What Laws Did ILOVEYOU Break?
Posted Wednesday, May 10, 2000, at 11:44 AM ETEarly this week, police traced the ILOVEYOU computer virus to the Philippines, but after questioning one suspect, authorities had to release him for lack of evidence. The Philippines has no computer-crime laws on its books. What U.S. laws did the perpetrators of the ILOVEYOU virus break, and could the suspects be extradited to the United States for trial?
PRINT
DISCUSS
E-MAIL
RSS
RECOMMEND...
Facebook
MySpace
Mixx
Digg
Reddit
del.icio.us
Furl
Ma.gnolia
Sphere
StumbleUponIf the United States had jurisdiction over the ILOVEYOU perpetrators, the Computer Fraud and Abuse Act would apply. Passed in 1986 and broadened several times, it outlaws a wide range of computer mischief, including: trafficking in stolen passwords, transmitting viruses that damage computers, and obtaining unauthorized information on protected computers. A violation of the Computer Fraud and Abuse Act is punishable by five years and up to $250,000 in fines, and in the case of ILOVEYOU, each infected computer might constitute a separate violation.
Philippine authorities may charge the ILOVEYOU suspects under the Access Devices Regulation Act, which outlaws the use of stolen credit cards. It appears that the suspects used stolen passwords to connect to Internet service providers. Using stolen information to obtain good or services in the Philippines is punishable by five years in prison. Prompted by the virus outbreak, members of the Philippines Congress are now calling for new computer-crime laws.
The ILOVEYOU suspects could not be automatically extradited from the Philippines to the United States because the current extradition treaty applies only when both countries share the law in question. However, the United States might be able to persuade the Philippine courts to turn the suspects over to its courts. U.S. law enforcement officials have yet to make such a request.
Security experts hope ILOVEYOU will encourage the formulation of an international cyberspace treaty, similar to those concerning the sea and outer space.
For an overview of cyber law in the United States, check out this article from New Jersey Law Review.
Next question?
News of the World Hush-Money Scandal: How Much Did Rupert Murdoch Know?
Obama's Nominee for NIH Chief Is an Evangelical Christian. And That's OK.
It's Way Too Soon To Call the Stimulus a Failure
I'm Having a Dinner To Celebrate My Divorce
Can the Kid Who Settled Child-Abuse Claims With Michael Jackson Finally Speak Out?
Fake News You Can Dance To
Reader Response from The Fray:
Another US-centric take on the issue. Did I miss something or wasn't the whole world affected by the virus? Extradition to the US is a non-issue here.
--thehon
(To reply, click here.)
What is needed is an international convention governing that which belongs to no nation but must be shared by every nation. We have the analogy of the oceans--no nation "owns" anything beyond its coastal waters, but the use of the oceans for transportation of people, goods and culture is essential for civilization. So we have rights of "innocent passage" even in coastal waters, and we regulate whaling and fishing, and now even coral reefs and submarine habitats, through international convention. It has always been the law of nations that pirates are "hostes humani", that is, enemies of mankind at large, and may be taken, tried and hung by any nation. Likewise we have seen such laws applied to slavers. Finally, we recognize international tribunals for war crimes. I submit that cyberspace is the newest ocean--it is essential that commerce, culture and correspondence proceed freely through the world. Therefore, those who would use cyberspace to steal or vandalize must be punished, effectively and consistently. I submit that the rules that apply to slavers and pirates must apply to cyberbandits as well.
--Lewis Taishoff
(To reply, click here.)
(5/12)