Martin Banks, Personal Computer World 01/89 - checked

January 1989

I'm getting fed up with it myself, aren't you? You sit there at your little desk trying to find the telephone number of some company or other. After a while, you turn up from under the pile of rubbish a letter from them.

Salvation! There is the phone number, right at the bottom of the letter-heading. You dial, pleased that your impersonation of Sherlock Holmes brought forth the goods, until the goods in question turn out to be an earful of high pitched whine. Yes, you guessed it, you have dialled the damned Fax machine again.

I mention this because I find it is happening a great deal now. And it is happening a great deal because more and more companies are investing in some form of electronic communication. Even I, humble hack and bear of little brain, have got a Telecom Gold mailbox and all the bits an bobs needed to use it. (OK, so the brain and technical skills aren't up to much, but one can't have everything).

What is more, I do use it. Indeed, this column, once hacked and mangled, will be winging its way to the offices of this august organ via that esteemed medium. (I have to say 'esteemed' in the hope that it works properly this time. Ever since we got a System X exchange locally, it has dropped, bits, bytes and whole sentences in transit - though this arguably makes things more readable).

That makes all this technology stuff really quite interesting, and useful, and dangerous. The more people rely on it, the more open to abuse it can become. In the 'good old days' for example, people would rely on the word of a man as an 'officer and gentleman', until they started to realise that a good many of them were shafting shysters who'd sell their granny for tuppence.

So it now is becoming with communications. As more companies move into the communications arena, and start to depend upon it for more areas of their work, so the integrity of the systems involved becomes more important. In addition, as the type and range of communications grows, and dependence upon them increases, everyone becomes potentially more vulnerable.

Imagine, for example, that you go down to your local bank and find that you have no money because someone has hacked into the system and managed to 'transfer' your account to another bank, under another name? Improbable? maybe, but don't anyone tell me it could never happen... Chernoballs to that idea.

The proliferation of communicating computers is rapidly generating the genre of computer crime, yet this prompts the problem of defining what is a 'computer crime'. Bypassing immediately any poor-taste jokes about certain manufacturers and their products, let us concentrate on those crimes which come from the ability of systems to communicate.

The fundamental question to be answered is: hacking, is it illegal? Those two hacking hacks (if follow what I mean), Robert Schifreen and Steve Gold, have prompted the Law Commission to produce a Working Paper the subject. These two, you will remember, hacked around Telecom Gold until they got through to the mailbox of Prince Philip, where they digitally genuflected and hacked out again.

The long arm of the law caught up with them and there was a trial, an appeal and, benevolent to the last, the Law Lords cast off their shackles and set them free. They had not, it decided, used a forged 'instrument' to get into the mailboxes as defined under the Forgery and Counterfeiting Act of 1981.

To be fair, they did no damage and the escapade probably falls into the 'wizard wheeze' category. It does demonstrate some weaknesses in the Law however.

For example, information is not 'property' under English Law, but should it be? What is information? Most of it is totally disconnect piles of facts, figures, opinions, observations etc etc ad nauseam. As such they are as worthless as a car without an ignition system.

So information is not necessarily important, it is what you do with them that counts. This when the discrete bits are brought together to form something different, bigger - knowledge. That can, and often does, have great value. So, being able to hack into a system and gain access to the 'knowledge' there present could be significant - both as a gain to the hacker, and a loss to the hackee.

That is a clear area of 'crime', for a pecuniary advantage can be seen to be gained. But what of other areas, what if someone hacks in and 'changes' the basic information, perhaps adds a snippet or two that are erroneous? That might change the resultant 'knowledge'. Should that be a crime? In some areas it is already seen as one, such as in input frauds against things like company payroll systems, but in many other areas the pecuniary advantage may be less clear or non-existent, and should that be the only obvious test of criminality? What of malice, for example?

Interestingly, the Law Commission Working Paper finds that, in general, the existing Law covers most of the eventualities all this nasty technology is throwing up. It does however, suggest that hacking is a new area which should be studied. It makes no recommendations as to whether new laws should be introduced, but is interested in hearing people's views.

What do you feel? should we lock up Schifreen and Gold and throw away the key? Personally I don't think so for what they did, but what if they had hacked into my system and really messed up my files, would I feel so benevolent?

This is one of the questions the Commission poses for consideration, should causing 'damage' when hacking be illegal? Others suggestions range from the specific, hacking, to inspecting certain types of information, through to the catch-all gaining unauthorised access.

Personally, I go for the 'specific information' and 'damage' options, but what do you think. I am willing to be persuaded.

end