Information Crimes and Information Torts
In this section I cover two of my favorite fields – information crimes and information torts. I lump them together because, in practice, most information crimes are also information torts. For example, if someone steals your snail mail so they can get your complimentary checks and personal information, that’s a low-tech information crime, for which the local prosecutor may bring charges. It is also a tort, a civil wrong for which you can file a lawsuit. For the one act of theft, there can be two legal consequences – a criminal prosecution and a lawsuit.
However, as we discuss below, the prosecutors are usually both ill-equipped and indisposed to prosecute acts, like the theft of email from a server, that they aren’t sure really are crimes. Because unlike torts, which are defined primarily from the case law created by judges, and can be stretched to fit new situations, crimes are always defined in statutes, laws adopted by the State legislatures or the United States Congress. And sometimes the courts manifest incredible obtuseness when interpreting information-age statutes like the Electronic Crime Prevention Act, which was recently interpreted to make unlawful only the interception of emails while in transit through a network, instead of, far more commonsensically, finding the theft of email to be criminal wherever and however committed.
Meet a New Criminal — The Atavistic Geek
The dawn of widespread Internet communication heralded the beginning of a new day for fraud, forgery and larceny. A new criminal type has appeared to exploit the plethora of opportunities for theft and mischief — the atavistic geek. An atavist refuses to acknowledge social restraints that prevent him from pursuing his exclusive personal benefit. I prefer this description to “hackers,” because cracking codes and invading networks is actually some of the least common antisocial activity engaged in by atavistic geeks. The free range they are allowed on the Internet feeds their antisocial impulses in myriads of ways, rewarding them for their misdeeds with money, status, and often, entry into legitimate business.
This Ain’t Rocket Science
Atavistic geeks are not necessarily any smarter than your average car thief, and just like a car thief can remain fully employed because he knows how to steal cars and deliver them to his fence, atavistic geeks sometimes develop only the basic skills needed to know how to deceive people and deliver them to their boss for full and effective exploitation. Just like car thieves, they are expendable people, usually too morally uneducated to understand the harm they are causing or the risks they run. Of course, the atavistic geek faces much less of a likelihood of apprehension than the average car thief, leading me to say that anyone who commits crimes without a computer is simply running unnecessary risks. Nevertheless, their cleverness should not move us to admiration or pity – these people need real jobs.
Meet the New Keystone Kops
Because crime often pays fairly well, and because every increment in technology brings special advantages to those who master it before others, criminals are often the earliest of early adopters. Quick to catch onto the value of fast cars, automatic weapons, and the latest in bathtub chemistry, criminals have harvested passing benefits from adopting these technologies. Computers are far more powerful than these technologies, however, and criminals have seized upon their value decisively. Certainly every gang that lacks a geek is slated for extinction.
The same might be said for police departments and other law enforcement agencies. I just listened to a hilarious interview that was conducted by a police officer who was trying to elicit statements from an atavistic geek who confessed to a series of information crimes. The cop was a nice country sheriff’s deputy, easygoing, pleasant and clueless. The interview is simply a disaster, and the deputy drew all the wrong conclusions from it, failing to realize that the real criminal was sitting right there confessing, and instead accepting the atavistic geek’s preposterous statements as if they made sense. The wool, in other words, was pulled over his eyes, and as a result, he proceeded to arrest the wrong person – my client.
Months later, after my client fired his other lawyer and retained me, I pointed out to the judge and prosecutor that in the course of accusing my client of directing him to commit the crimes, the atavistic geek had confessed to committing all of those crimes himself. The judge seemed surprised, and asked the prosecutor, effectively, “What’s up with that?” In response, the prosecutor dug into his large supply of dumb looks, and produced one of the dumbest, but a month later, he filed criminal charges against the atavistic geek who now, of course, will take the Fifth Amendment, leaving no one to accuse and convict my client, which is good, because I think he’s been falsely accused.
Assuming I am correct, and my client was falsely accused by the atavistic geek, multiple injustices have been committed by bad police work. An innocent man has had his life turned upside down, and has been forced to pay lawyers more than the annual per capita income of your average Oregon citizen just to stay out of jail. His accuser, a criminal who concealed his guilt using technical jargon, nearly escaped prosecution entirely. Finally, the victims of this atavistic geek were tricked into hating my client, a man who did them no harm.
