Academic journal article Harvard Law Review

Immunizing the Internet, Or: How I Learned to Stop Worrying and Love the Worm

Academic journal article Harvard Law Review

Immunizing the Internet, Or: How I Learned to Stop Worrying and Love the Worm

Article excerpt

In a 1997 exercise, National Security Agency teams hacked into computer systems at four regional military commands and the National Military Command Center and showed that hackers (1) could cause large-scale power outages and 911 emergency telephone network overloads. (2) The following year, members of the hacker group L0pht Heavy Industries testified before the Senate Committee on Governmental Affairs that it would take them only thirty minutes to render the Internet unusable for the entire nation. (3)

Maintaining computer network security presents the unique problem of automated attack methods that can compromise millions of systems, all of which share the same vulnerabilities. Cybercrime is becoming easier to carry out, and as society becomes more dependent on the Internet, the risk of a catastrophic attack looms larger. This Note argues that computer networks, particularly the Internet, can be thought of as having immune systems that are strengthened by certain attacks. Exploitation of security holes prompts users and vendors to close those holes, vendors to emphasize security in system development, and users to adopt improved security practices. This constant strengthening of security reduces the likelihood of a catastrophic attack--one that would threaten national or even global security. In essence, certain cybercrime can create more benefits than costs, and cybercrime policy should take this concept into account. (4)

Current federal law, however, does not properly value such strategic goals because it does not treat cybercrime differently from other crime. (5) During the Clinton Administration, the President's Working Group on Unlawful Conduct on the Internet, which included the Attorney General and a number of other officials, stated that "substantive regulation of unlawful conduct ... should, as a rule, apply in the same way to conduct in the cyberworld as it does to conduct in the physical world." (6) As this Note shows, however, prosecution and punishment of computer hackers under current law will ultimately lead to a less secure information infrastructure. Not only does current policy create the wrong incentives regarding cybercrime, it does too little to encourage computer hackers and computer users to contribute actively to Internet security. A more nuanced approach to cybercrime punishment and policy may make the difference in stopping a catastrophic attack.

Part I describes how cybercrime differs from other crime, noting that it presents a uniquely grave threat to global security but is also amenable to innovative law enforcement approaches. Part II argues that certain cyberattacks can create security benefits that outweigh the damage they do. Part III proposes several cybercrime policy reforms, including changes in hacking penalties, increased cooperation with hackers, and encouragement of greater user involvement in security.

I. WHY CYBERCRIME IS DIFFERENT

Cybercrime differs from other crime in important respects, and combating it requires a specialized approach. It is unique in at least two ways: First, it operates within a highly generative system, (7) making it more likely to create beneficial effects that outweigh its costs. Second, the perpetrators often possess a particular psychology that makes them amenable to more innovative law enforcement methods.

Professor Jonathan Zittrain has drawn the sharpest picture of the importance of generativity, which he describes as a function of leveragability, adaptability, ease of mastery, and accessibility. (8) The Internet, he says, is "exceptionally generative" because its architecture solves difficult data distribution problems and is "amenable to a large number of applications," is "easy to master," has no "central gatekeeper," and uses publicly available protocols. (9) This generativity allows the Internet to act as a powerful catalyst for the economy, for the arts and sciences, and for free thought. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.