ROBERT T. MORRIS JR., the suspended Cornell graduate student, is plainly something of a computer whiz. But he's now also a convicted federal felon. His sentence, when it comes, should reflect the serious consequences of his reckless actions 14 months ago.
Nov. 2, 1988, was the day Morris signed on from his computer in Ithaca. What the jury concluded was that Morris then unleashed a program, or "worm," that reproduced itself over and over, invading and disabling 6,000 computers hooked into a nationwide network.
These computers served major universities, military facilities and government agencies, among them the National Aeronautics and Space Administration.
Morris, who said he was studying computer security, added that his experiment went bad with a programming error -- but that he had not intended to cripple the computer network. Prosecutors for the Justice Department, on the other hand, said Morris's rogue program didn't invade the computers by accident, and that his "sole intention was to break into as many computers in the United States as he could."
In believing the latter, the jury made Morris the first person ever convicted under a 1986 law enacted by Congress, the Computer Fraud and Abuse Act. It outlawed activities to "intentionally access a federal interest computer without authorization, and by means of one or more instances of
such conduct alter, damage or destroy information" in those computers.
This is certainly a new field of criminal regulation. Like computer programs themselves, the law may still have bugs in it.
Conceptually, however, it reflects a responsible effort to meet a real need.
There are substantial dangers from reckless keyboard adventurers trying to break the security of vast systems of computerized information in fields such as education, law-enforcement or national defense.
The potential consequences of these dangers are serious. Sensitive information could be destroyed or pirated. The personal privacy of other students and citizens could be violated for the most malicious reasons.
Morris exposed the weakness of the system he successfully invaded, but he should not be rewarded for it. That would simply encourage other irresponsible attempts.
He now faces up to five years in prison and a $250,000 fine.
During the trial, he admitted breaking into a research center's computers before.
The judge should come up with a sentence that justly punishes the brilliant but irresponsible student, a sentence sufficiently stern so that no one could believe Morris had gotten away with something, a sentence stiff enough to dissuade others from following his example.
This was no innocent prank or electronic lark. It should not be treated as one.