The petulant boys and girls who play in the sandbox called the U.S. Senate got into one of their typical temper tantrums in the last hours of the 98th Congress this fall. They were so busy shouting and calling each other names that nobody seemed interested in passing any legislation.
In desperation, the Senate leadership decided that the only way to make these mature, responsible public servants do their work was to hold an all-night session. A long line of cots was set up in the Capitol corridors. Between catnaps, our elected leaders voted on bills and amendments. In these absurd circumstances the Congress passed an absurd piece of computer legislation.
The new criminal statute empowers the FBI, which presumably has nothing better to do, to snoop around thousands of computer "bulletin board" systems to prosecute computer "hackers" who are allegedly abusing corporate and governmental computer systems from coast to coast.
The problem, to the extent it is a problem, is this: thousands of companies, schools, and government agencies have telephone hookups through which their customers and employes can call a central computer to get information or leave messages.
A common example of such a system would be a national retail chain with headquarters in New York City. The chain's Dubuque store can call the computer in New York to place an order, check advertising copy, or what have you.
Each system has some security arrangements to fend off unwanted callers. To get into The Washington Post's newsroom computer, for example, you need to know the phone number, and then type in two separate passwords -- known only to the user -- before you can be connected.
There has been a problem of computer hackers around the country trying to penetrate some of these central systems. Some hackers evidently discovered a number and a password to get into the Taco Bell computer, presumably enabling the intruder to order 5,000 cases of hot sauce or some such.
The most infamous instance to date came earlier this year when some hackers obtained a number and password enabling them to rummage around in the electronic records maintained by TRW Information Services, a big credit agency that had names and credit numbers of some 90 million people.
Alarmed by such happenings, our benighted congresspeople rose from their cots and passed a law making it a federal offense -- with up to a year in jail for first offenders -- to gain "unauthorized access" to any private or governmental data bank containing personal or corporate financial records.
This law is a classic case of shooting an ICBM at a mosquito -- and firing wide. Even if the situation were serious enough to bring on the G-men, the statutory solution Congress hit on cannot work because it is aimed at the wrong people.
Granted there are some bad apples out there in hackerland. For the most part, though, the people making this "unauthorized access" are 15-year-old computer "phreaks" who are doing it solely for the intellectual challenge. It's a kids' game. But now Congress is dispatching the FBI to track down these evil miscreants and ship them to Leavenworth.
The real problem with "unauthorized access" is not this corps of precocious kids typing away at their Commodores but rather the corporate computer types who designed the leaky central systems the hackers are invading.
It is no great trick to set up a computer system that can't be penetrated. If you create a series of passwords, protect their secrecy, and change them regularly, you can frustrate just about any unauthorized intruder.
Many of the systems operating now, though, treat security as a joke. TRW, for example, says its credit records are guarded as carefully as possible. But Infoworld Magazine reported that a "secret" TRW password may have been printed on credit reports routinely given to people applying for a credit card at Sears, among other places. It said the same password was passed around for months, but that TRW did not bother to issue a new one.
A Garden Grove, Calif., consumer named Burt Mazelow has sued TRW for failing to protect his credit records from snoopers. Without prejudging this particular case, one can say that Mazelow has found a much more intelligent approach to the problem than our sleepy senators came up with.
If the problem of "unauthorized access" is to be stopped, it's patently obvious that changes will have to come at the central-computer level. Instead of hounding rambunctious kids giving their computers a workout, the government should attack this problem at the source: the corporate and governmental bureaucracies that have been too dumb or too cheap to make sure that private information is really private.