District Court issues
[quotes from NTP's Memorandum of Points and Authorities in Opposition to RIM's First (or Second) Motion for Summary Judgement]
1. RIM seemed focused on obtaining summary judgement before the "Markman hearing"
(or claim-construction hearing), a hearing at which the judge rules on
the meaning of various patent claims. This seems awkward. NTP's reply:
RIM's preemptive May 3. 2002 motion for partial summary judgment flies in the face of
its prior arguments and representations to the Court. The motion is an
attempt to short-circuit the Court's procedural schedule regarding
claim construction and to burden NTP with briefing before RIM even
files its responsive claim chart and prior art statement. RIM's motion
- which RIM admits will likely "miss the mark altogether" - seeks to
force the Court to engage in a wasteful, piecemeal, incomplete and
ultimately fruitless claim interpretation exercise before the disputed
claim terms are briefed or even identified.
2. RIM introduced the Zabarsky prior art rather late in the game. It
is not clear why they didn't pick up on this earlier. Perhaps the idea
of positioning their devices as pagers didn't occur to them.
3. NTP was an advocate of the "push" idea:
The Campana patents bridged this
email-wireless divide by providing universal connectivity for email
between wired and wireless systems. For the First time, email sent to a
user at his or her normal electronic mail system could be "pushed" to the user's mobile processor in a format suitable for standard email operations such as viewing, replying and forwarding. The user no longer needed to find his or her email; instead, the email would find the user.
This "push" idea, though, is not new: it's what happens when a cellular network calls you (the call is "pushed" to you), and it's what happens in SMTP whenever the next hop is reachable. The last sentence sounds seductive, but again it is difficult to see the innovation here except in the context of actually building a wireless email network.
Another NTP description that makes the invention appear very deep is:
Campana opened access between the world
of landline-based electronic mail systems and the wireless world.
Campana taught the ability to "push"
the email stored in the user's mailbox on the email server all the way
to a mobile destination processor operated by that user. As Campana
recognized, the wireless user would be unable to periodically request
email because of all of the drawbacks cited above (e.g., uncertainty.
delay and inconvenience/cost). Thus, the wireless user would be best
served by a system that delivered email without the need for any
request from the user - similar to the way that a server delivers email
to the user's desktop computer when Outlook requests it.
But is this meaningful? It seems likely that anyone using RF links
for email in 1995 would have found all the ideas here obvious. However,
the notion that laptop users had to dial in to retrieve email was also
something that many people felt was "inevitable".
Week 12
NTP also focused on their system as a way of addressing the
"inconvenience of dialing up": the difficulty finding a compatible
phone jack, and the possibility that there was no email to be received.
This seems to be a very tame description when compared to the utility
of receiving email while walking around. It seems likely that Campana
did not anticipate that part!
3.5: Note that all of the above amounts to a business justification
for believing that there would be a market for small RF-capable email
devices. If you accept that all the pieces for RF-based email were
already in place, this can be interpreted as suggesting that the real
innovation isn't the invention, but RIM's marketing of it.
4. RIM tried to claim their software was "not an email system". This
might be true in some precise sense, in that it is clearly an add-on to
an email system. RIM's precise claim was
The Blackberry relay and the Redirector
software are not a part of any email system. They do not alter or
modify any existing email system with which they may be used. Rather,
they are peripheral components....
To which NTP replied:
The blackberry Redirector software is
part of the email system on which it is installed. ... Indeed, RIM
admits that the redirector software cannot operate independently and
has no utility unless and until it is installed on an email server ....
Until now, RIM has always characterized
the blackberry ... as part of an electronic mail system. ... Indeed,
this Court is the only entity to which RIM has ever asserted that the
Blackberry is not part of an electronic email system.
This is an interesting argument. If Campana's patent is for an entire system, what if RIM just implements the part that corresponds to Campana's addition? Generally, that would still qualify as infringing.
