United States v. Riggs
In United States v. Riggs, the government of the United States prosecuted Robert Riggs and Craig Neidorf for obtaining unauthorized access to and subsequently disseminating a file held on BellSouth's computers. The file, referred to as the E911 file, gave information regarding BellSouth's products implementing 911 emergency telephone services.[4] Riggs and Neidorf were both indicted in the District Court of the Northern District of Illinois on numerous charges relating to the dissemination of the E911 text file. As Riggs had previously been indicted in the Northern District of Georgia in relation to the same incident, his charges from Illinois were transferred to Georgia. Riggs ultimately pleaded guilty in Georgia and was sentenced to 21 months in prison and two years' supervised release.[3] Neidorf pleaded not guilty in Illinois and the government dropped all charges against Neidorf four days after the trial began.[4]
United States v. Riggs | |
---|---|
Court | United States District Court for the Northern District of Illinois |
Full case name | UNITED STATES of America, Plaintiff, v. Robert J. RIGGS, also known as Robert Johnson, also known as Prophet, and Craig Neidorf, also known as Knight Lightning, Defendants. |
Decided | July 27, 1990 |
Citation(s) | 739 F.Supp. 414,[1] 743 F.Supp. 556[2] |
Transcript(s) | www |
Case history | |
Subsequent action(s) | Riggs appealed his sentence at the 11th Circuit Court of Appeals. 967 F.2d 561.[3] |
Holding | |
The Government dropped all charges against Neidorf and a mistrial was declared. Riggs' charges were transferred to Georgia as he had already been indicted there in connection with the same events. Riggs pleaded guilty in Georgia to charges of wire fraud, access code fraud and conspiracy. | |
Court membership | |
Judge(s) sitting | Nicholas John Bua |
Background of the case
Cultural setting
United States v. Riggs occurred during 1990. At the time, computers and the Internet were not uncommon in businesses and academic institutions, but not yet commonplace in American homes. Several computer break-ins in 1983 had been associated with teenagers in Wisconsin. These teenagers gained notoriety and became known as The 414s. High-profile public incidents perpetrated by groups such as The 414s combined with movies such as WarGames to create a public stereotype of hackers as wayward youths eager to abuse computer knowledge without regard to the consequence of their actions.
Defendants
Robert Riggs had a previous conviction for computer-related crime in North Carolina in 1986 for unauthorized access to BellSouth's computers. As a result, Riggs was sentenced to 15 days of community service and 18 months of probation.[4] Craig Neidorf was a 20-year-old college student studying pre-law at University of Missouri. Neidorf began publishing the hacker magazine PHRACK at the age of 16 and published 30 issues from 1985 to 1989.
Previous indictment
Prior to the proceedings described below in the Northern District of Illinois, Riggs was indicted in the Northern District of Georgia on charges related to the same events. Riggs' Georgia indictment included four counts of wire fraud, three counts of access code fraud and one count of conspiracy. The two indictments in Illinois described below charged Riggs with additional crimes. The charges from Illinois were transferred to Georgia in accordance with Federal Rule of Criminal Procedure 20.[3]
District Court proceedings
First indictment
On February 1, 1990,[4] a federal grand jury voted to issue an indictment[5] against both Robert Riggs and Craig Neidorf. The indictment alleged that Riggs and Neidorf had defrauded BellSouth by electronically stealing a text file and disseminating that file over the Internet in an online magazine edited by Neidorf known as PHRACK. The indictment alleged that Riggs broke into a BellSouth computer located in Atlanta, Georgia, downloaded the text file to his own computer located in Decatur, Georgia, and electronically transferred the file to a bulletin board system located in Lockport, Illinois. Neidorf then allegedly downloaded the file from the bulletin board in Lockport, Illinois, to his own computer in Columbia, Missouri. Neidorf then edited the file, at the request of Riggs, to remove details identifying the file as belonging to BellSouth, and uploaded the file to the same bulletin board system in Lockport, Illinois. The indictment charged both Riggs and Neidorf with seven violations of federal statutes: counts 1 and 2 alleged violations of 18 USC § 1343[6] (wire fraud), counts 3 and 4 alleged violations of 18 USC § 2314 [7] (interstate transportation of stolen property), and counts 5-7 alleged violations of 18 USC § 1030[8] (computer fraud and abuse).[5]
Neidorf responded to the indictment by issuing a series of pre-trial motions, including motions to dismiss counts 2–7 of the indictment. Judge Bua subsequently denied all of Neidorf's motions.[1] Neidorf's motions to dismiss counts 3 and 4 (pertaining to interstate transportation of stolen property) were noteworthy as they claim Neidorf should not be charged with violations of § 2314 as he has only caused "electronic impulses" to move over state lines and had not moved any physical property. Although the government conceded that § 2314 had never been applied in this manner before, the court held that it would allow electronic interstate transportation of proprietary business information as a violation of § 2314. In support of the decision to uphold the charge, the court cited United States v. Gilboe,[9] in which the defendants issued wire transfers of money across state lines and were prosecuted under § 2314. The act of the wire transfer was regarded as being tantamount to physically moving the money as the effect of the wire transfer was that tangible funds became available in a bank where they were not previously available.