Now all that sounds bad, and it is, but at least that little Oregon county had one deputy trying to figure out the crime. At least the county sheriff answered the phone and assigned a deputy to the case. By contrast, the United States Department of Justice has only thirty prosecutors tasked with prosecuting Internet crimes, and the last time I called the Portland FBI office to report a crime, I got an answering machine. FBI has paid over $180 Million for a dysfunctional computer network to their old friends at Strategic Applications International Corporation (SAIC), whose Board of Directors is comprised entirely of old defense and intelligence dinosaurs like Bobby Inman (ex CIA director) and Frank Carlucci (ex Secretary of Defense). It would have been cheaper just to pay criminals not to commit crimes.
Let me break it to you here. There is an Internet crime tsunami on the horizon, and the federal government is as clueless about how to respond to it as the governments of Thailand , Indonesia , Ceylon and India , when faced with the killer wave of 2004. The cops either don’t know it’s coming, or they don’t know what to do about it, and they aren’t going to warn us about what they do know. Why? It’s just nobody’s job. The FBI is primarily engaged in the business of solving bank robberies, which is to say, serving as insurance investigators for the FDIC. The federal Marshals are busy managing the large numbers of drug users and illegal immigrants currently housed in the nation’s federal prisons. The Treasury cops are focused on counterfeiting of paper money and staffing the Bush Inauguration with enough snipers to wipe out the citizens of Washington D.C. , should the need for such a citizen-containment action become necessary. The DEA sets up drug deals and disburses funds to buy drugs, thus maintaining the cost of drugs, making them too expensive for honest people to buy. The FTC goes after a clutch of fraudsters I’ve referred to as “the usual suspects,” about which you can read at www.businessfraudlawyer.com.
It sounds like, for all the good the federal government will do you if you are victimized by an atavistic geek, you might as well call the Better Business Bureau. Neverthess, if you are an information crime victim, unless there are unique circumstances, you should immediately make a police report to your local police, and be sure the investigating officer “opens a case,” which just means assigning it a case number, and recording your statement in a police report. Sometimes cops dodge out on this responsibility, and that could be bad for you – if there’s no case number, you’ll never find a report. Of course, opening a case could lead to an investigation, or even a prosecution, but at the very least it will provide proof that you identified yourself as a crime victim.
Unique Circumstances
Obviously, the FBI isn’t going to get involved in a domain name theft. They never have, and never will. Since most stolen domains are comprised of sexy words that attract sexually starved men, you can imagine your local cops will not be too interested in helping people to recover them. Indeed, they might take an altogether unhealthy interest in a pornographer’s affairs. So this is one unique circumstance, similar to that presented by the theft of narcotics, where the victim may be best advised not to make a crime report.
Okay, Gimme One of Them Information Torts
Once you’ve made your police report, then it’s time to help yourself to an information tort. If you have been the victim of identity theft, please read what I’ve published on the subject at www.idtheftlawyer.com. Remember that many information torts are accomplished through the use of identity theft; indeed, most identity thieves steal identities only as an instrumental means to acquire property by impersonating the true owner.
I have heard of some clever identity thefts committed as preliminaries for financial theft. One thief acquired a second level Internet domain name to gain control over the victim’s email address, which was hosted at that domain. In case this is passing you by, this is like buying Hotmail.com in order to be able to read the contents of the email files of Hotmail users, and more importantly, to send counterfeit emails under their names. Having thus obtained control over the victim’s email address, the thief sent counterfeit emails requesting a domain name registrar to transfer one of the victim’s own valuable domain names over to the thief’s account. The theft came off as smooth as silk, and the name has not been recovered.
Now who, in this case, can be sued for the theft of the domain name? Assuming that you are in the Ninth Circuit, which includes California and Oregon , we would have to consider filing claims against various persons and companies. How do we determine who can be sued? It’s not difficult if you understand what a tort is.
Incidentally, I initially decided not to become a lawyer because I saw that my older brother had to study a book in law school entitled “Torts.” Ugh, I thought, what an ugly word, and furthermore, one I’d never heard of. Later I learned that tort is derived from the same root as torque and torsion, words that describe a twisting motion. I then realized that torture is also derived from the same root, and concluded that a tort is a “twist” in the relationships between private persons that one may go to court to get “straightened out.”
When you get to court, the judge will want to know whether this is really a tort case, and he may therefore, at the instigation of the adversary’s lawyer, ask your lawyer to answer four questions:
1. Did the defendant owe a duty to your client?
2. Did the defendant breach that duty?
3. Did the breach cause your client injury or loss?
4. Was the injury or loss compensable?
With respect to a domain thief, in the State of California , the answers are:
1. Yes, your Honor. This is the tort of “conversion of personal property” because everyone is obliged to refrain from “converting” another person’s property to their own use.
2. Yes, because they stole my client’s domain name, which is personal property in the State of California .
3. Yes, because the loss of the domain name deprives my client of money derived from the value and operation of the domain name.
4. Yes, because the law allows us: (a) to recover stolen property when it can be returned to the true owner; (b) to recover money damages for the loss of use during the time the true owner was deprived of possession; and, (c) to require the thief to give back all the money they earned using someone else’s stolen property.
There are many information torts besides identity theft and domain theft. Invasion of privacy and anonymous slander seem to be growth areas. These information torts are all what we’d call “intentional torts.” Nobody accidentally steals an identity or an item of cyber-property. It’s virtually always intentional. In addition to these information torts, however, there is a much larger category of information torts of the negligent type.
Negligent Information Torts
Before we start with negligent information torts, I should explain what negligence is. Negligence law is founded what is often called the Golden Rule – “do unto others as you would have them do unto you.” This means, for example, that if you assume care of someone’s property, you must care for it as a reasonable person would care for their own property. The rationale for the rule was well-stated by Justice Holmes, who explained that a person is free to destroy their own property, since they must bear the loss; therefore, just as they experience loss by damaging their own property, they must be prepared to experience the same consequence if they damage the property of others. Only in this way, by visiting consequences upon the actor, can we communicate the importance of caring for the property and lives of others.
Here are three examples of how we apply the rule:
Example # 1: Since a reasonable person would not leave their cellphone in the bathroom of a bar, you would be negligent if you borrowed your friend’s cellphone and left it in a bar bathroom, from whence it was stolen. Why? Because a reasonable person would foresee a clear possibility that a cellphone left in a bar bathroom might be stolen.
Example # 2: Since a reasonable person would not drive a public road at one hundred and seventy miles per hour, then a person who drives at such an unreasonably high speed will be liable for all the harm he causes. Why? Because we owe everyone the duty of protecting their lives and property with as much care as a reasonable person would devote to protecting their own lives and property.
Example # 3: Since a reasonable doctor would not answer questions about a patient without obtaining a medical release in writing from the patient, he would be negligent if he permitted another patient to simply browse through a number of patient files in order to find his own records, and the medical records of another patient were disclosed. Why? Because the doctor assumed the duty to protect the medical privacy of his patients, and breached that duty by failing to protect medical records from likely disclosure.
Returning again to domain theft, it is possible that only the actual thief is aware that he is in the process of stealing a domain name. Nevertheless, negligence liability might be asserted against parties who contributed to the loss by “failing to exercise due care,” if they had a duty to the domain name owner. This field of liability has been explored very little, but as the Internet generates more information torts, it will be important to perform this analysis carefully. Key to analyzing each case will be remembering the analytical rule Woodward & Bernstein applied to Richard Nixon’s responsibility for the Watergate burglary: What did the president know, and when did he know it? Why? Because the duty to protect the property of another person from theft will arise from knowledge that one’s action or failure to act could cause the theft to occur.
A Negligent Police Tort: Wrongful Arrest and Defamation Due to Negligent Misidentification of Innocent Persons as Criminals
It’s common knowledge that the FBI maintains a database of fifty million fingerprints that it can search by computer in the Automated Fingerprint Investigation System (AFIS). It is also well known that the FBI maintains the National Crime Information Computer system (NCIC), and that all of the fifty states send their records of arrest and conviction to the NCIC for recording in the national database. What is not well-known is that the system of criminal history reporting in the United States occasionally misidentifies innocent people as convicted criminals, causing them to be arrested, to lose their jobs, and to lose all standing in the community.
However, as we discuss below, the prosecutors are usually both ill-equipped and indisposed to prosecute acts, like the theft of email from a server, that they aren’t sure really are crimes. Because unlike torts, which are defined primarily from the case law created by judges, and can be stretched to fit new situations, crimes are always defined in statutes, laws adopted by the State legislatures or the United States Congress. And sometimes the courts manifest incredible obtuseness when interpreting information-age statutes like the Electronic Crime Prevention Act, which was recently interpreted to make unlawful only the interception of emails while in transit through a network, instead of, far more commonsensically, finding the theft of email to be criminal wherever and however committed.
Meet a New Criminal — The Atavistic Geek
The dawn of widespread Internet communication heralded the beginning of a new day for fraud, forgery and larceny. A new criminal type has appeared to exploit the plethora of opportunities for theft and mischief — the atavistic geek. An atavist refuses to acknowledge social restraints that prevent him from pursuing his exclusive personal benefit. I prefer this description to “hackers,” because cracking codes and invading networks is actually some of the least common antisocial activity engaged in by atavistic geeks. The free range they are allowed on the Internet feeds their antisocial impulses in myriads of ways, rewarding them for their misdeeds with money, status, and often, entry into legitimate business.
This Ain’t Rocket Science
Atavistic geeks are not necessarily any smarter than your average car thief, and just like a car thief can remain fully employed because he knows how to steal cars and deliver them to his fence, atavistic geeks sometimes develop only the basic skills needed to know how to deceive people and deliver them to their boss for full and effective exploitation. Just like car thieves, they are expendable people, usually too morally uneducated to understand the harm they are causing or the risks they run. Of course, the atavistic geek faces much less of a likelihood of apprehension than the average car thief, leading me to say that anyone who commits crimes without a computer is simply running unnecessary risks. Nevertheless, their cleverness should not move us to admiration or pity – these people need real jobs.
Meet the New Keystone Kops
Because crime often pays fairly well, and because every increment in technology brings special advantages to those who master it before others, criminals are often the earliest of early adopters. Quick to catch onto the value of fast cars, automatic weapons, and the latest in bathtub chemistry, criminals have harvested passing benefits from adopting these technologies. Computers are far more powerful than these technologies, however, and criminals have seized upon their value decisively. Certainly every gang that lacks a geek is slated for extinction.
The same might be said for police departments and other law enforcement agencies. I just listened to a hilarious interview that was conducted by a police officer who was trying to elicit statements from an atavistic geek who confessed to a series of information crimes. The cop was a nice country sheriff’s deputy, easygoing, pleasant and clueless. The interview is simply a disaster, and the deputy drew all the wrong conclusions from it, failing to realize that the real criminal was sitting right there confessing, and instead accepting the atavistic geek’s preposterous statements as if they made sense. The wool, in other words, was pulled over his eyes, and as a result, he proceeded to arrest the wrong person – my client.
Months later, after my client fired his other lawyer and retained me, I pointed out to the judge and prosecutor that in the course of accusing my client of directing him to commit the crimes, the atavistic geek had confessed to committing all of those crimes himself. The judge seemed surprised, and asked the prosecutor, effectively, “What’s up with that?” In response, the prosecutor dug into his large supply of dumb looks, and produced one of the dumbest, but a month later, he filed criminal charges against the atavistic geek who now, of course, will take the Fifth Amendment, leaving no one to accuse and convict my client, which is good, because I think he’s been falsely accused.
Assuming I am correct, and my client was falsely accused by the atavistic geek, multiple injustices have been committed by bad police work. An innocent man has had his life turned upside down, and has been forced to pay lawyers more than the annual per capita income of your average Oregon citizen just to stay out of jail. His accuser, a criminal who concealed his guilt using technical jargon, nearly escaped prosecution entirely. Finally, the victims of this atavistic geek were tricked into hating my client, a man who did them no harm.
Now all that sounds bad, and it is, but at least that little Oregon county had one deputy trying to figure out the crime. At least the county sheriff answered the phone and assigned a deputy to the case. By contrast, the United States Department of Justice has only thirty prosecutors tasked with prosecuting Internet crimes, and the last time I called the Portland FBI office to report a crime, I got an answering machine. FBI has paid over $180 Million for a dysfunctional computer network to their old friends at Strategic Applications International Corporation (SAIC), whose Board of Directors is comprised entirely of old defense and intelligence dinosaurs like Bobby Inman (ex CIA director) and Frank Carlucci (ex Secretary of Defense). It would have been cheaper just to pay criminals not to commit crimes.
Let me break it to you here. There is an Internet crime tsunami on the horizon, and the federal government is as clueless about how to respond to it as the governments of Thailand , Indonesia , Ceylon and India , when faced with the killer wave of 2004. The cops either don’t know it’s coming, or they don’t know what to do about it, and they aren’t going to warn us about what they do know. Why? It’s just nobody’s job. The FBI is primarily engaged in the business of solving bank robberies, which is to say, serving as insurance investigators for the FDIC. The federal Marshals are busy managing the large numbers of drug users and illegal immigrants currently housed in the nation’s federal prisons. The Treasury cops are focused on counterfeiting of paper money and staffing the Bush Inauguration with enough snipers to wipe out the citizens of Washington D.C. , should the need for such a citizen-containment action become necessary. The DEA sets up drug deals and disburses funds to buy drugs, thus maintaining the cost of drugs, making them too expensive for honest people to buy. The FTC goes after a clutch of fraudsters I’ve referred to as “the usual suspects,” about which you can read at www.businessfraudlawyer.com.
It sounds like, for all the good the federal government will do you if you are victimized by an atavistic geek, you might as well call the Better Business Bureau. Neverthess, if you are an information crime victim, unless there are unique circumstances, you should immediately make a police report to your local police, and be sure the investigating officer “opens a case,” which just means assigning it a case number, and recording your statement in a police report. Sometimes cops dodge out on this responsibility, and that could be bad for you – if there’s no case number, you’ll never find a report. Of course, opening a case could lead to an investigation, or even a prosecution, but at the very least it will provide proof that you identified yourself as a crime victim.
Unique Circumstances
Obviously, the FBI isn’t going to get involved in a domain name theft. They never have, and never will. Since most stolen domains are comprised of sexy words that attract sexually starved men, you can imagine your local cops will not be too interested in helping people to recover them. Indeed, they might take an altogether unhealthy interest in a pornographer’s affairs. So this is one unique circumstance, similar to that presented by the theft of narcotics, where the victim may be best advised not to make a crime report.
Okay, Gimme One of Them Information Torts
Once you’ve made your police report, then it’s time to help yourself to an information tort. If you have been the victim of identity theft, please read what I’ve published on the subject at www.idtheftlawyer.com. Remember that many information torts are accomplished through the use of identity theft; indeed, most identity thieves steal identities only as an instrumental means to acquire property by impersonating the true owner.
I have heard of some clever identity thefts committed as preliminaries for financial theft. One thief acquired a second level Internet domain name to gain control over the victim’s email address, which was hosted at that domain. In case this is passing you by, this is like buying Hotmail.com in order to be able to read the contents of the email files of Hotmail users, and more importantly, to send counterfeit emails under their names. Having thus obtained control over the victim’s email address, the thief sent counterfeit emails requesting a domain name registrar to transfer one of the victim’s own valuable domain names over to the thief’s account. The theft came off as smooth as silk, and the name has not been recovered.
Now who, in this case, can be sued for the theft of the domain name? Assuming that you are in the Ninth Circuit, which includes California and Oregon , we would have to consider filing claims against various persons and companies. How do we determine who can be sued? It’s not difficult if you understand what a tort is.
Incidentally, I initially decided not to become a lawyer because I saw that my older brother had to study a book in law school entitled “Torts.” Ugh, I thought, what an ugly word, and furthermore, one I’d never heard of. Later I learned that tort is derived from the same root as torque and torsion, words that describe a twisting motion. I then realized that torture is also derived from the same root, and concluded that a tort is a “twist” in the relationships between private persons that one may go to court to get “straightened out.”
