- Email: [email protected]
UK law “totally ill-equipped” for computer crime
Vol. 10, No. 1, Page 11
installation takes place), speedy recovery should be ensured. Services on offer increasingly include data communications re-routing and access. In order to prove the viability of their offerings, the computer standby companies are generally willing to discuss the details of invoked contracts. Hardware problems appear to be prevalent; one company receives at least one call per week from its subscriber base, placing it on a standby footing, particularly during system upgrades or The level of confidence placed in such equipment relocation. exercises would appear to be low. Another company questioned stated that 40% of contract invocations and standby alerts had their origins with hardware or relocation exercises. It is also interesting to note, referring to the 15% of disasters in the survey attributable to industrial action and disputes, that this category of disruption normally forms part of Thus, access to the exclusion clause of most standby contracts. the contracted standby facilities would be denied in this case. Whatever decision is made regarding the individual recovery strategy, while attention should be paid to published statistics, the specific threats to the individual organization are still the major considerations. In the short term, it may be advisable to subscribe to a standby site, with a view to providing internal standby when, for example, a distributed mainframe system is to be installed in the near future. The path may be determined by the increasingly time-critical nature of the applications relying on a functioning hardware configuration. In conjunction with Elsevier International Bulletins, Alkemi has published Computer Risk Manager, a regularly updated guide to computer contingency planning. Details are available from Elsevier International Bulletins, Mayfield House, 256 Banbury Road, Oxford OX2 7DH, UK; tel: 0865-512242. Steve Watt, Alkemi Ltd
UK LAW "TOTALLY ILLEQUIPPED" FOR COMPUTER CRIME
The recent Appeal Court decision - reported in the September 1987 issue of CFSB - that the transmission of electronic impulses during the course of computer crime does not itself constitute the making of a false instrument under the terms of the Forgery and Counterfeiting Act 1981 has already been applied for the first time in a criminal trial at the Old Bailey, London on 2 September 1987. Speaking at the trial of Angelo Lamberti and John Filinski, prosecuting counsel, Mr Julian Devan, described the law as now being "totally ill-equipped" to deal with some aspects of computer fraud. The two men had pleaded guilty to conspiring to defraud the firm of Bathe Securities by procuring the unauthorized computer transfer of a total of 18 Eurobonds, together valued at f5 million, but they denied an associated charge of making a false instrument in the form of an electronic message in order to effect the transfer. Following the Appeal Court decision, Judge Kenneth
0 1987
CO~p~Tg~jqd~;;y,;,& SEcvarrrm
No
Elsevier
part of this
means, (Readers
Science
Publishers
publication
electronic.
mechanical,
in the U.S.A.
-
B.V..
Amsterdam./87/$0.00
may be reproduced. photocopying,
please see special
stored
recording regulations
+ 2.20
in a retrieval
system,
or otherwise, listed
or transmitted
without
on back cover.]
the prior
by any form permission
or by any
of the publishers
Vol.
10, No.
1, Page
12
Machin instructed the jury to return respect of the secondary charge.
a 'not guilty'
verdict
in
At the time of the offence, Lamberti was employed at the London offices of Bathe Securities, where he had access to computer codes and passwords used for the transfer of funds between the firm and various international banks and institutions. He was introduced by Filinski, a friend, to a group of people described in court as "a gang of international fraudsmen", who persuaded him to unlawfully transfer the bonds to a Swiss bank They were then to have been sold to dealers through an account. innocent intermediary and the proceeds shared. In order to effect the original transfer, the gang obtained a compatible microcomputer, which was installed in Filinski's home and used by Lamberti to dial up the Bathe Securities system and input the necessary instructions, resulting in the +Z5 million being duly transferred to Geneva. The offence was foiled at the last moment when an alert employee noticed the unauthorized transaction and acted to freeze the bonds before they could be disposed of. Police enquiries led to the arrest of Lamberti and Filinski, who admitted the Common Law charge of conspiracy but, on legal advice, denied the statutory charge under the Forgery and Counterfeiting Act, which was duly quashed by Judge Machin. The Attorney General is now considering whether to take the case back to the Appeal Court to seek further clarification of the relationship of the forgery laws to computer crime. It seems clear that had this merely been a case of hacking for its own sake, the two men would have been beyond the reach of the law. The added element of conspiracy to defraud, however, permitted a partially successful prosecution to be undertaken. Lamberti was jailed for three years and Filinski for 18 months. Nevertheless, many observers in the computer industry and the legal profession are increasingly certain that the whole question of computer crime in relation to statute law is one that now warrants an urgent and comprehensive review. Roy Carter
COMPUTER CRIME LAW A CAPITALIST TOOL?
Whom does computer crime law protect? Despite the existence of computer crime laws in 48 US states and the federal US system, almost no one has given this basic question very much attention. Unfortunately, the first authoritative statement of an appellate US court on the subject is a rather curious proof of the old legal maxim that "hard cases make bad law". The opinion in Mahru v. Superior Court (No. B026004, Second Dist., Div. Two) suggests that only owners of computer systems are protected against malicious damage to computer systems under the Since this language of California Penal Code section 502 (c). language is similar to that of most of the computer crime laws in the US, it is worth a minute or two to explore the paucity of reasoning that seems to underly the court's conclusion.
a 1987 Elsevier Science Publishers B.V.. Amsterdam./87/$0.00 + 2.20 No part of this publication may be reproduced, stored in a retrieval system, or transmitted by any form or by any means. electronic. mechanical, photocopying. recording or otherwise. without the prior permission of the publishers. (Readers in the U.S.A. - please see special regulations listed on back cover.)
