It is not “outsiders” such as Morris — whether they have destructive motives or not — who do the greatest damage, but “insiders”. Although numbers are hard to come by, computer security experts estimate that 90 percent of computer crimes occur from within a company, and that high-tech theft accounts for a $3 billion to $5 billion annual loss to corporate America. For years banks have known of the danger of widespread electronic record keeping. In 1981, well-placed employees at one bank took advantage of a built-in delay in electronic transaction records and made off with more than $21 million. A more recent case involved a ring of data-entry clerks at a major retail company who stole $33 million from their company by altering electronic information. The federal government concluded in a 1986 report that “the more significant security problem is abuse of information systems by those authorized to use them, rather than attacks from those trying to penetrate the systems from outside”. But fearing bad publicity, few companies report inside crimes. So the Justice Department went after who it could — a highly visible and easy target.
Even the people most convinced of Morris' guilt had the feeling they were watching the wrong trial. But after two weeks of hearing statements from 14 government witnesses, three defense witnesses, and Morris himself, on January 22 a jury of nine women and three men found Morris guilty of the crime he had been charged with. His was the first jury conviction under a section of the 1986 Computer Fraud and Abuse Act (《电脑诈骗和滥用法案》) that makes it a crime to “intentionally access a national computer network without permission” and by doing so to prevent the authorized use of a computer and cause a loss of at least $1,000. The Morris family has yet to say whether it will appeal. But Morris' attorney said the law was too vague, which could provide grounds for an appeal. What, for instance, does “access without permission” really mean? As a graduate student specializing in computer science, Morris was an authorized user on computers here and there in the network, even if they constituted a fraction of all the computers his program affected.Morris' offense was to release into the Internet what's been called both a “virus” and “worm” program. The electronic version of an organic virus, a computer virus is a secret program that attaches itself to another program and moves from computer to computer, “infecting” each one as it spreads. Morris' program was more like a worm; his clever program didn't need to use another program in order to spread.
Morris told the jury that he did deliberately write and send out the program, but that he meant for it to plant itself gradually inside the computers, going unnoticed for months. Instead, a critical error on Morris' part caused the program to reproduce rapidly. Within hours of its release, the worm had crashed some 2,500 to 6,000 computers. From the start, the Government argued that it needed to prove only that Morris intended to break into the computers and not that he intended to cause damage. But Morris' lawyer insisted that the section of the law in question is meant for those who intend to cause damage.Why didn't the Government choose to make such a highly public case out of a more obvious computer criminal? There was Kevin Mitnick (凯文·米特尼克, 著名的电脑黑客), for instance, a young man in Los Angeles far more dangerous than Morris and truly focused on breaking into computers. In 1988 Mitnick stole valuable software from a major corporation. Though charged under the same law, he received only a one-year sentence. It seems that Robert Morris was chosen because his case was so easy to win: his worm left many angry computer managers in its wake. The Government was not disappointed. The Morris case captured the most publicity of all computer crime cases, and brought out the nation's collective anxiety about computer hackers.
The question now is whether Morris will go to prison, and if he does, whether the Government has succeeded in demonstrating that no one, not even a gifted student conducting an experiment, can expect to get away with it. Sentencing won't take place until the judge hears additional arguments in late February. Morris probably faces 18 to 24 months in prison. His maximum penalty would be five years and a $250,000 fine. Although some computer scientists and industry groups praise the Morris conviction, others are wondering whether it really represents justice. “All of a sudden computer criminals are high school students with phone lines. The computer industry knows it's not true and the Government knows it's not true,” said one attorney specializing in computer crime. “If the Government thinks it's sending a message to criminals, it's been delivered to the wrong address.” Instead of sending a graduate student to prison, the Government should consider putting pressure on companies to prosecute the real criminals. Words:1,073