Second indictment
On June 7, 1990, the grand jury issued a superseding indictment against Riggs and Neidorf which took the place of the first indictment.[10] The second indictment dropped charges of violating § 1030[11] (computer fraud and abuse) and instead charged Riggs exclusively with one count of violating § 1343[12] (wire fraud), charged Neidorf exclusively with 4 counts of violating § 1343, and charged Riggs and Neidorf jointly with 4 counts of violating § 1343 and 2 counts of violating § 2314. The second indictment also broadened the scope of alleged activities from strictly obtaining and disseminating the BellSouth text file. The second indictment alleged a broader effort to disseminate hacker tutorials with the goals solidifying the hacker community and educating hackers in a range of skills including evasion of law enforcement.
In response to the superseding indictment, Neidorf filed motions to dismiss all 10 counts of the indictment in which he was named. Neidorf incorporated arguments made by the Electronic Frontier Foundation in support of his motions to dismiss. Neidorf's arguments included a claims that publication of PHRACK, including the BellSouth text file, was within his First Amendment freedoms and that the laws he was charged with violating were unacceptably vague. The court rejected both of these arguments, holding that criminal laws apply even if the activity in question is speech related. All of Neidorf's motions to dismiss were denied.[2]
District court conclusion
The trial of Neidorf in Illinois began on July 23, 1990. Neidorf was represented by Sheldon Zenner of Katten, Muchin & Zavis in Chicago. Although the trial had been scheduled to last two weeks, the prosecution dropped the charges after four days. No reason for dropping the charges was officially given, although the government's case was considerably weakened by expert witnesses employed by Neidorf and Zenner. John Nagle, an independent computer scientist, and Dorothy Denning, a computer security expert, testified for the defense that the text file stolen from BellSouth, as published by Neidorf, actually contained nothing of value for breaking into systems. The defense was also able to demonstrate that the file which the government had alleged was both highly valuable and highly proprietary was actually neither. Nagle demonstrated that more damaging information about BellSouth's 911 system was already publicly available, and Zenner demonstrated that the exact file in question, unedited, could be obtained by calling BellSouth and ordering manuals which cost either $13 or $21. Neidorf ultimately received no conviction, although he did incur legal expense in excess of $100,000.[4]
Riggs' proceedings continued in Georgia, where he pleaded guilty to the conspiracy charge from Georgia and the wire fraud charges from Illinois. Riggs received a prison sentence of 21 months to be followed by two years of supervised release. The conditions of Riggs' supervised release included that he was not allowed to own or control a computer of any type for his own personal use at any point in the two-year period.[3]
Federal Appeals Court proceedings
Riggs issued an appeal to the United States Court of Appeals in the Eleventh Circuit contesting both the length of his sentence and the conditions of his supervised release. Riggs' appeal argued that the sentence was excessive because it exceeded sentencing guidelines for his crimes and previous convictions. The court upheld the sentence, however, on the grounds that they did not feel the criminal history category in which Riggs had been placed was an accurate representation of his past criminal conduct. The terms of Riggs supervised release were also upheld.[3]
Public commentary
United States v. Riggs has been cited in public discourse on the difference between theft of electronic and physical resources, as seen in the Berkeley Technology Law Journal[13] and Internet World (a publication of the Electronic Frontier Foundation).[14] Communications of the ACM published an article reviewing the events of the case and offering commentary on the proceedings and potential responses from the professional community.[4] The case has also been cited in a number of books dealing with computers, hacking, legality and ethics.[15][16][17]
References
- United States v. Riggs, 739 F.Supp. 414 (1990).
- United States v. Riggs, 743 F.Supp. 556 (1990).
- United States v. Robert J. Riggs, 967 F.2d 561 (1992).
- Denning, D. E. (March 1991). "The United States vs. Craig Neidorf: A debate on electronic publishing, Constitutional rights and hacking". Communications of the ACM. 34 (3): 22–43. doi:10.1145/102868.102869.
- "Original Indictment of Riggs and Neidorf". Retrieved 2011-02-17.
- 18 USC § 1343
- 18 USC § 2314
- 18 USC § 1030
- United States v. Gilboe
- "Superseding Indictment of Riggs and Neidorf". Retrieved 2011-02-17.
- § 1030
- § 1343
- Yin, Tung (Fall 1993), "Post-Modern Printing Presses: Extending Freedom of Press to Protect Electronic Information Services" (PDF), Berkeley Technology Law Journal, 8 (2)
- "When Copying Isn't Theft: How the Government Stumbled in a "Hacker" Case". Retrieved 2011-02-17.
- Ludlow, Peter (1999). High Noon on the Electronic Frontier: Conceptual Issues in Cyberspace. USA: MIT Press. ISBN 0-262-62103-7.
- Casey, Eoghan (2000). Digital Evidence and Computer Crime: Forensic Evidence, Computers and The Internet. San Diego, CA: Academic Press. ISBN 0-12-163104-4.
- Bashman, Matthew (2005). The Script Kiddie Cookbook. USA: Lulu Press. ISBN 1-4116-2158-1.