Return to Nicholas Johnson's Main Web Site www.nicholasjohnson.org
 
 

I. Introduction 2

II. Brief History of the Internet 5

III. Malware Programs 8

A. Cookies 10
B. Bugs, ?bots, Beacons and Spiders 11
C. Spyware 11
D. Viruses, Worms, and Trojan Horses 13

A. Increased Sophistication of Social Engineering in Blended Attacks 18
B. Multi-stage and Blended Attacks 20
C. Increased Invasions to Establish Remote Access Control Error! Bookmark not defined.

A. Federal Statutes 26
B. Federal Enforcement 28

VII. Future Regulation of the Internet 32

VIII. Final Thoughts 33

Endnotes

 Many contemporary discussions of privacy and national security involve clashes between individual rights and government interests. However, in matters of Internet security, the safety of individual privacy and property rights are inseparable from the protection of compelling governmental interests. This paper examines the legal and factual circumstances of this increasingly interlinked relationship. It concludes by proposing legal reforms and legislative action to sustain a secure, viable Internet and defend against those who would compromise the individual and national interests joined in it.

     In February 2004, Nielsen//NetRatings, the global standard for Internet audience measurement and analysis, reported that nearly 75 percent or 204.3 million Americans have Internet access at home.1 This figure had risen from 66 percent in 2003 and from 57 percent in 2002.2  When these home computer users ?surf?3 the Internet, they expose their computers to a variety of electronic threats designed to compromise their privacy, disrupt their Internet access, and appropriate their computing resources.  A report on Internet user behavior offered an indication of the frequency of these exposures. It stated average person views approximately forty web pages per online4 session, amounting to about 777 pages per month.5  Researchers who checked for the presence of four specific spyware programs on computers at the University of Washington found that 31,303 had one or more on their hard drives.6  They noted that home computers are even more likely to be infected.7 In the past year, malware8 infections such as the Blaster, SQL Sapphire/Slammer, MyDoom, and Deadhat worms demonstrated that computers connected to the Internet are vulnerable in spite of protective firewalls9 and anti-virus software.10

     Rapidly mounting evidence demonstrates that parties writing and releasing malicious codes and programs on the Internet are an escalating threat. They are capable spreading these infections in a variety of ways.  Internet service providers11 report that ?spam,?12 which constitutes 70 to 90 percent of all e-mail transmissions, is often the vehicle of choice.13 According to security experts, remotely controlled computers, many of them home computers, are responsible for sending out about 70 percent of spam, totaling approximately six to seven billion messages per day.14  According to the Federal Trade Commission (FTC), spammers can secretly convert home computers to remote control operation whether they connect to the Internet through dial-up modems or through ?always on? broadband services.15  Either way, intruders can also enter computers to steal or destroy information, disrupt Internet communications, or to amass sufficient computer resources to gain a tactical advantage in carrying out a plan.

     For some time, computer aficionados and groups of scientists have been able to combine the power of ordinary home computers in order to achieve obtain near- supercomputing levels of power.16 These projects are cost-effective ways of obtaining power without expending hundreds of millions of dollars for a dedicated supercomputer.17 Among them, the SETI@home18 project uses a virtual supercomputer of Internet-connected computers to obtain sufficient power to search for signs of extra-terrestrial life.19 Recently, a group of technophiles held an event called ?Flashmob I,? at which they networked 669 computers on loan from the University of San Francisco and local businesses to see how much computing power they could generate to perform a particular task.20 Although they were able to reach a computational speed of 180 gigaflops, they had hoped to borrow 1,400 computers.21  Had they been able to do this, they could have reached 550 gigaflops, which would have made their creation one of the top 500 supercomputers in the world.22

     Security researchers at the CERT Coordination Center, a federally funded cyber security-monitoring agency reported that in 2003, CERT identified at least 3,700 new software security vulnerabilities that led to a 40 percent increase in Internet attacks.23  A July 2002 study by the National Institute of Standards and Technology (NIST) found that the annual toll of Internet attacks on the United States economy ran $60 billion per year.24 In 2003, the Banking Industry Technology Secretariat, found that its members spent an average of $400 million annually to fix software flaws and that the banking industry spent nearly $1 billion each year patching and adapting computer systems to remedy software vulnerabilities.25

     Against this background of high costs, damage and threats, it is vital that Congress take comprehensive action to protect the individual rights and defend governmental interests that are in harm?s way. Beyond securing the blessings of the Internet for the future, Congress must defend against its exploitation a tool for crime and terrorism. This will require legal, policy, and technical experts to engage in joint efforts to surmount a wide range of complex challenges. This paper proposes that the common law of property guide the future allocation of Internet users? rights and liabilities. Further, it proposes the creation of a comprehensive ?Center for Internet Security and Prevention? modeled after the federal Centers for Disease Control and Prevention, to provide an objective and scientific means for addressing current and future challenges.

     As Joe Miller, the plaintiff?s attorney in the movie Philadelphia, Denzel Washington interrupted a defense witness saying, ?Explain it to me ? like I was a four year old.?26 One of the most remarkable aspects of the Internet is that within a mere quarter century it evolved from an experiment among a small group of scientists, to a medium which non-scientists, even some four year-olds, are capable of using regular basis. However, its rapid transformation from a ?geek? medium to a publicly available communications network is in part responsible for its vulnerability to malware infections that has produced the current crises.

     The Internet emerged from a series of events of computing27 and telecommunications developments that made it possible for the United States Department of Defense, in the early 1970?s, to attempt a networking experiment. Called the Advanced Research Projects Agency Network (ARPANet).28 Its goal was to allow researchers on several university campuses to exchange information.29  ARPANet?s success led to the creation of other governmental computer networks.30 In 1991, the National Science Foundation (NSF) decided to remove government restrictions on the use of its ?backbone,?31 which led to the rapid development and widespread commercial use of the Internet.32

     The parties who decided to open the backbone may not have anticipated the rate at which the world would embrace and integrate the new medium it into their lives and to the extent of fomenting substantial global dependence on its resources. At the time, hope and optimism for the future of the Internet ran high, capturing imaginations around the world. John Perry Barlow reflected this expansive perspective in his ?Declaration of the Independence of Cyberspace.?33  In 1996, he announced to the ?governments of the industrial world,? that Internet users would ?create a civilisation of the mind in cyberspace . . . more humane and faire than the world your governments have made before.?34 In spite of this jubilation, the fact remains that the National Security Agency, NSF officials,35  computer scientists and members of the press who reported technology news knew that viruses had been around for nearly a decade, and that federal prosecutors had convicted the Robert Tappan Morris, for releasing the famous ?Morris? worm in 1988.36 Although these events clearly foreshadowed the current crises, they do not appear to have delayed the Internet?s public debut.37 A review of the literature from the late 1980s and early 1990s suggests that no one heeded Mary Webb?s well-known advice to ?Saddle your dreams before you ride them.?38

     When the NSF opened the backbone, the Internet entered the world in much the same manner as an unstable hybrid with an underdeveloped immune system. Although it has thrived, expanding from a small ?i? internet to a global network of millions of interconnected computers, the Internet constantly suffers from and transmits infections, and requires a very high level of critical care. Nonetheless, people who know little or nothing about its technologies can subscribe to an Internet service provider (ISP)39 and use their computers to transmit and receive e-mail and view information on web servers40 located throughout the world.41 A set of networking protocols called Transmission Control Protocol/Internet Protocol (TCP/IP)42 makes this data exchange possible.43  Currently, universal data exchange mechanisms called Extensible Markup Language (XML) are reducing some of the remaining ?rough spots? in Internet transmissions.44 Called the ?lingua franca of cyberspace,?45 XML provides a more effective means of reading information embedded in previously unreadable formats.46

     Unlike ?snail mail,? which generally bears a reliable return address, electronic transmissions are often difficult to trace.47 Public WHOIS48 databases can correlate IP49 addresses with the ISPs assigned to them.50 ISPs log their subscribers? IP addresses, and while they can generally connect them with their subscriber identities,51 most have policies against disclosure of this information to third parties in the absence of subscriber consent or a court order.   The presence of an IP address does not mean that a particular transmission originated from the computer identified with its address. A remote sender may ?have ?covered his tracks,? by configuring his computer to transmit from a proxy server, which in some cases is a compromised home computer.52

     Personal computers are useless without programs.53  A program is like a recipe, that contains a list of variables (?ingredients?) and statements (?directions?) that tell the computer (rather than the cook) what to do.54 Variables include such things as text, numbers and pictures.  Dedicated55 malware programs contain organized lists of encoded directions for carrying out harmful objectives. In other cases, only the uses of electronic codes and programs distinguish malware from legitimate software. For example, ?bots? and ?spiders? play important roles in the functioning of Internet servers.56  This paper refers to various forms of  malware by their common names, e.g., ?cookies,? ?viruses,? ?worms,? ?Trojan horses,? ?keyloggers,? ?spyware?,? ?RATs,? ?bots,? ?bugs,? ?spiders? ?beacons,? and the like. However, these names are by no means definitive, and people often use them interchangeably.57

     This paper uses the three classifications established by the Center for Technology and Democracy, to structure its discussion of malware.58 Programs in the first category are commercially available hardware and software with legitimate and illegitimate uses.  Parties have designed the programs in the second area, with which this paper is principally concerned, for surreptitious installation on remote computers without any action or consent on their owners? parts.  The third area involves legitimate programs with faulty privacy protections,59 which are not sufficiently relevant to this paper to describe further.

    Malware in the first category includes software and devices that record the computer user?s keystrokes and computer activity.60  They are readily available commercial products with both legitimate and malicious uses.61 Federal prosecutors recently convicted a defendant of installing keylogging software in thirteen Internet terminals at a Kinko?s copy shop and stealing customer e-mail user names and passwords.62 One of the victims testified he was not aware that his home computer had been subject to remote control operation until the evening when he heard it log on to the Internet by itself.63 Internet security strategies such as encryption are ineffective against keyloggers, because they capture information at the point when the computer user enters it.64

    Programs in the second category are notorious for their questionable, improper and undoubtedly malicious uses.65  Many, if not most, have been custom-developed for specific harmful purposes, such as information theft, or the alteration, destruction, control, or disruption of infrastructure components. With the exception of cookies, their authors have designed them to elude detection and be difficult, if not impossible to uninstall.66

A. Cookies

     Cookies are small program files uploaded to the computers of people visiting web sites.67 Computer users may also unknowingly acquire them when they download legitimate software, electronic documents and files.  The computer user is usually unaware that this has occurred unless she has set her Internet browser68 security at a high level.69  Even if the computer user received notification of a cookie and opted in by clicking an ?I Agree? button, this does not automatically translate to a finding of valid consent.70

     Not all cookies are malware.  Temporary cookies facilitate the transmission of information from the World Wide Web, and terminate when the computer user logs off the Internet.  In contrast, ?tracking?71 cookies remain on computer hard drives indefinitely.  Internet marketers frequently use them to deliver banner and pop-up advertising, while other parties also install them to gather and relay information about the computer?s user.

B. Bugs, 'bots, Beacons and Spiders

     Bugs, 'bots, beacons and spiders are some of the terms that refer to automated programs that locate and extract information from stored documents and transmissions. Their use for certain purposes has been at issue in several cases.  In eBay, Inc. v. Bidder?s Edge,72 the court upheld a trespass to chattel claim against the defendant for its use of a robot to retrieve and index information from eBay?s web site for its own commercial use.  Similarly, in Register.com Inc. v. Verio, the court enjoined Verio from using a robot to perform multiple daily queries of Register.com?s database to obtain information for its own marketing purposes.73

C. Spyware

 Spyware programs, also called ?surveillance software,? are commercially available or custom-written programs. Security analysts described it as ?the phenomena of 2003,?74 and reported increases in the number of home and business computers infected with it for purposes including identity theft and corporate espionage.75  Sometimes human ?spies? install spyware on home computers over the Internet through backdoors76 in operating system programs.  At other times, they attach spyware to an e-mail message and use social engineering strategies to induce the recipient to open it.77  Computer users may also download spyware that has been secretly ?bundled? with otherwise harmless programs. In other cases, virus writers have surreptitiously infected legitimate downloads by invading their web servers.78

     Spyware programs frequently contain components that shut off virus protection programs and firewalls, and open communication channels.79  Once such a program has installed itself on a victim?s computer, the sending party has as much control of the computer as its owner.  Federal officers recently arrested a suspect who they believe used spyware program called ?The Beast? to capture the brokerage account information and causing $40,000 in losses.80 Officials have charged him with installing the program on the victim?s computer by sending him the spyware program attached to an e-mail message.81 The Beast program included software that disabled the recipient?s anti-virus software.82  After the spyware installed itself, it sent a message to the sender, notifying him that he had access to any information stored on and transmitted from the owner?s computer.83 It contained options that allowed the sender to see whatever was on the victim?s screen at any time, and to open any files on his hard drive.84 The sender also could have seen the view from any web camera the owner had running.85

     Spyware, like other forms of malware, may consume computer resources and slow down processing and halt or delay the execution or completion of other tasks. However, computer users commonly interpret this as a problem related to system instability, inadequate memory or drive space, or an ISP failure.86

D. Viruses, Worms, and Trojan Horses

     Electronic viruses87 are pieces of code.  Their biological counterparts are also pieces of code that pass from victim to victim causing the symptoms written into their instructions. In order to reproduce, biological viruses inject their DNA into living cells and use their mechanisms to multiply. Electronic viruses rely on the mechanisms within software programs in order to replicate.  They rely on infected disks, files, and downloads for transportation. For example, a virus writer may deploy a virus by inserting it into a peer-to-peer file.88 When another person downloads the file, triggering the virus, it sends out complementary copies of itself to all the addresses in the user?s e-mail address book. When those messages arrive, bearing the name of the inadvertent sender, within only a few clicks the virus multiplies exponentially. In addition to replicating themselves in this manner, viruses also carry out other instructions. For example, a simple instruction might desynchronize the time setting of a Windows XP operating system, causing other system components to interpret valid logon requests as intrusion attempts and deny access.

     Viruses, like other malware, may be used alone or as part of a multi-phased or blended attack.89  Some carry out their dirty work immediately, while others are set to activate later or upon receipt of a remote command from the sender.90 They may crash computers, cut off Internet access generally or to specific web services, damage or delete internal files or programs, turn off security software, copy and relay information, or facilitate the installation of remote control software.91

    Worms are self-executing programs that travel over computer networks, entering servers and computers through security vulnerabilities in their software. For example, the Slammer worm exploited a hole in Microsoft?s SQL92 server.93 In this manner, a worm can infect hundreds of thousands of computers within a matter of hours. Like viruses, worms can deliver codes that facilitate information theft, interfere with use of the computer or access to the Internet, establish remote control access to the computer,94 and install Trojan horses carrying spyware.95

    A Trojan horse is a computer program that pretends to be a legitimate program in order to install its payload of malware. For example, it may appear to be a system logon to obtain user identification names and passwords for later use in breaking into and using the system. In the alternative, Trojan horses enter a computer system surreptitiously and install software or data files, corrupt or reconfigure files or programs, or simply to erase the hard drive. In several federal computer crime trials, defendants have agued that ?the horse did it ? not me!?96 In some cases, plaintiffs have demonstrated that Trojan horses were actually responsible for planting the electronic evidence that authorities had obtained from ISP logs and their hard drives and used to indict them.97 In the case of Julian Green, a defendant accused of possessing child pornography, the discovery of Trojan horses on his hard drive led to acquittal.98 However, future Trojan horse defenses may be confounded in relation to emerging reports that extortionists are threatening to frame a victim with child pornography unless the victim agrees pays a fee.99

    Reports about the recent MyDoom worm infestation, its progeny and opportunistic successors, provide some insight into the current electronic environment. The original MyDoom worm appeared in mid-January 2004, and spread rapidly via e-mail and the Kazaa file-trading network. It launched a ?denial of service? (?DOS?) attack aimed at the Santa Cruz Operation Group.100 Strategies for executing a DOS attack include flooding a network or web server with so many transmissions that it cannot function.101 A virus writer can accomplish this by consuming computer or Internet resources, or by destroying or altering system or network components.102

     While MyDoom-A was still active, its variant, MyDoom-B began spreading over e-mail and Kazaa.103 It launched a DOS attack against the Microsoft Corporation access to Microsoft?s anti-virus update web page by modifying host files.104  Subsequently new worms and viruses began to appear. A MyDoom variant named Doomjuice105 entered through the backdoors opened by MyDoom variants, planted source codes and covered its tracks. Additional opportunistic infections followed, including Trojan horses carrying keyloggers.106 One of them, Deadhat, spread through the SoulSeek107 file trading network.108 When it found computers with SoulSeek utilities, it copied itself to them; opened new information portals, then waited for further instructions to arrive with a cryptographic key.109 Upon the arrival of the key, after successful authentication, Deadhat received new instructions for using Internet chat relays for continuing the attack.110  They directed Deadhat to connect to a specific IRC host server, from which it received even more instructions to be executed upon a future remote command.111  Security analysts explained that these infected computers, now contain ?MyDoom zombies,? lying in wait, like ?sleeper agents,?112 for use in carrying out future malicious objectives.113   They further noted that Deadhat?s ?sinister cryptographic features? demonstrate that virus writers are coming closer to developing distributed intelligent malware agents with sufficient cryptographic control to facilitate extremely rapid colonization of computers.?114

    At the time of this writing, additional MyDoom variants are spreading over e-mail, opening backdoors and providing safe passage for their successors.115 Security analysts have reported that more than ten new MyDoom variants and the Netsky and Bagle worms are in circulation,116 and joined by five Bagle variants and a new version of Netsky.117  All of these creations target computers running Windows operating systems, send themselves to addresses in e-mail address books, and open new TCP ports,118 for use in receiving future commands from remote sources.119 One of them, a variant of the Sober virus, was spreading by e-mail with a subject line identifying it as a virus patch from Microsoft.120

 Statistically, 2003 was the worst year on record for computer security in the United States.121 Computer security experts confirmed increases the incidence of computer-facilitated identity theft.122 They testified that the sources of such attacks had shifted from recreational hackers123 to terrorists and criminals.124  They demonstrated this by evidence in three areas.125  The first involves evidence from a series of profitable phishing126 scams that utilized sophisticated social and technical engineering strategies facilitated by worm and virus attacks.127

 The second area of evidence involves recorded increases in the use of viruses and worms to gain remote access control of personal computers in order to obtain improper access to sensitive, personally identifiable information turn them into spam servers, or simply to maintain control for a future malicious purpose.128  The third area is evidence that virus writers are receiving payment for converting vulnerable computers for remote control use.129  The following discussion will use this framework in the following discussion recent, current and future predictions about intrusive and malicious conduct involving the Internet.

A. Increased Sophistication of Social Engineering in Blended Attacks

 In spite of warnings against opening unexpected attachments, in order to launch viruses, senders often use social engineering techniques to persuade users to open e-mail messages, and download attachments and unzip their messages. ?Social engineering? refers to non-technical methods of facilitating intrusion through which malware senders influence people to let down their guard and act unwisely.130 In order to defeat any hesitation on a person?s part, social engineers often exploit the natural helpfulness of people as well as on their weaknesses.131 They rely on the fact that many people are trusting, and may be lax in protecting their sensitive, personally identifiable information.132 At other times, they may persuade those who receive their spam messages to open them by appealing to their curiosity or in response to apparently relevant information in the message?s caption or address lines.133 Finally, social engineers rely on the public?s general inability to keep up with an information-intensive culture and rapidly evolving, complex technologies.134

 Senders may route their messages through the e-mail service of a familiar person or party, or create spoofed names that appear familiar. They may construct message captions in a manner that does not arouse recipients? suspicions or creates curiosity as an incentive to open messages. In order to get their payloads past antivirus programs installed on computers, several of the Bagle variants downloaded used password protected ZIP135 files that were undetectable by even the most sophisticated anti-virals.136 The password for unzipping the ZIP file attached to the e-mail was contained in the e-mail.137 Commercially available automated virus creation kits138 and virus creation networks139 help senders to use social engineering and guerilla strategies140 to maximize their distribution and social engineering techniques in order to inveigle victims into opening malicious files.141

  A sampling of recent Internet attacks that incorporated social engineering techniques demonstrates their effectiveness. Identity and financial information theft was the objective of some of these attacks, while others combined identity theft with additional computer intrusion objectives. In December of 2003, e-mail phishing scams increased by 400 percent.142 One of them involved sending an e-mail message to Visa credit card holders that advised them that the company had installed a new security system and gave them a link143 to a ?secure? web site in order to reactivate their accounts.144 At the web site, which appeared identical to the real Visa web site, instructions directed customers to enter their account information.145

     In February and March of 2004, three phishing scams involved messages and web sites that purported to come from government agencies. One message claimed to warn consumers about an e-mail phishing scam, and directed them to a faked web site with instructions directing customers to enter personal information in order to continue banking.146 In another scam, an e-mail labeled, ?Urgent Information for Credit Card Holders? from ?regulations.gov,? instructions directed Internet users to identify themselves to the federal government by going to a ?spoofed?147 government web site and entering personal information.148 In the final example, a fake web site, ?www.unsub.us,? designed to look like a FTC web site, purported to be the location where people could sign up for a ?do not spam registry? by entering personal identification information.149

B. Multi-stage and Blended Attacks

 Security reports indicate that in 2004, more malware attacks will take the form of ?blended? attacks, combining one or more technologies.150 In a phased attack, a virus or worm may open backdoors in computer systems, followed by Trojans that install additional programs to carry out the sender?s objective.151 Some of these malware technologies replicate and spread themselves further by exploiting the computer?s e-mail capabilities.152 Malware combinations have been particularly effective in converting computers to remote control, making their owners unknowing and unwilling accomplices to large spam campaigns.153 Security analysts predict that in the year ahead, virus writers will increase attack potency by adding highly aggressive web beacons and relay host exploitation to the mix.154

     In 2003, virus writers combined ever-more sophisticated technologies and strategies in ?blended? attacks that caused unprecedented mayhem and damage.155 In January of 2004, the FTC released year-end statistics for 2003 in which it documented that people living in the United States lost approximately $437 million in 2003.156 The FTC received more than half a million reports of stolen credit card data and other identity theft incidents, which represented a 33 percent increase in identity theft crimes over the previous year.157 Financial and technology industry groups have formed their own consortiums to assist victims158 and combat identity theft.159

 Unauthorized parties are increasing their uses of viruses and worms to gain remote access control of personal computers to obtain improper access to users? personal information, to convert them into spam servers, to amass computing power, and to obtain control of them for future malicious purposes.160 According to anti-virus firm, Sophos, personal computers infected by remote access161 Trojans (RATs) relay one-third of all spam circulating on the Internet.162 Once a RAT enters a computer, its sender gains complete control of it and its Internet connection.163 Most computer users would be unaware if a RAT were using their computer to send spam.164

     In October of 2003, VeriSign, the company responsible for the .com and .net top-level domains, released a study that documented a growing correlation between online fraud and security attacks.165  According to the study, malicious activity increased by nearly 99% between May and August of 2003.166 In February of 4004, VeriSign released another study documenting continuing; during December of 2003, VeriSign?s monitoring systems recorded a 176 percent increase in the use of malicious bots167 against firewalls and intrusion detection systems.168

     Similarly, security experts at the InfoSecurity 2003 Conference warned that they expect more serious and disruptive cyber attacks than they recorded in 2003 will occur in 2004.169 They stated that rootkits170 and virus-writing consortiums171 are making strides toward making attacks more malicious and harder to detect.172  A recent Symantec report stated that creating a virus with a damaging payload is well within the capability of the most inexperienced hacker. 173 In explaining that terrorism via the Internet is a substantial threat, a former member of the National Security Agency and Secret Service, stated that one of biggest concerns were criminals who got their technology at Radio Shack.174

 In 2004, computer users and systems are probably in greater jeopardy of attacks as more critical since patching175 computer system vulnerabilities has become increasingly more difficult, since the amount of time between detection and attacks has been shrinking.176  Experts at the InfoSecurity Conference stated that they expected that hackers will continue to take advantage of flaws in popular communications protocols such as Remote Procedure Call (RPC),177 and that ?zero day attacks? for which no fixes are available have become major, realistic threats.178  A study released by the Symantec security company found that the time between the vulnerability discoveries and malware exploitations has narrowed.179 This suggests that a zero-day exploit180 may be very near.181  If a virus writer identifies and exploits a system vulnerability on the same day, there will few or no ways to avert the resulting harm.

 C.  Evidence that Attacks are Profitable

 The third area of evidence, described as ?ample? demonstrates that virus writing and Internet crime have become profitable enterprises.182 In New York, federal prosecutors indicted several members of the Gambino crime family for their involvement in a pornography fraud in which they used malware to disable browser ?back? arrows.?183 According to the charges, the scheme reaped $400 million over five years.184   The Department of Justice (DOJ), Federal Bureau of Investigation (FBI) and security experts at home and abroad185 have determined that organized crime paid for a number of the computer viruses and worms released during the last half of 2003.186  In September of 2003, the DOJ arrested two people suspected of releasing a variant of the MSBlast worm that installed Trojan horse software that subsequently released the Spybot.worm.lz, Randex.E and RPCSdbot worms.187  These worms were responsible for converting vulnerable computers to remote access control by criminals who used them as ?spam robots? in a phishing188 scam   In November the FBI had announced an additional 125 arrests in that case.189

 Since the beginning of 2004, the FBI?s Internet Crime Center has received a rising number of reports190  of malware-facilitated crimes precipitated by international organized crime and terrorist groups.191 In February of 2004, the FBI announced that it had obtained evidence of a ?phishing? scam in which e-mail messages requested consumer assistance with credit card fraud investigation, and directed readers to a spoofed web site to enter their credit card information.192
 Investigators find it difficult to identify virus writers unless they brag in public or leave a calling card, such as an alias, in their codes.193  By establishing remote access to a home computer, they can launder their identifying information.194  The FBI, DOJ, and the National Cyber Security Division (NCSD) of the Department of Homeland Security Information Analysis and Infrastructure Protection Directorate are training specialists called ?legal hackers? and obtaining assistance from previously convicted virus writers to identify virus writers.195 Recently the NCSD reported that has identified new Trojan horse programs with increased capabilities for reaching electronically stored information.196 This is consistent with a report from Symantec analysts who found that malware attacks in the last half of 2003 had increased 148% over the first half of the year.197 In a subsequent report, they warned that attacks will continue to multiply in 2004 as virus writers develop ?superworms?198 that will carry more damaging payloads of malware.199  Another report anticipated that total damages caused by malware running on home computers will run as high $245 million in 2004.200

    In yet another spin on computer infections, a German magazine recently reported that has hard evidence that virus writers are selling the IP addresses of machines infected with remote access software to spammers. The article stated that the magazine had confirmed the story by purchasing access to infected computers and had passed its evidence on to New Scotland Yard.201

A. Current Federal Statutes and the Need for Reforms

     Gaps in statutory protections for individuals provide no deterrence against unauthorized intrusions of personal computers and few remedies for their owners. Federal statutes protect government computers and those of large financial institutions from intrusions. For example, one of these laws, in February 2004, federal agents arrested a Minneapolis resident suspected of transmitting malicious code to a United States Post Office web server, obtaining fifteen credit card account numbers and damaging records.202 In contrast, all the government currently may offer a private party victimized by such an intrusion is the opportunity to file a report with the FTC203 unless she can track down the culpable party, locate a cause of action, prove intent and meet the statutory damages threshold.

     The following cases illustrate statutory shortcomings and the gaps that Congress needs to address. Plaintiffs in In re Toys R Us Privacy Litigation204 claimed the defendant?s use of web bugs to gather information about their activity on the World Wide Web violated the Stored Electronic Communications Act.205 The court found that claim did not meet the statute?s requirement that the challenged action have intercepted the information ?in transmission? because by the time plaintiffs learned about it, the information was in ?storage.?206 In In re Doubleclick Privacy Litigation,207 plaintiffs asserted that Doubleclick violated various federal statutes when it covertly placed tracking cookies on their hard drives to deliver advertising. Doubleclick and its affiliates were able to read and update the cookies any time a plaintiff visited web sites. The court found that Doubleclick?s conduct constituted an offense under the Electronic Communications Act.208 However, it rejected the plaintiffs? claim because it found that by virtue of the signals transmitted between plaintiffs? computers and servers on the World Wide Web,209 they had ?consented? to acquiring the cookies. They further rejected claims under Computer Fraud and Abuse Act210 because damages to each of the plaintiffs? computers did not meet the statutory threshold minimum. Similarly, in In re Pharmatrak, Inc. Privacy Litigation,211 plaintiffs? asserted claims for relief under the Electronic Privacy Communications Act (EPCA).212 They complained that Pharmatrak had used cookies to gather personally identifiable information about their online activity. The court found that plaintiffs? claimed damages did not meeting the statutory threshold minimum, and that they had not demonstrated that Pharmatrak gathered the information for a tortuous or criminal purpose.

    Another series of cases involved persistent cookies that marketing companies surreptitiously downloaded to the hard drives of computer users who accepted ?free? software offers. Businesses filed these actions claiming violations of their business interests such as unfair trade practices and copyright and trademark infringement. An example is U-Haul International Inc. v. WhenU.com, Inc.,213 in which the plaintiff filed an action to halt WhenU?s use of cookies to deliver competitors? advertisements to people visiting U-Haul?s web site. The court reasoned that the cookies did not infringe on the plaintiff?s rights because the computer users had electronically agreed to receive them. Similarly, in Wells Fargo & Company. v. WhenU.com, Inc.,214 the court rejected the plaintiff?s claim on the basis that computer users had consented to receiving cookies as the quid pro quo free software.

     The Federal Trade Commission Act makes it unlawful for a party to engage in ?unfair or deceptive acts or practices in or affecting commerce.? Claims incidental to the Internet under the Act have usually involved fraudulent e-mail content, not ?technical fraud,? e.g., when the sender intentionally transmits malware in e-mails and attachments. Whether the new CAN-SPAM Act will apply to a claim involving technical fraud has not been resolved.

B. Federal Enforcement

 The relative anonymity of Internet transmissions facilitates malicious conduct. If federal authorities convict a party for Internet misconduct resulting in death or serious bodily injury, the rules established under the 2002 Homeland Security Act provide significant penalties.215 However, it is uncertain at this early point to determine whether or what kind of deterrent effect this will have on those sending spam.216 According to the DOJ, of people convicted of computer crimes since 2000, eleven received probation; nineteen received between one and three years in prison; and four received sentences of four or more years.217 In early January of 2004, a federal court handed out 46-month sentences to two men involved in a spam scheme.218

     Various federal agencies have developed specialized resources to investigate criminal acts covered by the current statutes and gather intelligence data. The FBI recently reported that since combating computer crime had moved up to third place on its list of priorities, local, state and federal agencies will be involved in setting up five new regional computer forensics laboratories by the end of 2004.219  In December of 2003, the United States Department of Homeland Security (DHS) announced plans to launch a unified database of critical infrastructures to pinpoint and monitor vulnerabilities.220

 The common law of most states is useful in analyzing and assigning the rights and liabilities of parties in matters arising from connection to the Internet. For example, property law recognizes that although no one person owns the Internet, it owes its existence to the units of property that make it up and the conduct of the people who use it. One owning property can exclude others from harming, or appropriating that property. When the offending conduct constitutes trespass, the owner may seek legal and equitable relief.

 When a computer owner clicks on his Internet browser icon, his computer begins an exchange with other online servers. Since use of the Internet requires computers to send and receive code, a reciprocal easement may be deemed to exist among connected parties. The conduct of such parties is limited to no more than the necessary amount of intrusions necessary. They must not alter or damage the property subject to the easement, or in any other way interfere with the other parties? use of it. In some cases, certain conduct should be enjoined and in some cases, liability in damages should attach. Negligence on the part of a party claiming damage may be a consideration in evaluating such a claim. For example, the court might find that a party failed to take reasonable steps to avert harm to his property.

 In the context of traditional notions of intrusion, interference, damage or appropriation, the law provides consumers with a claim of action and remedies. For example, if an intruder were to enter a home without authorization and in the absence of legal exceptions, he could be charged with trespass. No further proof of harm is required. Further, if the intruder were not only to enter the home, but go online and purchase items on the plaintiff?s eBay account, print and take copies of his financial, social security, or credit card information, secretly load documents or spyware, or install remote access software on to his computer, the law would provide the plaintiff with a right of action.

 In Cyber Promotions v. America Online 221 a dispute arose when Cyber Promotions sent approximately 1.9 million e-mail advertisements per day to America Online servers. When AOL filed suit, Cyber Promotions asserted a free speech defense since AOL was the Internet gateway for most of its subscribers, and thus should be prohibited from censoring their mail. America Online argued that it was not a state actor, nor did its business decision constitute state action. The court agreed, finding there is no right under the First Amendment to send unsolicited e-mail.

 Similarly, in Intel Corp. v. Hamidi, the defendant sent non-commercial e-mails to 30,000 Intel employees six times in three years.222 When Intel tried to block his transmissions, Hamidi used electronic code to program around Intel?s controls.  Consequently, when Intel sued him on a trespass to chattels theory the court enjoined Hamidi from sending any further bulk messages. The court calculated that by sending the 30,000 messages, had Intel?s employees spent only two minutes reading them, this would have consumed more than 1,000 work hours.

     In a recent reversal of its earlier position, the National Cyber Security Partnership (NCSP), a consortium of largest software companies in the United States, announced that government regulation might be necessary to defend against Internet attacks and insure the safety of the nation?s water, power and telecommunications grids.223 It also recommended the creation of an early warning network for Internet threats that would advise computer owners about ways to guard their systems. However, it urged against imposing liability on software manufacturers for harms resulting from security gaps in their products, cautioning that this might have a negative impact on small software companies.224

     In view of the recent presidential initiative to make high-speed Internet access available in every home,225 government should no longer rely on NSCP, or any other private industry group to protect individual rights and national security.226 Nor, as stated above, will statutory reforms alone adequately protect these interests. The time is ripe for Congress to implement a comprehensive federal approach to Internet security on the order of the federal Centers for Disease Control and Prevention (CDC).227  However, whether Congress would be willing to take such a step in the absence of a national catastrophe is uncertain. William Voegeli explained the related political factors succinctly in a recent article:228

The weight of political incentives tilts the scale against resolute, far-sighted government action to prevent a problem from becoming a crisis. Politicians find that heading off a crisis permits people in this optimistic country to think that the crisis wasn't going to happen anyway, and that the relatively modest sacrifices needed to prevent it were inflicted unnecessarily. The elected official's temptation is to swim with the current, and let the problem grow, untended, into a crisis.

 Instead of waiting for a disaster do their talking for them, members of Congress should compare the current epidemic of electronic infections with the malaria, typhoid and polio epidemics that precipitated creation of the Centers for Disease Control and Prevention (CDC) in 1946. As the lead federal agency for protecting public health and safety, 229 the CDC serves as the national focus for developing, implementing and managing mechanisms for disease prevention and control, health and safety.230

 The most urgent questions facing Congress concerning Internet security are how to provide for its security and viability in serving public interests, the privacy of those who use it, and the safety of those whose lives it affects. This overview of literature, statutes and case law has demonstrated the convergence of individual rights and government interests in matters of Internet security. It has also demonstrated the expansive nature, number of factors and complexity involved in these matters. Among the benefits of the proposed ?center? approach would be its status as a mission-based industry-independent agency structured to expedite and promote scientific solutions. While the FBI and DHS maintain facilities to apprehending criminals and terrorists, they are not tasked or positioned to address proactively overall Internet "health." In view of this, Congress would do well to give the concept of a Center for Computer Disease Control a hard look.

     John Pescatore's remarks in a recent Internet interview concerning trends, cyber-terrorism, government's role in Internet security that reflect concerns of both home computer users and government, will have the last word:

Everyone has antiviral and firewalls, but how often do you update antivirus signatures? How often do you test if your firewall is what it should be? No. 1 thing, the way any cyberattack works, the bad guys check for vulnerabilities and then they attack . . . doesn?t matter if it?s a terrorist, pimply faced 14-year-old or a cybercriminal trying to steal credit card numbers or medical records, they're all going to come in the same way.231

* Mary M. Richard is a third year law student at The University of Iowa College of Law. She wishes to thank Professor Nicholas Johnson and Corey Schatz for their encouragement and helpful comments.

1 Global Internet Index Average Usage, Nielsen Netratings.com, available at http://www.nielsen-netratings.com/hot<uscore>off<uscore>the<uscore>net.jsp (last visited Jan. 26, 2004).

2 See Id.

3 The term ?surfing the Internet? is jargon for moving from web site to web site on the Internet searching for topics of interest. A computer user may ?browse? or ?surf? the Internet by using a software program called an Internet browser that translates the HTML computer language into which data is placed for creating web pages on the World Wide Web.  Some browsers also provide e-mail, Internet radio, news content, and video files. America Online and Microsoft Explorer are well-known examples.  Unless the computer user knows the uniform resource locator (URL) address of the web site, she may type in a word or words describing the information into the search field of a search engine or browser, and the search engine respond by providing a list of related web sites and pages.   See http://www.pcwebopedia.com/TERM/s/surf.html.

4  Computer users are ?online? when they are connected to the Internet and able to browse the World Wide Web, receive and send e-mail, etc.  See http://www.pcwebopedia.com/TERM/o/online.html.

5 See supra note 1.

6 Will Knight. Lurking Spyware May be a Security Weak Spot, New Scientist, available at http://www.newscientist.com/news/news.jsp?id=ns99994745 (Mar. 8, 2004).
7 See Id.

8 The term ?malware? is a jargon term for ?malicious software,? that has been designed specifically to damage or disrupt a system, to steal or damage information, or to ?spy? on another person in some way.
 

9 A firewall is a system designed to prevent unauthorized access to a computer from a private network. Firewalls can be implemented in both hardware and software forms, or as a combination of both. Firewalls are used to prevent unauthorized Internet users from accessing private networks and individual computers connected to the Internet. All messages entering or leaving must go through the firewall, which examines each message and blocks those that do not meet the specified security criteria. See http://www.pcwebopedia.com/TERM/f/firewall.html.

10  Anti-virus programs search computer storage disks for viruses, and remove any they find. Most anti-virus programs include an auto-update feature that enables them to download new virus profiles and check for them. See http://www.pcwebopedia.com/TERM/a/antivirus_program.html.

11 An Internet Service Provider (ISP) is a company that provides Internet access services. See http://www.pcwebopedia.com/TERM/I/ISP.html.

12  Spam is the jargon term for electronic junk mail or junk newsgroup postings. It is also more generally defined as any unsolicited e-mail. A large proportion of spam contains unsolicited advertising. See http://www.pcwebopedia.com/TERM/s/spam.html

13 At the beginning of 2004, Postini Inc., reported that spam accounted for 84.9 percent of one billion weekly e-mails. Brightmail reported the spam volume was 60 percent. See Jonathon Krim. Spam is Still Flowing Into Mailboxes. Washington Post.com, available at
 http://www.washingtonpocost.com/wp-dyn/articles/A57315-2004Jan5.htm...
 (Jan. 5, 2004).

14 See Id.

15  There are two ways in which spammers appropriate computer uses for spreading spam. In the first way, the spammer?s computers search for computers that are online, which have points of entry in their systems, then install hidden programs that allow them remote control access to the computer.  This permits them to use the computers and ISP services of others to send out spam. Remote access software also can be installed by of viruses attached e-mail messages. When a computer user opens an infected e-mail or attachment, the virus is released and installs the hidden software. The person who sent the virus can then access the data and programs on the computer and use it to send spam. It can be very difficult to tell if a spammer has installed hidden software on a computer, but there are some warning signs. For example, the computer user may receive emails accusing her of sending spam; she may find email messages in her "outbox" that she didn't send; or her computer may be operating more slowly than in the past. See http://www.ftc.gov/bcp/conline/pubs/alerts/whospamalrt.htmWho's Spamming Who? Could it be You?

16 Supercomputer-on-the-fly Works, Internet News.com, available at http://www.internetnews.com/ent-news/article.php/3335691 (April 5, 2004).

17 See Id.

18 SETI@home is a scientific experiment that uses Internet-connected computers in the Search for Extraterrestrial Intelligence (SETI). See http://setiathome.ssl.berkeley.edu/. (last visited Mar. 14, 2004).
19 See supra note 16.

20 See id.

21 See id.

22 See id.

23 Brian Krebs, A Cybersecurity Role for Uncle Sam? Washington Post.com, available at http://www.washingtonpost.com/ac2/wp-dyn/admin/emailfriend?contentId=A42846-2004Apr1&sent=no&referrer=emailarticle.

24 See Id.

25 See Id.

26 Denzel Washington playing Joe Miller, Philadelphia, Amazon.com, available at http://www.amazon.com/exec/obidos/tg/detail/-/0800141806/qid=1080661926/sr=1-3/ref=sr_1_3/102-3861730-8438507?v=glance&s=dvd#product-details (last visited Mar. 4, 2004).

27 The Atanasoff-Berry Computer was the world's first electronic digital computer. It was built by John Vincent Atanasoff and Clifford Berry at Iowa State University during 1937-1942. It incorporated several major innovations in computing including the use of binary arithmetic, regenerative memory, parallel processing, and separation of memory and computing functions. See http://www.cs.iastate.edu/jva/jva-archive.shtml.

28 Barry M. Leiner, A Brief History of the Internet, ISOC, available at http://www.isoc.org/Internet/history.brief.shtml (last visited, Jan. 27, 2004).

29 See Id.

30 See Id.

31 A backbone is a series of connections forming a major pathway within its network. See http://www.pcwebopedia.com/TERM/b/backbone.html.

32 See supra note 27.

33 John Perry Barlow. A Declaration of Independence of the Internet, available at http://www.vrx.net/charter.html (last visited Jan. 13, 2004).

34 See Id.

35 Robert Tappan Morris, Jr., who is now a professor at MIT, attained notoriety by writing and releasing Morris Worm in 1988. This was the first computer worm to spread widely on the Internet. Morris was the son of Robert Morris Sr., who was the chief security expert of National Security Agency (NSA) at that time. Morris claimed that the worm that brought the Internet to its knees was a benign experiment that got out of control as the result of a coding error. A federal grand jury indicted then Cornell University student Morris on July 26, 1989 for releasing the worm. He was the first person prosecuted under the 1986 Computer Fraud and Abuse Act, was convicted on January 22, 1990, and sentenced to probation and a $10,000 fine. See http://en.wikipedia.org/wiki/Robert_Tappan_Morris,_Jr.

36 See Id.

37 Sharon Fisher, Byte.com, available at http://www.byte.com/art/9607/ sec4/art1.htm (last visited Feb. 22, 2004).

38 Mary Webb, English writer (1881-1927). See http://www.brainyquote.com/quotes/authors/m/mary_webb.html.

39  ISP is the acronym for Internet Service Provider, a company that provides access to the Internet. For a monthly fee, an ISP such as America Online or Earthlink typically provides a software package, username, password and access phone number and the service (dial up, broadband, cable, satellite, cellular, etc.) for the customer?s use in logging on to the Internet and browsing the World Wide Web, and sending and receiving e-mail. In addition to serving individuals, ISPs also serve large companies, providing a direct connection from the company's networks to the Internet. ISPs connected to each other through Network Access Points. See http://www.webopedia.com/TERM/I/ISP.html.

40 A web server is a computer or device on a network that manages network resources. For example, a file server is a computer and storage device dedicated to storing files. Any user on the network can store files on the server. A network server is a computer that manages network traffic. A database server is a computer system that processes database queries. Servers are often dedicated, meaning that they perform no other tasks besides their server tasks. See http://isp.webopedia.com/TERM/s/server.html.

41 Lawrence Lessig and Mark Lemley, The End of End-to-End, 48 UCLA L. REV. 925, 928 (2001).

42 TCP is the acronym for Transmission Control Protocol, which is one of the main protocols in TCP/IP networks. Where the IP protocol deals only with packets, TCP enables two hosts to establish a connection and exchange streams of data. TCP guarantees delivery of data and also guarantees that packets will be delivered in the same order in which they were sent. See http://www.webopedia.com/TERM/T/TCP.html.

43 See supra note 40.

44 XML Short for Extensible Markup Language, a specification developed by the W3C. XML is a pared-down version of SGML, designed especially for Web documents. It allows designers to create their own customized tags, enabling the definition, transmission, validation, and interpretation of data between applications and organizations. See http://www.pcwebopedia.com/TERM/X/XML.html.

45 Federal Trade Commission Public Workshop: The Information Marketplace, FTC.gov, available at http://www.ftc.gov/bcp/workshops/infomktplace/
transcript.htm (last visited Jan. 28, 2004).

46 See Id.

47  ?Snail mail? refers to normal postal mail, where an actual physical letter or package is delivered. The term didn?t exist until electronic mail (e-mail) became so prevalent that there was a requirement to differentiate the two. The term was invented by e-mail aficionados as a small barb directed at the relative slowness of physical transportation. See http://www.pcwebopedia.com/TERM/s/snailmail.html.