5. RIM tried to interpret some NTP claims very literally; for
example, by claiming that the phrases below were equivalent. NTP argued
that the crucial "the" made the difference. RIM's argument was that
NTP's patent required both an
RF and a wireline transmission to the same processor. Clearly, the
Campana patent wording is very vague; in fact, it is vague even by the
execrable standards of the patent world. Who is being obfuscatory here,
RIM or NTP?
A system for transmitting originated information from one of a plurality of originating processors in an electronic mail system to at least one of a plurality of destination processors in the electronic mail system comprising...
a RF information transmission network for
transmitting the originated information to at least one RF receiver
which transfers the originated information to the at least one if the plurality of destination processors
6. RIM argued that NTP's patent required the RF receiver and
destination processor to be distinct units. That seems specious, in
that consolidating components is routine.
7. RIM tried to argue that their wireless units acted as pagers:
email was not addressed to the blackberry itself, but only to the
user's usual email address. The blackberry system intercepted the email and forwarded it to the blackberry.
First, this kind of forwarding was standard by 1990; most unix email
systems provided for .forward files to specify such forwarding.
However, RIM has a point: the Campana patents assume that the RF nodes
have email addresses. This is not quite true of the Blackberry system: the email address is separate.
Note that the core issue of lack of novelty and obviousness was never raised directly.
Indirectly, it appears in the guise that NTP's patents are to be
construed very narrowly because the basic ideas were already extant.
Appellate court notes; ruling of Aug 2, 2005
In their appeal, RIM appears to be trying to narrow the scope of the NTP
claims. Somehow the assertion that there was prior art for
Perhaps they should have focused on the patent's own claim of
prior art in trying to limit the patent claims??
RIM argued before the appellate court that the district court erred
in construing the claim terms:
(a) "electronic mail system"
(appearing in the '960, '670, and '172 patents);
(b) "gateway switch" (appearing in the '960 patent); and
(c) "originating processor" and "originated information"
(appearing in the '960, '670, and '592 patents).
It seems clear that the district court did NOT grasp the generality of any of these three terms, but the appeals court did NOT overrule. Instead they found
... the court looks to those sources available to the public that show what a person of ordinary skill in the art would have understood disputed claim language to mean
RIM argues there are two ordinary meanings of "electronic mail
system": a broad definition that encompasses "communicating word
processors, PCs, telex, facsimile, videotex, voicemail and radio
paging systems (beepers)" and a narrow definition that defines
the term in the context of "pull" technology. They were apparently trying to argue that the blackberry system was not an "electronic mail system" in the narrow sense, and therefore wasn't covered by the patents.
The appellate court cited Tanenbaum, Computer Networks, a classic text.
The court also wrote:
The message is next sorted by the recipient's ISP mail server into the recipient's particular "mailbox," where it is stored until the recipient initiates a connection with the server and downloads the message off the server onto his or her personal machine. This configuration is commonly referred to as a "pull" system because emails cannot be distributed to the user's machine without a connection being initiated by the user to "pull" the messages from the mail server.
Pull system??? This is marketing terminology.
Campana's particular innovation was to integrate existing electronic mail systems with RF wireless communications networks.
A message originating in an electronic mail system may be transmitted not only by wireline but also via RF, in which case it is received by the user and stored on his or her mobile RF receiver.
Is the court suggesting that this is a "push" system? Yes, in fact.
But this was a major misunderstanding of prior art.
The BlackBerry system uses "push" email
technology to route messages to the user's handheld device without a
user-initiated connection.
How is a blackberry different from a laptop with persistent Internet connectivity,
limited to port 25 (email)?
An important issue for the court was that blackberries were NOT
seen as email endpoints. Rather, they were seen as portable
intermediate nodes:
they would receive email, they could display the email, but the email's
ultimate destination was the user's laptop (via some cable). This is an
interesting strategy, in that it makes the blackberry transparent to
the laptop that is receiving the email. However, it is not part of the
patent debate either!
The appeals court agreed with the district court that the latter's
interpretation of "electronic email system" as including the blackberry
system was entirely reasonable. This degenerated into more push/pull
debate, but part of the issue was that Campana himself tried to
characterize an "electronic mail system" as a wire system in order to
make his system appear different from Zabarsky's.
The appeals court said, [p 19 of pdf version]
Campana described prior art "electronic-mail services" as "basically
a wireline - to - wireline, point-to-point type of system" (emphasis in
the court's quote). The use of the term "basically" suggests that an
electronic mail system may include other types of connections,
including wireless connections. Moreover, Campana provided an example
of one prior art electronic mail system in commercial use .... In this
prior art electronic mail system, "groups of processors ... may be
distributed at locations which are linked by the [PSTN]. The individual
processors may be portable computers with a modem which are linked to
the [PSTN] through wired or RF communications as indicated by a dotted line" [Campana quotes from 5436960]
Note that the appeals court is essentially granting here that RF
links in email were prior art! See that patent, paragraph beginning
"FIG. 1 illustrates a block diagram". Note also that, in the images,
Fig 1 appears twice, and in one the "RF information transmission
network" is deleted. RF links to end-users were never shown. Figures are in http://cs.luc.edu/pld/ethics/campana/960 and http://cs.luc.edu/pld/ethics/campana/451.
As for the contested term "originating processor", the appeals court
says "We do not hold that the 'originating processor' is always the
processor on which text of the email message was created".[p 23] That
is, the blackberry is still an originating processor in the sense of
Campana's patents even if the message was created on the associated
laptop.
uspto.gov -> patents -> patft (uspto.gov/patft)
Search by patent number:
http://patft.uspto.gov/netahtml/PTO/srchnum.htm
6198783 System for wireless serial transmission of encoded information Modulation techniques
6067451 Electronic mail system
with RF communications to mobile processors. See the Appendix, under
Background Art, for prior art. Note that in Figure 3, some of the
underlying telecom infrastructure is shown ("closest LATA switches").
The first non-prior-art diagram is Figure 8 (page 9). (2 of 9 NTP v RIM claims)
Diagrams, and some text pages in .bmp format, are at http://cs.luc.edu/pld/ethics/campana.
6272190
System for wireless transmission and receiving of information
and method of operation thereof
4644351: Zabarsky patent, possible prior art. Note that this is cited in
the '592 patent. Paging is also cited there as prior art, in the
paragraph beginning, "FIG. 2 illustrates a diagram of a prior art
network"
A communications system for carrying messages via a radio channel between
one central site of a plurality of central sites and a plurality of
two-way remote data units is disclosed. Each central site has a radio
coverage area and each remote unit has a unique address and association
with one of the central sites. When a message addressed to one of the
remote units is received in a central site, a file of remote unit
addresses is searched to find the location and central site association of
the remote unit to which the message is addressed. If an address match is
found indicating that the remote transceiver is in the coverage area of
the message-receiving central site, the addressed message is stored and
transmitted in that site. If an address match is found indicating that the
remote transceiver is in another central site, the addressed message is
conveyed to that site for transmission.
This would seem to cover delivering text to specific end-users; eg paging.
Patent reexaminations (from http://en.wikipedia.org/wiki/NTP,_Inc.)
I never did find the actual BPAI preliminary rulings on these patents.
Here are two primary claims. The "patentese" is unfortunate and confusing, but the core claim in both cases is using RF links to transmit email.
claim 248 of patent 6067451
246. In a system comprising a communication system which transmits electronic mail containing information, with the electronic mail being inputted to the communication system from a plurality of processors, a RF system and an interface connecting the communication system to the RF system with the information contained in the electronic mail and an identification of a RF device in the RF system being transmitted from the interface to the RF system and broadcast by the RF system to an identified RF device, the identified RF device comprising:
a RF receiver, which receives the information when the identification of the device is detected in a broadcast by the RF system to the RF receiver; and
a memory, coupled to the RF receiver, which stores the information received by the RF receiver contained in the electronic mail inputted to the communication system.
247. The RF device in accordance with claim 246 further comprising:
a processor, coupled to the memory, which after the information has been outputted from the memory, processes the information.
248. The RF device in accordance with claim 247 further comprising:
at least one application program, executed by the processor,
which processes the information.
Fig. 8 is the first non-prior-art figure. It is described under the "BEST MODE FOR CARRYING OUT THE INVENTION" heading.
Certainly Campana appears to be patenting the use of RF links in email.
claim 150 of patent 6317592
150. In a communication system comprising a wireless system which communication system transmits electronic mail inputted to the communication system from an originating device which executes electronic mail programming to originate the electronic mail, mobile processors which execute electronic mail programming to function as a destination of electronic mail, and a destination processor to which the electronic mail is transmitted from the originating device and after reception of the electronic mail by the destination processor, information contained in the electronic mail and an identification of a wireless device in the wireless system are transmitted by the wireless system to the wireless device and from the wireless device to one of the mobile processors, the wireless device and one mobile processor comprising:
a wireless receiver connected to the one mobile processor with the one mobile processor receiving the information contained in the electronic mail after the identification of the wireless device is detected by the wireless receiver in a broadcast by the wireless system.
They have developed technology for storage of digital images of bank
checks. They actually did develop the whole system, although again the inevitability
issue arises here. They did not develop any of the actual root
technology: scanners, or data security, or digital storage systems with
enough capacity to hold images for negligible cost.
From their website:
That said, it is clear that none of DataTreasury's ideas are revolutionary.
From politico.com/news/stories/0308/9202.html The company had benefited from a controversial 1998 court ruling that broadened the definition of a patent to include business processes.
The proposed (but never passed) patent-reform act of 2007 singled out this patent for congressional revocation.
It appears that DataTreasury is claiming a business-method patent on the use of electronic image scanning for check processing. They are looking for very significant licensing fees. Again, EVERY piece of the technology has been around from well before the patent (scanning, secure storage, ???)
The DataTreasury patent has been singled out by Congress for action, but it is not clear what will happen.
Patent reform:
Patent Reform Act of 2007: H.R. 1908 and S. 1145 (did not pass)
Those in bold are the most significant.
did not pass (yet) Here are some of the proposed changes in U.S. patent law
Discuss: first-to-file: who benefits? how are small inventors affected? How are prior-art rules affected?
publish applications.
This has again been introduced in 2009; apparently the issues are
the damages calculation, post-issuance reexamination proceedings, and
defining inequitable conduct. At least the last provision has been removed from the 2009 bill. A
good-faith defense for believing a patent was invalid is also included.
Also included is a definition of prior art to include anything
"available to the public"; publication no longer would have to occur.
[Note that NTP argued that RIM's conduct was inequitable simply because NTP had sent them a letter outlining its patent claims, and RIM had disagreed.]
KSR v Teleflex, April 30, 2007
Some good patent news
This Supreme Court case altered the legal standard for disproving "non-obviousness" in favor of defendants. It is now rather easier to challenge patents on this basis.
Teleflex had a patent on a pedal coupled to an electronic throttle control (basically cruise control). The question was whether that was "obvious".
The proper question to have asked was whether a pedal designer of ordinary skill, facing the wide range of needs created by developments in the field of endeavor, would have seen a benefit to upgrading [a prior art patent] with a sensor
not thought of it by themselves, and not motivated to implement the change, but simply saw the benefit. The old "nonobviousness" standard often in effect required proving that a patent was "prior art". This test was known as the "teaching-suggestion-motivation" test. All three pieces had to be there.
Teaching-suggestion-motivation test: too narrow
Would this have helped RIM? Probably.
Bilski case: (decision released October 30, 2008)
This is a HUGE case, decided by an en banc sitting of the Federal Circuit.
Some think the Supreme Court will overrule it, but it may be more likely
that SCOTUS will adjust relatively narrowly.
I'm not sure if the supreme court has agreed to hear the case (I think they have), but there is already a huge supply of amicus filings. See:
Bilski patent: Claimed method of managing the risk of bad weather in commodities trading.
He submitted a patent application seeking exclusive rights to a method of using hedge contracts to reduce the risk that a commodity's wholesale price might change.
Again, the technique fails under both prior-art and obviousness standards. But those don't apply in the same way to business-method patents.
Patent was rejected by the Patent Board of Appeals. The Board, in rejecting the claim, asked the fedearl circuit court for assistance in determining patentability of non-technological method claims.
The federal circuit court did the following:
The court by its own action grants a hearing en banc. The parties are requested to file supplemental briefs that should address the following questions:
The court did affirm the need for a physical transformation. Their central doctrine is "Machine or Transformation". Business patents, and perhaps software patents, are in TROUBLE.
Note that their reasoning was taken straight from the few SCOTUS cases on record.
The question: is a patent "tailored narrowly enough to encompass only a particular application of a fundamental principle rather than to pre-empt the principle itself"?
Benson: NO
Diehr: YES (one of the prior SCOTUS cases)
Bilski: NO
Part of the Benson ruling: Transformation and reduction of an article 'to a different state or thing' is THE clue to the patentability of a process claim that does not include particular machines.
The Diehr patent was for making rubber, using a computer to control the process. It wins the "different state or thing" standard hands down.
They also DISMISS the "useful, concrete, or tangible result" test: that is NOT enough to establish patentability.
They also reject the "technological arts" test (see above) that was once-upon-a-time part of the method-patent rules. They agree that it is too hard to tell whether something involves the technological arts; however, unlike the USPTO, they end up ruling the OTHER WAY; that is, to reject MORE broadly than the TA test.
machine-or-transformation test: emphasize the OR.
We will, however, consider some of our past cases to gain insight into the transformation part of the test. A claimed process is patent-eligible if it transforms an article into a different state or thing. This transformation must be central to the purpose of the claimed process. But the main aspect of the transformation test that requires clarification here is what sorts of things constitute "articles" such that their transformation is sufficient to impart patent-eligibility under §101.
Tanning leather curing rubber (Diehr case)
The raw materials of many information-age processes, however, are electronic signals and electronically-manipulated data. And some so-called business methods, such as that claimed in the present case, involve the manipulation of even more abstract constructs such as legal obligations, organizational relationships, and business risks. Which, if any, of these processes qualify as a transformation or reduction of an article into a different state or thing constituting patent-eligible subject matter?
Note that while the Bilski decision does not claim to reverse State Street
(the case that led to business-method patents), most commentators seem
to feel that it has that effect. It is less clear that Bilski means
software patents no longer stand.
Applying Bilski to famous cases
RSA? material transformation in "real" terms The transformation is to a file. While it is electronic, it is decidedly material.
MP3? material transformation in "real" terms? An mp3 file isn't a physical thing, but it does have a certain "thingness". People think of them as things, and buy them as things. An mp3 file is material.
NTP? maybe no? The argument can be made that there is no "material thing" on the table here. Email messages are NOT it; the patent only addresses the delivery of email.
DataTreasury? It seems unlikely that DataTreasury's patents would stand up to this new test.
To some of you, hacking is clearly wrong
and there shouldn't even be a question here. If you're one of them,
just pay attention to the legal-strategies-against-hackers part.
However, is using a website in a manner contrary to the provider's
intentions always hacking?
Baase's "three phases of hacking"
1. Early years: "hacking" meant "clever programming"
2. ~1980-~1995:
hacking as a term for break-in
largely teenagers
"trophy" hacking
phone lines, BBSs, gov't systems
lots of social engineering to get passwords
1994 Kevin Mitnick Christmas Day attack on UCSD
(probably not carried out by Mitnick personally), launched from apollo.it.luc.edu. [!]
3. post-1995: hacking for money
early years / trophy
Phone phreaking: see Baase, p 256
Joe "The Whistler" Engressia
was born blind in 1949, with perfect pitch. He
discovered (apparently as a child) that, once a call was connected, if
you sent a 2600 Hz tone down the line, the phone system would now let
you dial a new call, while continuing to bill you for the old one.
Typically the first call would be local and the second long-distance,
thus allowing a long-distance call for the price (often zero) of a
local call. Engressia could whistle the 2600 Hz tone.
According to the wikipedia article on John Draper, Engressia also discovered that the free whistle in
"Cap'n Crunch" cereal could be modified to produce the tone; Engressia
shared this with Draper who popularized it. Draper took the nickname "Cap'n Crunch".
As an adult, Engressia wanted
to be known as "Joybubbles"; he died August 2007
Draper later developed
the "blue box" that would generate the 2600 Hz trunk-line-idle tone and
also other tones necessary for dialing.
How do we judge these people today? At the time, they were folk heroes. Everyone hated the Phone Company!
Is phone-phreaking like file sharing? Arguably, there's some public
understanding now that phone phreaking is wrong. Will there later be a
broad-based realization that file-sharing is wrong?
How wrong is what they did? Is there a role for exposing glitches in modern technology?
What about the Clifford Stoll "Cuckoo's Egg" case:
tracking down an
intruder at Berkeley & Livermore Labs; Markus Hess was a West
German citizen allegedly working for the KGB. Hess was arrested and
eventually convicted (1990). Berkeley culture at that
time was generally to tolerate such incidents.
Robert Tappan Morris (RTM) released his Internet worm in 1988; this was
the first large-scale internet exploit. Due to a software error, it
propagated much
more aggressively than had been intended, often consuming all the
available CPU. It was based on two vulnerabilities: (1) a buffer
overflow in the "finger" daemon, and (2) a feature [!] in many sendmail
versions that would give anyone connecting to port 25 a root shell if
they entered the secret password "wiz".
Were Morris's actions wrong? How wrong? Was there any part that was legitimate? RTM was most likely trying to gain fame for discovering a security vulnerability. There was no financial incentive.
The jury that convicted him spent several hours discussing Morris's
argument that when a server listened on a port (eg an email server
listening on port 25), anyone was implicitly authorized to send that
port anything they wanted.
That is, it is the server's responsibility to filter out bad data.
While the jury eventually rejected this argument, they clearly took it
very seriously.
Mitnick attack: how much of a problem was that, after all? There are
reports that many Mitnick attacks were part of personal vendettas.
(Most of these reports trace back to John Markoff's book on Mitnick;
Markoff is widely believed to have at a minimum tried to put a slant on
the facts that would drive book sales.)
Stage 3: even now, not all attacks are about money.
Baase, p 259:
"In 1998, the US Deputy defense secretary desribed a series of attacks
on US military computers as 'the most organized and systematic attack
the Pentagon has seen to date.' Two boys, aged 16 and 17, had carried
them out."
What about the London attack of about the same era on air-traffic control?
2000: the "Love Bug" or ILOVEYOU virus, by someone named de Guzman. If
you read the subject and opened the document, an MS-word macro launched
the payload.
MS-word macros were (and are) an appallingly and obviously bad idea. Should
people be punished for demonstrating this in such a public way? Was
there a time when such a demonstration might have been legitimate?
Yahoo ddos attack & mafiaboy, aka Michael Calce
The attack was launched in February 2000. Calce got discovered by bragging
about the attack pseudonymously on chatrooms. Alas for him, he'd
previously used his pseudonym "mafiaboy" in posts that contained
more-identifying information.
Conficker worm, April 1, 2009
Putting a dollar value on indirect attacks
This is notoriously hard. One of Mitnick's colleagues (Phiber Optik?)
was facing damage claims from one of the Baby Bell companies in excess
of $100,000, when it was pointed out that the stolen document was in
fact for sale for under $25.
Mark Abene (Phiber Optik) was imprisoned for a year. That was
extraordinarily long for the actual charge. Mitnick himself spent
nearly five years in prison, 4.5 of which were pre-trial. That situation is similar to that of Terry Childs in San Francisco, who is still in prison.
Calce, Abene & Mitnick now both work in computer security. Is this appropriate?
One theory is that gaining notoriety for an exploit is the way to get a security job. Is that appropriate?
If not, what could be done differently?
Modern phishing attacks (also DNS attacks)
Stealing credit-card numbers from stores. (Note: stores are not supposed to retain these at all. However, many do.)
Boeing attack, Baase p 262: how much should Boeing pay to make sure no files were changed?
TJX attack: Baase p 87 and p 271, ~2006
40 million credit-card numbers stolen! And 400,000 SSNs
Hackers apparently cracked the obsolete WEP encryption on wi-fi
networks to get in, using a "cantenna" from outside the building.
When attacks ARE about money, often the direct dollar value is huge.
And tracing what happened can be difficult. An entire bank account may
be gone. Thousands of dollars may be charged against EVERY stolen
credit-card number.
Is it ok to be "testing their security"?
What if it's a government site?
Should you be allowed to run a security scanner against other sites?
What if the security in question is APPALLINGLY BAD?
What if you have some relationship to the other host?
Baase, p 270:
"The Defense Information Systems Agency estimated that there were
500,000 hacker attacks on Defense Department networks in 1996, that 65%
of them were SUCCESSFUL, and that the Dept detected fewer than 1%"
Do we as citizens have an OBLIGATION to hack into our government's computers, to help demonstrate how insecure they are?
What about hacking into Loyola's computers? Are we obligated to do that? What about Loyola's wireless network?
Ok, failing that, what is our obligation to prevent intrusions that are not likely to be directly harmful to us?
Hactivism
In 2006, Kevin Mitnick's sites were defaced by a group. There's some irony there.
Other Baase cases:
several attacks against Chinese gov't sites, due to repressive policies
pro-Zapatista groups defacing Mexican government sites
US DoJ site changed to read "Department of Injustice"
Legal tools against hackers
Once upon a time, authorities debated charging a hacker for the value
of electricity used; they had no other tools. The relative lack of
legal tools for prosecution of computer breakins persisted for some
time.
Computer Fraud & Abuse Act of 1986: made it illegal to access
computers without authorization (or to commit fraud, or to get
passwords)
USAP AT RIOT act:
extends CFAA, and provides that when totting up the cost of the attack,
the victim may include all costs of response and recovery. Even
unnecessary or irresponsible costs.
Trespassing?
"Trespass of Chattels": maybe. This is a legal doctrine in which one party intentionally interferes with another's chattels,
essentially personal property (including computers). Often actual harm
need not be proven, just that the other party interfered, and that the
interference was intentional and without authorization.
In 2000 e-bay won a case against Bidder's Edge where the latter used
search robots to get information on e-bay auctions. The bots used
negligible computation resources. The idea was for Bidder's Edge to sell information to those participating in eBay auctions. In March 2001, Bidder's Edge settled as it went out of business.
Later court cases have often required proof of actual harm, though.
In 1998 [?], Ken Hamadi used the Intel email system to contact all
employees regarding Intel's allegedly abusive and discriminating
employment policies. Intel sued, and won at the trial and appellate
court levels. The California Supreme Courts reversed in 2003, ruling
that use alone was not sufficient for a trespass-of-chattels claim;
there had to be "actual or threatened interference".
How do you prosecute when there is no attempt to damage anything?
Part of the problem here is that trespass-of-chattels was a doctrine originally applied to intrusions,
and was quickly seized on as a tool against those who were using a
website in ways unanticipated by the creator (eg Bidder's Edge). Is
that illegal? Should the law discourage that? Should website owners be
able to dicate binding terms of use for publicly viewable pages (ie pages where a login is not required)?