(C) Copyright 1997 Gernsback Publications, Inc. Reprinted with permission from Electronics Now Magazine, September, 1997. This version has been updated for presentation on the Web.

Michael Covington is FORMER chairman of the computer security team at The University of Georgia. To report an emergency to the current team, write to abuse@uga.edu.

Note! This article was published in 1997 and is not up to date. It was written during the lull that followed the first outburst of spam in the mid-1990s. In those days, "spamming" meant misuse of forums; today the term includes what this article calls "junk mail."

Today (2004), spam has become much more common, is almost 100% fraudulent, and appears to have substantial connections to organized crime.

I am very sad that legislators, and society as a whole, did not awaken to the potential extent of the problem until about 2003. A decade earlier, nobody would listen to warnings, and opportunities were lost.

Ethics on the Internet

by Michael A. Covington

The trouble with the world, said Will Rogers, is not ignorance. It's the things people "know" that aren't so.

That's certainly true of the Internet. To many people, it's a personal soapbox, a refuge from law and order, or a gigantic video game. But the real Internet is none of these things. As its name implies, it's a network of networks. The Internet is not a company or organization and is not regulated by the FCC or any other government agency. It's a loose federation of computer sites that agree to link their computers together.

The Internet started in the 1960s as a Defense Department experiment, and until 1990 it was purely a network of universities and research labs. Nowadays, most people access the Internet through commercial access providers such as CompuServe and America OnLine, which were originally separate networks.

How the Internet works

The Internet provides three basic services: electronic mail from individual to individual, open discussion forums (newsgroups) on more than 20,000 subjects, and the ability to publish "web pages" and file libraries for others to see. All of these rely on the rapid forwarding of data from site to site.

Crucially, the Internet has no headquarters; there is no central site that all messages go through. Messages take whatever path is convenient at the time. Because there's no central node, censoring the content of messages is physically impossible.

The diagram shows how a message might go from The University of Georgia to Phoenix Computer Specialists in Arizona. The complete path involves 14 computers, 6 cities, and 3 long-distance carriers. Each site picks up each data packet and passes it on. Successive packets in the same session don't necessarily follow the same path.

In the early days of the net, sites transmitted information for each other free of charge, voluntarily. Nowadays, most inter-site communication takes place over "backbones" set up for the purpose, but some of the costs are still hidden from the users. For example, all email sent into The University of Georgia travels over a leased line at the University's expense, regardless of where it came from.

That's the key to Internet ethics: you never know exactly who's paying the bills, so you are always someone else's guest. The fees that you pay to America OnLine, for instance, only pay for America OnLine's equipment, not the rest of the network. That's radically different from the way telephone companies and post offices work. If you mail a letter or make a phone call to England, part of the postage or telephone charge will go to the British post office or telephone company. But the Internet doesn't work that way. When you send email to a CompuServe user, CompuServe pays the cost of delivering it. Other sites along the way may also incur expenses.

Junk mail and spamming

That, in turn, explains the current furor over junk mail and "spamming" (massive posting of ads in irrelevant discussion forums). It's not that people object to advertising; there have always been places on the net where ads are welcome. The problem with junk mail and spamming is that they impose massive expenses on unwilling victims. It's as if pesky telephone solicitors were calling collect.

Spamming started in April 1994 when two Arizona lawyers, Laurence Canter and Martha Siegel, posted an ad on 8,000 newsgroups offering their services to help immigrants get "green cards."

This provoked thousands if not millions of angry complaints as every news site in the world suddenly found 8,000 copies of Canter and Siegel's ad on its disks. The Internet community was frustrated at not having the physical or legal means to stop the spammers. About a year later, there was a wave of spamming from the Albuquerque area, but it ended as the perpetrators apparently realized that getting a million people angry at you is much worse than being sued or jailed.

Since then, those who oppose spamming have sharpened their weapons. Many argue that spamming and junk email are illegal under 47 USC 227, the law that forbids junk faxes; this hasn't been confirmed in court, but if it's not true, it ought to be.

