, Lawrence M., "Lotus Database Cancelled," (New York Times,
      Jan 24, 1991), p. C3.

      Gordon, Diana R. and Churchill, Mae, " 'Triple I' Will Be Tracking
      Us," The Nation, (New York, v238, April 28, 1984), pp.  497, 513-
      515.

      Kleinfield, N.R., "The Man With All The Numbers," New York Times,
      Sunday, April 14th, 1991.

      Markoff, John, "Europe's Plan to Protect Privacy Worry Business,"
      New York Times, Thursday, April 11th, pp. D1, D5.

      Pool, Ithiel de Sola, Technologies of Freedom, "On free speech in
      an electronic age," (1983, Harvard University Press).

      Science Court Opinions - Case 6: Computer Privacy, Omni, (New
      York, Jan. 1988, v10), pp. 99-100.

      Wilson, Kevin, The Technologies of Control, (1988, University of
      Wisconsin Press).


        * These are electronic publications.  If copies cannot be found,
          feel free to contact the author.

       ** This document was originally disseminated electronically, then
          was published in Harper's Magazine.  The author used the
          original version.



TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH