ELECTRONIC COMMERCE, HACKERS, AND THE SEARCH FOR LEGITIMACY:
A REGULATORY PROPOSAL
By Michael Lee, Sean Pak, Tae Kim, David Lee, Aaron Schapiro, and Tamer Francis †
ABSTRACT
The escalation of electronic commerce offers a wealth of opportunity for businesses. This technological revolution may be undermined by consumers wary of the increased threat of online invasions of privacy through hacking. The authors detail the various types of security infiltrations-both beneficial and detrimental-that hackers can perpetrate. After examining the current state of federal laws governing hacking, namely the Consumer Fraud and Abuse Law of 1984, the authors posit their recommendations for a realistic regulatory proposal based on an understanding of current technological capabilities.
TABLE OF CONTENTS
I. THE
THREAT TO ELECTRONIC
COMMERCE 844
II. THE STRUGGLE
FOR CODE 845
A. The Arsenal 846
B. Methods and Tools of Attack 847
1. Eavesdropping and Packet Sniffing 847
2. Snooping and Downloading 848
3. Tampering or Data Diddling 848
4. Spoofing 849
5. Jamming or Flooding 849
6. Injecting Malicious Code 849
7. Cracking Passwords, Codes and Keys 850
8. Exploiting Flaws in Design, Implementation or Operation 850
C. Countermeasures 850
1. Encryption (Secrecy) 850
2. Authentication (Password Systems) 852
3. Access Control and Monitoring (Firewalls) 852
4. Auditing (Logging) and Intrusion Detection 853
5. Virus Scanners and Disinfectors 854
6. Backup 854
7. Secure Design, Implementation, and Operation 854
D. Related Activities: Cracking, Phreaking, Social Engineering 854
1. Cracking 855
2. Phreaking 857
3. Social Engineering 858
E. Password Systems: An Arms Race of the Past 859
F. Java-Based Security Holes and Safeguards: The Arms Race of the Future 861
G. Implications for Regulating Hackers 864
III. THE STRUGGLE FOR NORMS 865
IV. CURRENT AND PROPOSED LEGAL REGIMES 868
A. Hacking
as Crime: The Computer Fraud and Abuse Law of 1984 868
1. The Text of the CFAA 869
2. Access Denied--Access as Crime 869
3. A Critical Evaluation 872
B. Hacking as Tort: The Internet Service Provider ("ISP") Solution 874
1. The Decisive Advantages of a Negligence Regime 874
2. A Critical Evaluation 877
V. A HEURISTIC MODEL FOR
REFORM 879
A. Consider
All Relevant Modalities of Regulation 879
B. Analyze the Political Consequences of Inducing Changes In Code 881
VI. A PROPOSAL FOR OPTIMAL
REGULATION 882
A. Advantage
One: Promotes Self-Regulation Through Market Forces 883
B. Advantage Two: Facilitates Democratization of Architectural Developments 885
You bring me a select group of 10 hackers and within 90 days, I'll bring this country to its kn