48 WHOIS is an Internet utility that returns information about a domain name or IP address. For example, if you enter a domain name such as microsoft.com, WHOIS will return the name and address of the domain?s owner. See http://www.webopedia.com/TERM/w/whois.html.

49 IP stands for Internet Protocol. IP specifies the format of packets and the addressing scheme. Most networks combine IP with a higher-level protocol called Transmission Control Protocol (TCP), which establishes a virtual connection between a destination and a source. IP by itself is something like the postal system. It allows the sender to address a package and drop it in the system, but there is no direct link between you and the recipient. TCP/IP, on the other hand, establishes a connection between two hosts so that they can send messages back and forth for a period of time. See http://www.pcwebopedia.com/TERM/I/IP.html.

50 See Id.

51  Some computer owners who connect to the Internet through broadband services and have IP addresses related to their computers rather than their transmissions are easier to track.

52 A proxy server is a server that sits between a client application, such as a browser, and a real network server. It intercepts all requests to the real server to see if it can fulfill the requests itself. If not, it forwards the request to the real server. See http://www.webopedia.com/TERM/p/proxy_server.html.

53 A ?program? is an organized list of encoded instructions that, when executed, causes the computer to behave in a predetermined manner. Without programs, computers are useless. See http://www.pcwebopedia.com/TERM/p/program.html .

54 See Id.

55 ?Dedicated? is a term used to explain that an item or  system component is reserved for a specific use. See http://www.pcwebopedia.com/TERM/d/dedicated.html.

56 Robots and spiders are programs that automatically fetch Web pages. They are often used to feed pages to search engines. Because most Web pages contain links to other pages, these programs can start almost anywhere. As soon as it sees a link to another page, it goes off and fetches it. Large search engines have many such programs working in parallel. See http://networking.webopedia.com/TERM/s/spider.html.

57 Russ Cooper. Is It a Worm, Virus, or Trojan? The Register.com, available at  http://www.theregister.co.uk/content/56/32672.html  (last visited Feb. 5, 2004).
58 Ghosts in Our Machines, Center for Technology and Democracy, available at http://www.cdt.org/privacy/ (last visited Mar. 15, 2004).

59 See Id.
60 See Id.
61 See Id.
62 Lisa Napoli, A Hacker Masters Keystroke Theft, International Herald Tribune, available at http://http://www.iht.com/articles/105567.html (Jan. 27, 2004).

63 See Id.

64 See Id.

65 Many, if not most malware applications in the second category, have been custom-developed for specific harmful purposes, including unauthorized invasion and theft of sensitive, personally identifiable information, damage or destruction of data and programming, appropriation of the computing and Internet resources of the government, businesses, public utilities, infrastructure components and services, and other individuals, as well as remote control of another party?s computing resources for a current and future harmful purposes.

66 See supra note 57.
67 See Cookie Technology, The Privacy Hub, available at http://dsa-isis.jrc.it/Privacy/cookie.html (last visited Mar. 14, 2004)
68 A browser is a software application used to locate and display the graphics, text, sound and video on a web page. See http://www.webopedia.com/TERM/b/browser.html.

69 See Id.
70 See Specht v. Netscape Communs. Corp., 306 F.3d 17 (2002) available at
http://news.findlaw.com/hdocs/docs/specht/specht70301ord.pdf.

71 Tracking cookies are also called permanent or persistent cookies. They are stored on a user?s hard drive until the user deletes the cookie. They are generally used to collect identifying information about the user, such as Web surfing behavior or user preferences for a specific Web site. See http://www.webopedia.com/TERM/P/persistent_cookie.html

72 eBay, Inc. v. Bidder's Edge, Inc., 100 F. Supp. 2d 1058 (2000) available at http://64.233.167.104/search?q=cache:vRWV64PGIPQJ:legal.web.aol.com/decisions/dldecen/ebayorder.pdf+ebay+v.+bidders+edge&hl=en&ie=UTF-8.

73 Register.com, Inc. v. Verio, Inc., 356 F.3d 393 (2004) available at http://www.icann.org/registrars/register.com-verio/order-08dec00.htm.

74 Miya Knights. Spyware Threat Creeps Up on PCs, VuNet.com, available at http://www.vnunet.com/News/1144015 (last visited Jan. 26, 2004).

75 See Id.

76 A backdoor is an undocumented way of gaining access to a program, online service or an entire computer system. The backdoor is written by the programmer who creates the code for the program, or is created as the result of a malware infection. A backdoor is a potential security risk. See http://www.pcwebopedia.com/TERM/b/backdoor.html.

77 Jane Black. Unholy Matrimony:  Spam and Virus, Business Week.com, available at http://www.businessweek.com/technology/content/aug2003/tc20030812_7863_tc047.htm (last visited Feb. 12, 2003).

78 See supra note 39.

79 Miya Knights, Spyware Threat Creeps Up on PCs, VuNet.com, available at http://www.vnunet.com/News/1144015 (last visited Jan. 26, 2004).

80 Spy Programs Threaten Data on Personal Computers, Washington Post.com, available at http://www.washingtonpost.com/wp-dyn/articles/A10515-2003Oct10.ht... (last visited Feb. 17, 2004).

81 See Id.

82 See Id.

83 See Id.

84 Knights, see supra note 79.

85 See Id.

86 Munir Kotadia. One-Third of Spam is Homemade, ZDNet.com, available at http://zdnet.com.com/2100-1105_2-5113043.html (last visited Feb. 3, 2004).
87 A virus is a piece of programming code often disguised as something else. However, its effect is usually an unexpected and undesirable event, thus, it may be generally classified as ?malware.?  Viruses are designed to automatically spread to other computer users as attachments to an e-mail note, downloads, or on a diskette or CD.  Some viruses wreak havoc as soon as their code is executed; other viruses lie dormant until circumstances cause their code to be executed by the computer. See http://whatis.techtarget.com/definitionsAlpha/0,289930,sid9_alp
V_idx100,00.html

88 David Legard and Paul Roberts, New Attack Follows MyDoom, PC World.com, available at http://www.pcworld.com/news/article/0,aid,114530,00.asp (last visited Mar. 26, 2004).

89 Jennifer M. O'Brien, Shaking Out Blended Bugs, White Hat Security Network, available at (Feb. 19, 2004).

90 See Id.

91 Andrew Brandt, New Attack Follows MyDoom, PC World, available at http://www.pcworld.com/news/article/0,aid,114713,00.asp (Feb. 11, 2004).

92 SQL refers to structured query language. It is a standardized query language for requesting information from a database. SQL is supported by PC database systems because it supports distributed databases (databases that are spread out over several computer systems). This enables several users on a local-area network to access the same database simultaneously.

93 Krebs, see supra note 22.

94 See supra note 57.

95 Brandt, see supra note 90.

96 The Giant Wooden Horse Did It, Security Focus.com, available at  http://www.securityfocus.com/columnists/208 (Jan. 19, 2004).

97 See Id.

98 See Id.

99 See Id.

100 Ellen Messmer. Variant of MyDoom Spotted, Network World Fusion.com, available at http://www.nwfusion.com/news/2004/0128variantb.html (Jan. 28, 2004).

101 See http://www.pcwebopedia.com/TERM/D/DoS_attack.html

102  See Id.

103 Legard, see supra note 87.

104 See id.

105 Robert Lemos. New Viruses Feed on MyDoom Infections, News.com, available at http://news.com.com/2100-7349_3-5156105.html?tag=nefd_top (Feb. 10, 2004).

106 See Id.

107 See Id.

108 Legard, see supra note 87.

109 See Id.

110 See Id.

111 See Id.

112 ?Sleeper cell? refers to a small unit serving as a part of a larger movement, lying in wait, often secretly, for instructions.

113 See Id.

114 Brandt, see supra note 90.

115 Michael Delio. New MyDoom Packs a Wallop, Wired.com, available at http://www.wired.com/news/infostructure/0,1377,62401,00.html (Feb. 25, 2004).

116 Paul Roberts, March Comes in Like a Worm, PC World.com, available at http://www.pcworld.com/news/article/0,aid,115020,00.asp (Mar. 1, 2004).

117 See Id.

118 TCP is one of the main protocols in TCP/IP networks.

119 See supra note 87.

120 Iain Thomsen. New Worm Masquerades as Microsoft Patch, Vunet.com, available at http://www.vnunet.com/News/1153314 (Mar. 8, 2004)

121 Brian Krebs. Online Financial Crime Headed From Bad to Worse, Washington Post.com, available at http://www.washingtonpost.com/wp-dyn/articles/A5934-2003Dec16.htm (last visited January 26, 2004).

122 See Id.

123 ?Hacker? is a term used by some to mean ?a clever programmer? and by others to refer to a person who tries to break into computer systems. Many hackers prefer to apply the term ?cracker? for those who to crack into another party?s server or computer or otherwise uses programming or expert knowledge to act maliciously. However, for the purposes of this paper, ?hacker? will be used, regardless of whether or not malicious intent is present, no offense intended to hackers who

124 See Id.

125 See Id.

126 Phishing is a scam that uses spam e-mail to deceive consumers into disclosing their credit card numbers, bank account information, Social Security numbers, passwords, and other sensitive information. See FTC Alert:  Phishing, FTC.gov, available at http://www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm (last visited Feb. 20, 2004).