When you get to court, the judge will want to know whether this is really a tort case, and he may therefore, at the instigation of the adversary’s lawyer, ask your lawyer to answer four questions:
1. Did the defendant owe a duty to your client?
2. Did the defendant breach that duty?
3. Did the breach cause your client injury or loss?
4. Was the injury or loss compensable?
With respect to a domain thief, in the State of California , the answers are:
1. Yes, your Honor. This is the tort of “conversion of personal property” because everyone is obliged to refrain from “converting” another person’s property to their own use.
2. Yes, because they stole my client’s domain name, which is personal property in the State of California .
3. Yes, because the loss of the domain name deprives my client of money derived from the value and operation of the domain name.
4. Yes, because the law allows us: (a) to recover stolen property when it can be returned to the true owner; (b) to recover money damages for the loss of use during the time the true owner was deprived of possession; and, (c) to require the thief to give back all the money they earned using someone else’s stolen property.
There are many information torts besides identity theft and domain theft. Invasion of privacy and anonymous slander seem to be growth areas. These information torts are all what we’d call “intentional torts.” Nobody accidentally steals an identity or an item of cyber-property. It’s virtually always intentional. In addition to these information torts, however, there is a much larger category of information torts of the negligent type.
Negligent Information Torts
Before we start with negligent information torts, I should explain what negligence is. Negligence law is founded what is often called the Golden Rule – “do unto others as you would have them do unto you.” This means, for example, that if you assume care of someone’s property, you must care for it as a reasonable person would care for their own property. The rationale for the rule was well-stated by Justice Holmes, who explained that a person is free to destroy their own property, since they must bear the loss; therefore, just as they experience loss by damaging their own property, they must be prepared to experience the same consequence if they damage the property of others. Only in this way, by visiting consequences upon the actor, can we communicate the importance of caring for the property and lives of others.
Here are three examples of how we apply the rule:
Example # 1: Since a reasonable person would not leave their cellphone in the bathroom of a bar, you would be negligent if you borrowed your friend’s cellphone and left it in a bar bathroom, from whence it was stolen. Why? Because a reasonable person would foresee a clear possibility that a cellphone left in a bar bathroom might be stolen.
Example # 2: Since a reasonable person would not drive a public road at one hundred and seventy miles per hour, then a person who drives at such an unreasonably high speed will be liable for all the harm he causes. Why? Because we owe everyone the duty of protecting their lives and property with as much care as a reasonable person would devote to protecting their own lives and property.
Example # 3: Since a reasonable doctor would not answer questions about a patient without obtaining a medical release in writing from the patient, he would be negligent if he permitted another patient to simply browse through a number of patient files in order to find his own records, and the medical records of another patient were disclosed. Why? Because the doctor assumed the duty to protect the medical privacy of his patients, and breached that duty by failing to protect medical records from likely disclosure.
Returning again to domain theft, it is possible that only the actual thief is aware that he is in the process of stealing a domain name. Nevertheless, negligence liability might be asserted against parties who contributed to the loss by “failing to exercise due care,” if they had a duty to the domain name owner. This field of liability has been explored very little, but as the Internet generates more information torts, it will be important to perform this analysis carefully. Key to analyzing each case will be remembering the analytical rule Woodward & Bernstein applied to Richard Nixon’s responsibility for the Watergate burglary: What did the president know, and when did he know it? Why? Because the duty to protect the property of another person from theft will arise from knowledge that one’s action or failure to act could cause the theft to occur.
A Negligent Police Tort: Wrongful Arrest and Defamation Due to Negligent Misidentification of Innocent Persons as Criminals
It’s common knowledge that the FBI maintains a database of fifty million fingerprints that it can search by computer in the Automated Fingerprint Investigation System (AFIS). It is also well known that the FBI maintains the National Crime Information Computer system (NCIC), and that all of the fifty states send their records of arrest and conviction to the NCIC for recording in the national database. What is not well-known is that the system of criminal history reporting in the United States occasionally misidentifies innocent people as convicted criminals, causing them to be arrested, to lose their jobs, and to lose all standing in the community.