In a previous post, we reviewed the ethics of Facemash and saw that not all hackers are “bad.” (From a moral perspective, whether hacking is “good” or “bad” depends in large part on the internal motivation of the hacker.) Now, let’s consider the legal regulation of computer hacking. To jump into this complex territory, let’s first identify the three main sources of Anglo-American law: (1) legislative enactments, including regulations and administrative law, (2) the common law, and (3) and natural law. Let’s ignore natural law for now; instead, let’s focus on “positive” or man-made law: legislation, regulation, and the common law. Legislation refers to “the laws on the books” — i.e., to actual laws or statutes enacted by a legislature and codified (i.e. written down) in publicly-available law books. (By the way, regulations are laws enacted by executive or independent government agencies, but the authority of an agency to enact a regulation must be specifically granted by a prior act of legislation, so we can subsume regulations/administrative law under the broader category of legislation.)
The common law, by contrast, refers to long-established judge-made legal doctrines (like the doctrine of consideration in contract law) and to judge-made legal principles (like “negligence” in tort law). In addition, judges (especially appellate judges — judges who review the legal decisions of lower court judges) often have to interpret the meaning of the laws on the books when they decide cases, and these judicial interpretations can then become binding precedent through the judge-made doctrine of stare decisis on future courts in the same jurisdiction. As a result, there are two major sources of positive law in the United States: cases and legislation. Furthermore, because the United States is a “federal” system consisting of 50 sovereign States as well as a national government, there are multiple legal systems in the U.S.: the legal systems of the States and the federal legal system. (In theory, all these legal systems are supposed to be co-equal.)
So, when we look to see what laws might apply to Facemash, we will have to consider all relevant federal legislation (like the Copyright Act of 1976 and the Computer Fraud and Abuse Act of 1984) as well as any relevant cases interpreting the scope of these federal laws. In addition, because Harvard College is located in the Commonwealth of Massachusetts (one of the original 13 colonies!), we will also have to consider State legislation as well as State common law. It turns out that Massachusetts enacted an anti-hacking law in 1994 and that many possible common law theories of liability — like trespass, conversion, and invasion of privacy — could apply to Facemash. We will review some common law theories of tort liability in our next two posts.