And in a noteworthy court decision in November 1996, America OnLine won the right to refuse to deliver unsolicited email sent to its subscribers by a junk mailer, Cyber Promotions, Inc. The court ruled that mass mailers don't have a constitutional right to clog up other people's computers.

Today, service providers don't tolerate spamming; they realize that the resulting flood of complaints will render their machines inoperative. Some spamming still takes place, but it almost always involves fake addresses and other petty deceptions.

If you encounter unwelcome advertising in a newsgroup, discussion forum, or email, don't post a reply in the same forum; that just compounds the problem. Don't reply to the "from" address, either; it's likely to be fake, and it may be the address of an innocent victim, or a site that the perpetrator wants to flood with complaints. Check the newsgroup news.admin.net-abuse.misc to see what others know about the incident. If the spamming appears to involve illegal activity or fraud, contact the National Fraud Information Center (http://www.fraud.org).

Crackers and viruses

The classic Internet crime -- breaking into computers -- is less common than it used to be. When Robert Morris went to jail for it in 1988, people noticed, and "cyberpunks" quietly abandoned this destructive sport. Most states now have laws in place specifying harsh penalties for unauthorized tampering with other people's computers. Even without specific laws, computer tampering is prosecutable as malicious mischief, just like tampering with any other kind of property. What's more, it's usually easy to catch the perpetrator.

The trouble is, there still seems to be an endless supply of young computer users who believe they'll be hailed as computer geniuses if they break into someone else's computer -- or at least that they won't be punished if they're under 18. These people aren't geniuses; they're more like shoplifters. Both morally and intellectually, they have some growing up to do, and in the meantime, they shouldn't expect to escape responsibility for the harm they cause.

Even computer viruses are on the decline, for several reasons. Windows 95 and OS/2 are inherently somewhat less vulnerable to viruses than DOS. Many PCs run virus checks daily. And the user community is well aware that it's only a matter of time before a virus author is caught and prosecuted.

Contrary to widespread rumor, viruses can't infect your PC simply by arriving in e-mail. But some viruses do arrive as e-mail messages that say "Look at this file" or "click on this link." If you don't know what it is and where it came from, don't click on it.

But don't pass along virus warnings as chain letters to other e-mail users. In ten years of looking for them, we at The University of Georgia have never received an accurate virus warning this way. If you get a virus warning, pass it along only to the security department of your Internet service provider. It's very likely to be a hoax or prank, maybe even a malicious one, and you shouldn't let it waste thousands of other people's time.

Scams and pyramids

The most common Internet crimes, in fact, are frauds and con games. One of these is the so-called Make Money Fast pyramid scheme: send $5 to the first person on the list, take that person's name off, add yours at the bottom, and email it to 100 of your friends. Thousands of dollars will supposedly pour into your mailbox.

There's no way this scheme could work; money doesn't come out of thin air, so there's no way everybody could receive more than they send out. That's why the law considers pyramid schemes to be theft or fraud. What usually happens is that a few people make money at the beginning, but thousands more, farther down the line, get nothing. These schemes are illegal throughout the U.S. and practically everywhere else.

Why would anyone be stupid enough to advertise an illegal pyramid scheme publicly on the Internet? Good question! One reason is that many pyramid schemes falsely claim to have found loopholes in the law. They often cite nonexistent laws or the laws of some other country, or they tell you they're selling a report or mailing list.

Another reason is that people on the Internet are naive. There's a widespread misconception that the Internet is above the law, and that if you do something illegal on the net, the police will never see it, or you can't be prosectued because the crime happened in "cyberspace." That, of course, is nonsense. But some people still think the Internet is separate from Planet Earth. You'll even see messages like, "Don't tell my boss about my cocaine habit."

Naturally, business fraud and false advertising abound on the Internet. The type on your screen looks the same whether or not the words are honest, and people are easily taken in. The FDA has recently expressed concern about medical quackery on the Internet. Hoaxes abound, too, as does out-of-date information. Every few weeks we hear (falsely) that the FCC is about to ban religious broadcasting, and a dying boy's appeal for postcards has been circulating, often with false addresses, since 1989. The University of Georgia forewarns people about these hoaxes, and many other net ethics issues, with an online quiz at http://www.uga.edu/compsec/quiz.