127 Krebs, see supra note 119.

128 See Id.

129 See Id.

130 In effect, a social engineer runs a scam or ?con game.?

131 See Social Engineering, Search Security.com, available at http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci531120,00.html (last visited Feb.26, 2004).

132 See Id.

133 See The Secret Tricks That Spammers Use, MSNBC.com, available at http://http://www.msnbc.com/news/940853.asp (last visited Jan. 26, 2004).

134 See Id.

135 ZIP is a popular data compression format. Files that have been compressed with ZIP are called ZIP files and usually end with a .ZIP extension.

136 Paul Roberts, Zipped Files Can Zap Antivirus Apps, PC World.com, available at http://www.pcworld.com/news/article/0,aid,114629.00.asp (February 6, 2004).

137 Roberts, see supra note 114.

138 Iain Thomsen. Automated Kits Fuel Virus Epidemic, Vunet, available at  http://www.vnunet.com/News/1153171 (last visited Feb. 3, 2004).
139 Robert Jacque. 2004 to be the Year of the Superworm, VuNet, available at http://www.vnunet.com/News/1151887 (Jan. 8, 2004).
140 Internet Worms Change Form, Threaten Greater Havoc, Reuters.com, available at http://www.reuters.com/newsArticle.jhtml?type=InternetNews&storyI (last visited Jan. 26, 2004).
141 Jennifer M. O'Brien, Shaking Out Blended Bugs, White Hat Security Network, available at (Feb. 19, 2004).

142 See Id.

143  A ?link? in a hypertext system such as the World Wide Web, is a reference to another document. Such links are sometimes called hot links because they take the computer user to another document when he clicks on them. See http://www.pcwebopedia.com/TERM/l/link.html.

144 Paul Roberts. Latest Phishing Scam Targets Visa Customers, Computer World.com, available at http://http://computerworld.com/securitytopics/security/story/0,10801,88... (Dec. 26, 2003).

145 See Id.

146 Florence Olsen, FinCEN Name Used in Scam, Federal Computer Week.com, available at http://www.fcw.com/fcw/articles/2004/0202/web-phish-02-04-04.asp
 (Feb. 4, 2004).

147 Spoof or spoofed refers to a ?fake? or ?faked.?

148 FTC Warns of Phishing Scam, TechWeb.com, available at http://www.techweb.com/wire/story/TWB20040312S0005 (Mar. 12, 2004).

149 See FTC Warning About Fake Anti-Spam Site, Washington Post.com, available at http://www.washingtonpost.com/wp-dyn/articles/A37291-2004Feb12.ht...
 (Feb. 12, 2004).

150 See Sophos Warns of New Internet Worms and Trojans, PCPro.com, available at http://www.pcpro.co.uk/?http://www.pcpro.co.uk/news/news_story.ph... (Sept. 12, 2003).
151 See Id.
152 See supra note 57.
153 Dennis Fisher. IT Losing Ground in Virus Battle, E Week.com, available at http://www.eweek.com/article2/0,4149,1484760,00.asp (Feb. 2, 2004).

154 Jennifer M. O'Brien, Shaking Out Blended Bugs, Computer Dealer News, available at http://www.findarticles.com/cf_dls/m3563/2_20/114008191/p1/article.jhtml
(Feb. 13, 2004).

155 The Secret Tricks That Spammers Use, MSNBC.com, available at  http://http://www.msnbc.com/news/940853.asp (last visited Mar. 6, 2004).

156 Identity Theft is on the Rise, Reuters.com, available at http://www.reuters.com/newsArticle.jhtml?type=technologyNews&stor...
 (Jan. 22, 2004).

157 See Id.

158 Center Launched for ID Theft Victims, Washington Post.com, available at http://www.washingtonpost.com/wp-dyn/articles/A29158-2003Oct28.ht... (last visited Jan. 26, 2004).

159 Bob Tedeschi. New Efforts to Fight Identity Theft, New York Times.com, available at http://www.nytimes.com/2003/09/08/technology/08ECOM.html (last visited Jan. 26, 2004).

160 Paul Roberts. More, Worse Cyber-Attacks Coming in 2004, Infoworld.com, available at http://www.infoworld.com/article/03/12/10/hncyberattack_1.html (last visited Jan. 8, 2004).

161 Remote access permits a party to log onto a network or computer from a distant location. Generally, this implies a computer, a modem, and some remote access software to connect to the network. Whereas remote control refers to taking control of another computer, remote access means that the remote computer actually becomes a full-fledged host on the network. The remote access software dials in directly to the network server. The only difference between a remote host and workstations connected directly to the network is slower data transfer speeds. See http://www.pcwebopedia.com/TERM/r/remote_access.html.

162 Munir Kotadia. One-Third of Spam is Homemade, ZDNet.com, available at http://zdnet.com.com/2100-1105_2-5113043.html (Dec. 3, 2003).

163 See Id.

164 See Id.

165 Ryan Naraine. Security Threats Outpace Net Usage Growth, Internet News.com, available at http://www.Internetnews.com/ec-news/article.php/3091121 (last visited Feb. 13, 2004).

166 See Id.

167 A ?bot? (short for ?robot?) is a program that operates as an agent for the party or program that sent it, which enters web servers and gathers target data, which may be information stored in the server or information about the server itself.  On the Internet, the most common bots are called probes, spiders or crawlers. See http://www.pcwebopedia.com/TERM/b/bot.html.

168 Matt Hines. Verisign Says Online Fraud Growing Fast, News.com, available at http://news.com.com/2100-7355-5156062.html?tag=cd_top (Feb. 9, 2004).

169 Kotadia, see supra note 162.

170    A rootkit is a collection of tools (programs) that a hacker uses to mask intrusion and obtain administrator-level access to a computer or computer network. The intruder installs a rootkit on a computer after first obtaining user-level access, either by exploiting a known vulnerability or cracking a password. The rootkit then collects userids and passwords to other machines on the network, thus giving the hacker root or privileged access. A rootkit may consist of utilities that also: monitor traffic and keystrokes; create a "backdoor" into the system for the hacker's use; alter log files; attack other machines on the network; and alter existing system tools to circumvent detection. Today, rootkits are available for a number of operating systems and are increasingly difficult to detect on any network. See http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci547279,00.html

171 Andy McCue. Virus Writing Hackers are Biggest Threat, Silicon.com, available at http://www.silicon.com/software/security/0,39024655,39116705,00.h...
(last visited Jan. 26, 2004).

172 Kotadia, see supra note 162.

173 See id..

174 Michael Mimoso. Pescatore Comments on Security, Search Security.com, available at http://searchsecurity.techtarget.com/qna/0,289202, sid14_gci905234,00.html?newsel=10.1 (last visited Jan. 26, 2004).

175  A ?patch? or  ?fix? is a quick repair for a piece of software. It is not necessarily a good long-term solution, so software developer provide a better solution when they release the next version of the software. See http://searchmobilecomputing.
techtarget.com/sDefinition/0,,sid40_gci212753,00.html

176 Shawna McAlearney, Zero Day IE Exploit, Information Security, available at http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci930187,00.html (last visited Jan. 26, 2004).

177 RPC stands for remote procedure call, a type of protocol that allows a program on one computer to execute a program on a server computer. Using RPC, a system developer need not develop specific procedures for the server. The client program sends a message to the server with appropriate arguments and the server returns a message containing the results of the program executed. See http://www.pcwebopedia.com/TERM/R/RPC.html

178 Kotadia, see supra note 162.

179 According to infoAnarchy wiki, ?4 day? groups and ?7 day? groups carry out an exploit within 14 or 7 days of a product?s market release.179 Conducting a zero-day exploit establishes crackers as members of the elite, because they must have covert industry connections to gain the inside information needed to carry out the attack. See Zero Day, InfoAnarchy.org, available at http://www.infoanarchy.org/wiki/wiki.pl?Zero_Day (Mar. 5, 2004).

180 Ordinarily, after someone detects that a software program contains a potential exposure to exploitation by a hacker, he or she can notify the software company and sometimes the world, so that action can be taken to repair the exposure or defend against its exploitation. With enough time, the software and anti-viral companies can send out patches or updates to security software. In the past, even if hackers have heard about the vulnerability, they needed time to figure out how to exploit it, allowing the company sufficient time to offer preventative measures.

181 Zero-Day, Search Security.com, available at http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci955554,00.html  (last visited Mar. 6, 2004).

182  See Online Financial Crime Goes From Bad to Worst, Washington Post.com available at http://www.washingtonpost.com/wp-dyn/articles/A5934-2003Dec16.htm...(last visited Jan. 27, 2004).
 

183 Tom Robbins, Cyber-Age Goodfellas, The Village Voice.com, available at http://www.villagevoice.com/issues/0407/robbins.php  (last visited Feb. 18, 2004).

184  See Id.

185 The participation of organized crime is not limited to the United States. According to the United Kingdom?s National High Tech Crime Unit, organized crime syndicates are in increasing source of Internet crimes that include financial scams, identity theft, and spamming related to denial-of-service attacks.   According to the Biennial Security Breaches Survey released by the United Kingdom?s Department of Trade and Industry (DTI), ?insiders? were responsible for only ten per cent of computer attacks.   The DTI reported that the other 90 per cent of the attacks attributed to hackers, organized crime, and phishers, were substantially greater in number and severity during 2003-2004 than during the previous period.   See Computer Viruses and Organized Crime, E-Commerce Times.com, available at  http://www.ecommercetimes.com/perl/story/31679.html (last visited Jan. 27, 2004).