installation takes place), speedy recovery should be ensured. Services on offer increasingly include data communications re-routing and access. In order to prove the viability of their offerings, the computer standby companies are generally willing to discuss the details of invoked contracts. Hardware problems appear to be prevalent; one company receives at least one call per week from its subscriber base, placing it on a standby footing, particularly during system upgrades or The level of confidence placed in such equipment relocation. exercises would appear to be low. Another company questioned stated that 40% of contract invocations and standby alerts had their origins with hardware or relocation exercises. It is also interesting to note, referring to the 15% of disasters in the survey attributable to industrial action and disputes, that this category of disruption normally forms part of Thus, access to the exclusion clause of most standby contracts. the contracted standby facilities would be denied in this case. Whatever decision is made regarding the individual recovery strategy, while attention should be paid to published statistics, the specific threats to the individual organization are still the major considerations. In the short term, it may be advisable to subscribe to a standby site, with a view to providing internal standby when, for example, a distributed mainframe system is to be installed in the near future. The path may be determined by the increasingly time-critical nature of the applications relying on a functioning hardware configuration. In conjunction with Elsevier International Bulletins, Alkemi has published Computer Risk Manager, a regularly updated guide to computer contingency planning. Details are available from Elsevier International Bulletins, Mayfield House, 256 Banbury Road, Oxford OX2 7DH, UK; tel: 0865-512242. Steve Watt, Alkemi Ltd
UK LAW "TOTALLY ILLEQUIPPED" FOR COMPUTER CRIME
The recent Appeal Court decision - reported in the September 1987 issue of CFSB - that the transmission of electronic impulses during the course of computer crime does not itself constitute the making of a false instrument under the terms of the Forgery and Counterfeiting Act 1981 has already been applied for the first time in a criminal trial at the Old Bailey, London on 2 September 1987. Speaking at the trial of Angelo Lamberti and John Filinski, prosecuting counsel, Mr Julian Devan, described the law as now being "totally ill-equipped" to deal with some aspects of computer fraud. The two men had pleaded guilty to conspiring to defraud the firm of Bathe Securities by procuring the unauthorized computer transfer of a total of 18 Eurobonds, together valued at f5 million, but they denied an associated charge of making a false instrument in the form of an electronic message in order to effect the transfer. Following the Appeal Court decision, Judge Kenneth
0 1987
CO~p~Tg~jqd~;;y,;,& SEcvarrrm
No
Elsevier
part of this
means, (Readers
Science
Publishers
publication
electronic.
mechanical,
in the U.S.A.
-
B.V..
Amsterdam./87/$0.00
may be reproduced. photocopying,
please see special
stored
recording regulations
+ 2.20
in a retrieval
system,
or otherwise, listed
or transmitted
without
on back cover.]
the prior
by any form permission
or by any
of the publishers
Vol.
10, No.
1, Page
12
Machin instructed the jury to return respect of the secondary charge.
a 'not guilty'
verdict
in
At the time of the offence, Lamberti was employed at the London offices of Bathe Securities, where he had access to computer codes and passwords used for the transfer of funds between the firm and various international banks and institutions. He was introduced by Filinski, a friend, to a group of people described in court as "a gang of international fraudsmen", who persuaded him to unlawfully transfer the bonds to a Swiss bank They were then to have been sold to dealers through an account. innocent intermediary and the proceeds shared. In order to effect the original transfer, the gang obtained a compatible microcomputer, which was installed in Filinski's home and used by Lamberti to dial up the Bathe Securities system and input the necessary instructions, resulting in the +Z5 million being duly transferred to Geneva. The offence was foiled at the last moment when an alert employee noticed the unauthorized transaction and acted to freeze the bonds before they could be disposed of. Police enquiries led to the arrest of Lamberti and Filinski, who admitted the Common Law charge of conspiracy but, on legal advice, denied the statutory charge under the Forgery and Counterfeiting Act, which was duly quashed by Judge Machin. The Attorney General is now considering whether to take the case back to the Appeal Court to seek further clarification of the relationship of the forgery laws to computer crime. It seems clear that had this merely been a case of hacking for its own sake, the two men would have been beyond the reach of the law. The added element of conspiracy to defraud, however, permitted a partially successful prosecution to be undertaken. Lamberti was jailed for three years and Filinski for 18 months. Nevertheless, many observers in the computer industry and the legal profession are increasingly certain that the whole question of computer crime in relation to statute law is one that now warrants an urgent and comprehensive review. Roy Carter
COMPUTER CRIME LAW A CAPITALIST TOOL?
Whom does computer crime law protect? Despite the existence of computer crime laws in 48 US states and the federal US system, almost no one has given this basic question very much attention. Unfortunately, the first authoritative statement of an appellate US court on the subject is a rather curious proof of the old legal maxim that "hard cases make bad law". The opinion in Mahru v. Superior Court (No. B026004, Second Dist., Div. Two) suggests that only owners of computer systems are protected against malicious damage to computer systems under the Since this language of California Penal Code section 502 (c). language is similar to that of most of the computer crime laws in the US, it is worth a minute or two to explore the paucity of reasoning that seems to underly the court's conclusion.
a 1987 Elsevier Science Publishers B.V.. Amsterdam./87/$0.00 + 2.20 No part of this publication may be reproduced, stored in a retrieval system, or transmitted by any form or by any means. electronic. mechanical, photocopying. recording or otherwise. without the prior permission of the publishers. (Readers in the U.S.A. - please see special regulations listed on back cover.)