Forgery on the net

Forgery is presently a serious problem. In September 1996, an ad for child pornography appeared in thousands of newsgroups. It gave the name and address of a man in New York who turned out to be an innocent victim -- somebody else was trying to frame him, or at least flood his computer with angry email. That same month, students at the University of Georgia received, by email, official-looking threats of disciplinary action that turned out to be fake.

If something on the Net looks like it might be fake, it probably is. There's no guarantee that an email message or newsgroup posting actually came from where it says. Some software lets the sender give any name and email address whatsoever.

To spot fakes, look at email headers. Each piece of email or newsgroup posting arrives with a path indicating how it reached you. (To see the path, you may have to save the message to a file and view it with an editor.) If the message wasn't sent from the site it claims to have come from, something is amiss. This test isn't bulletproof; it's possible to fake part of the path, but hard to fake all of it.

Dirty pictures?

What about pornography? In my experience it's a small problem that has gotten big publicity. Because the Internet is a totally open communication system, it will inevitably contain some pornography along with everything else. It's not like a school library; it's more like a city street. Pornography does not normally intrude into other communications; you have to go looking for it. Although there have been occasional cases of obscene spam, I view them as basically part of the spam problem.

Still, Internet users have to obey obscenity laws like everyone else. Enforcement so far has been lax but would be easy to tighten up because web pages are easily traceable to their owners. Obscenity laws restrict what you publish or redistribute, not what you view, and they apply only to material that meets a legal test of obscenity -- they do not ban all sexual content or bad taste.

The Communications Decency Act of 1996 muddied the waters by trying to prohibit "indecent" communications, not just obscene ones. This is a much heavier restriction, and parts of the law were immediately declared unconstitutional by a Pennsylvania district court. The problem is that the framers of the Act seem to have thought that service providers control the contents of the Internet. As we saw earlier, they don't and they can't.

But decency remains a serious issue if the Internet is to be usable by schoolchildren, and private organizations are stepping in to do what government can't (and shouldn't): promoting voluntary standards of decency and rating the suitability of web pages and newsgroups for children. At least two companies, Cyber Patrol and Surfwatch, presently do this. Teachers and parents can set up their Internet software so that students can only access approved materials.

Other companies and organizations will soon be doing the same thing. It's a job for private organizations, not government, because different people have different standards of decency. A church-related elementary school in Texas, for example, will want a different rating scheme than a public high school in San Francisco. Rival organizations will also keep each other honest; if one of them produces unreliable ratings, customers will switch to another.

The future

The two biggest problems with the Internet today are that the costs are too well concealed (which leads to the spam problem) and there is no proof that messages actually came from where they say (which makes financial transactions impossible). I predict that these problems will be solved within a few years, and we'll see a very different Internet.

Concealment of costs, of course, goes back to the days when the Internet was a subsidized research network. Now that the net is commercial, too many things are still being paid for by the wrong people. Junk email would disappear if the sender had to pay for the delivery of every single copy. This isn't a technological issue; it's just a matter of accounting. Telephone companies and post offices solved the same problem long ago.

Authenticating of the origin of messages is harder, but several systems are being developed. They all rely on public-key encryption -- that is, codes with two "keys" or passwords, one for encoding and the other for decoding. The idea is that you tell people your decoding password but keep your encoding password secret. Then, any messages that decode successfully with your decoding password must have come from you, because nobody else can encode messages that way.

Besides making it possible to send credit card numbers and even "digital cash" over the net, reliable authentication will practically eliminate problems with spamming and forgery. After all, every message will be traceable to its origin, or at least, false addresses will be immediately recognizable. People who want to communicate anonymously can still do so, but it will be obvious that their addresses are being withheld, and some people might refuse to accept such communications.

But the real future of the Internet is probably almost unforeseeable. After all, no one predicted web pages, spamming, public-key encryption, or even word processing; these developments, good and bad, were sudden, unexpected inventions. There's no telling what will be invented next.

The content and opinions expressed on this Web page do not necessarily reflect the views of,
nor are they endorsed by, the University of Georgia or the University System of Georgia.