186  See Id.

187 DOJ Arrests Second Suspect, Washington Post.com, available at http://www.washingtonpost.com/wp-dyn/articles/A7486-2003Sep26.htm...
 (last visited Jan. 27, 2004).

188  ?Phishing,? pronounced ?fishing,? is the act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user?s information. For example, 2003 saw the proliferation of a phishing scam in which users received e-mails supposedly from eBay claiming that the user?s account was about to be suspended unless he clicked on the provided link and updated the credit card information that the genuine eBay already had. Because it is relatively simple to make a Web site look like a legitimate organizations site by mimicking the HTML code, the scam counted on people being tricked into thinking they were actually being contacted by eBay and were subsequently going to eBay?s site to update their account information. By spamming large groups of people, the ?phisher? counted on the e-mail being read by a percentage of people who actually had listed credit card numbers with eBay legitimately. See http://www.pcwebopedia.com/TERM/p/phishing.html.

189 Erika Morphy. Cybercrime Arrests, NewsFactor.com, available at http://www.newsfactor.com/perl/story/22746.html  (last visited Jan. 27, 2004).

190 See Id. The Center has received approximately 7,500 reports per month since the beginning of 2004.

191 See Id.

192 Wilson P. Dizard, III. FBI Probes Bogus Bureau Site, Government Computer News, available at http://www.gcn.com/vol1_no1/daily-updates/23736-1.html
 (February 13, 2004).

193 Nature of Internet Makes Cybercriminals Hard to Catch, The Age.com, available at http://www.theage.com.au/articles/2004/02/05/1075853987198.html
(Feb. 5, 2004).

194 See Id.

195 Virus Writers Help FBI Bust Hackers, TBO.com, available at http://2003 http://ap.tbo.com/ap/breaking/MGA2Q265QKD.html
 (Jan 27, 2004).

196 Department of Homeland Security Warns of Potential Disruptions from Blaster, Washington Post, available at http://www.washingtonpost.com/wp-dyn/articles/A60273-2003Aug14.ht...(last visited Jan. 26, 2004).
197 John Leyden. Malicious Code Threats Celebrate Bumper Year 2003, The Register.com, available at http://www.theregister.co.uk/content/55/36251.html (Mar. 15, 2004).
198 Robert Jacques. 2004 to be the Year of the Superworm, VuNet, available at http://www.vnunet.com/News/1151887  (last visited Jan. 26, 2004).
199 See The Year Ahead for Worms and Viruses, Australian IT.com, available at http://australianit.news.com.au/articles/0,7204,7826216^16681^^nb... (last visited Feb. 14, 2004).
200 Jack Kapica. Study:  Viruses Open Up a Can of Worms for ISPs, Globe Technology, available at http://www.globetechnology.com/servlet/story/RTGAM.20040303.gtsan...(Mar. 3, 2004).
201 Jan Libbenga. Trojans as Spam Robots, The Register.com, available at
http://http://www.theregister.co.uk/content/55/35722.html (Feb. 22, 2004).

202 Minneapolis Man Charged With Hacking Into Post Office Web Server, KARE 11, available at http://http://www.kare11.com/news/news-article.asp?NEWS_ID=59863 (Feb. 21, 2004).

203 FTC, Consumer Fraud and Identity Theft, Consumer Sentinal, available at http://www.consumer.gov/sentinel (Mar. 1, 2004).

204 In re Toys R Us, Inc., Privacy Litig., MDL No. M-00-1381 MMC (2001) available at http://cyber.law.harvard.edu/is02/readings/doubleclick.html.

205 Unlawful Access to Stored Communications. 18 U.S.C. ? 2701. available at
http://www.usdoj.gov/criminal/cybercrime/usc2701.htm.

206 The Wiretap Act. 18 U.S.C. ? 2510. available at
http://www.usdoj.gov/criminal/cybercrime/wiretap2510_2522.htm.

207 In re Doubleclick Privacy Litig., available at  http://www.blbglaw.com/complaints/DClickSDNYcplt.pdf.

208 See supra note 204.

209 The World Wide Web is a system of Internet servers that support specially formatted documents. The documents are formatted in a markup language called HTML (HyperText Markup Language) that supports links to other documents, as well as graphics, audio, and video files. This means a user can jump from one document to another simply by clicking on hot spots. Not all Internet servers are part of the World Wide Web. See http://www.pcwebopedia.com/TERM/W/World_Wide_Web.html.

210 Computer Fraud and Abuse Act. 18 U.S.C. ? 1030, available at
http://www.usdoj.gov/criminal/cybercrime/1030NEW.htm.

211 In re Pharmatrak, Inc. Privacy Litig. 220 F. Supp. 2d 4 (2002) available at
http://www.ca1.uscourts.gov/wp.opinions/02-2138.01A.

212 See supra note 206.

213 U-Haul Int'l, Inc. v. WhenU.com, Inc., 279 F. Supp. 2d 723 (2003) available at
http://homepages.law.asu.edu/~dkarjala/cyberlaw/U-HaulVWhenU(DVa2003).htm.

214 Wells Fargo & Co. v. WhenU.com, Inc., 293 F. Supp. 2d 734 (2003) available at http://www.mied.uscourts.gov/_opinions/Edmundspdf/
NGE03cv71906WhenU.pdf.

215 See New Rules Cut Hackers Less Slack, Denver Post.com, available at http://www.denverpost.com/Stories/0,1413,36~33~1739529,00.html.
(last visited Feb. 3, 2004).

216 See Id.

217 See Id.

218 Tim McGlone, Woman Guilty of Spam Scam Gets 46 Months in Prison, Hamptonroads.com, available at http://home.hamptonroads.com/stories/ story.cfm?story=64935&ran=83091 (last visited Jan. 27, 2004).

219 See FBI to Open Five New Computer Crime Labs, Government Computer News, available at http://www.gcn.com/vol1_no1/daily-updates/23821-1.html
 (last visited Feb. 13, 2004).

220 Wilson P. Dizard, III. The DHS Will Launch Emergency Net and Security Database, Government Computer News, available at  http://www.gcn.com/vol1_no1/daily-updates/25050-1.html (Feb. 24, 2004).

221 Cyber Promotions, Inc. v. America Online, Inc., 948 F. Supp. 436 (1996) available at http://www.paed.uscourts.gov/documents/opinions/CYBER.pdf.

222 Intel Corp. v. Hamidi, 30 Cal. 4th 1342 (2003) available at http://www.ca2.uscourts.gov:81/isysnative/RDpcT3BpbnNcU1VNXDAyLTkxMDBfc28ucGRm/02-9100_so.pdf.

223 See supra note 22.

224 See id.

225 Mike Allen, Bush Sets Internet Access Goal, Washington Post.com, available at http://www.washingtonpost.com/ac2/wp-dyn/admin/emailfriend?contentId=A28187-2004Mar26&sent=no&referrer=emailarticle (Mar. 26, 2004).

226 This seems especially unwise in view of the potential for opportunistic businesses, concerned about profits and market shares, to victimize the public and their customers.  Internet security-related services and vendors are in business to make money. It is in their best commercial interests to get as much free publicity as possible. However, in the wake of each new worm or virus there follows such an onslaught of vendor press releases announcing that their company has been the first to discover or defend against it, that this suggests the scent of taint.

227 Centers for Disease Control and Prevention. See http://www.cdc.gov/aboutcdc.htm (last visited Mar. 13, 2004).

228  William Voegeli. An Ounce of Prevention is Worth a Pound of Ingratitude. The Claremont Institute.com, http://www.claremont.org/writings/040317voegeli.html  (Mar. 17, 2004).

229 See supra note 23.

230 See id., In 1946, the ?Communicable Disease Center? grew out of Congress?s efforts to provide federal assistance for state and local health agencies that were fighting devastating epidemics such as malaria and typhus in several Southern states. Recognizing the success of this project, in 1951, Congress authorized the development of the Epidemic Intelligence Service (EIS). The EIS quickly became the world's response team for a wide range of health emergencies. One of them was the polio epidemic, which at that time, claimed over 400,000 lives in the United States. The Polio Surveillance Unit went in to action in 1955, bringing the epidemic under control and nearly eradicating all incidences of it in the Western Hemisphere. In 1966, CDC launched the Smallpox Eradication Program to eliminate smallpox and control measles in 20 African countries. Through its efforts, public health workers wiped out smallpox, a disease that had killed millions of people. The last case of smallpox in the world was reported in Somalia in 1977.When the California Department of Health reported the first cases of Acquired Immunodeficiency Syndrome (AIDS) in 1981, the CDC organized a specialized unit that continues to function in that area today. Other CDC initiatives have established the National Institute for Occupational Safety and Health (NIOSH), which protects workers in the United States from on-the-job hazards, and the Violence Epidemiology Branch that addresses issues of child abuse, homicide, and suicide.

231 See supra note 176.