💾 Archived View for spam.works › mirrors › textfiles › virus › virbillfax.vir captured on 2023-06-16 at 21:05:22.
-=-=-=-=-=-=-
To: Mr. Don Goldberg
House Judiciary Subcommittee on Criminal Justice
U.S. House of Representatives
H2-362
Washington, DC 20515
202-226-2406 voice; 202-225-3788 fax
From: David Stang
National Computer Security Association
Suite 309, 4401-A Connecticut Ave. NW
Washington DC 20008
202-364-8252 voice; 202-364-1320 fax
Subject: NCSA Testimony on Virus Bills
Date: August 17, 1990
We understand that HR 55 and HR 287 -- the two virus bills -- may
have died as a result of unexpected action elsewhere in Congress on
the Comprehensive Crime Control Act of 1990.
We believe that the magnitude of the problem caused by a virus in just
one computer is serious. As you and the committee well know, and have
heard through prior testimony, the enormity of the damage caused by a
virus can be stunning. I recently talked to one of our members who had
spent $16,000 in consulting fees trying to save files that had been
ravaged by a computer virus. Yesterday, I spoke to someone who had erased
three months worth of work in an attempt to eradicate a virus.
These may not be isolated cases. NCSA is now conducting a damage
survey, to try to get some more honest numbers for the costs of
viruses. We will be sharing our findings with your committee.
In the balance of this letter, I will update our previous testimony in
regard to the virus problem.
There are now over 245 named viruses. More viruses were written so
far in 1990 than in all prior years combined. The number of virus
incidents is increasing at an alarming rate, although there are no
reliable statistics on this. Many good self-defense measures and
programs are now available, but the public is largely unaware of them,
or of the magnitude of the problem. The damaged caused by viruses
may be in the hundreds of millions of dollars annually.
Only 25% of viruses appear to have U.S. origins. The committee needs
to consider the international scope of the crime. An international
symposium would be valuable.
Most of the viruses that have been written have not yet spread widely.
Many have not yet entered the U.S. Their damage is yet to come.
Legislation should consider whether such virus authors will be
grandfathered, or whether they are exempt from this legislation for
viruses already written.
Virus authors do not sign their work, but may show it to friends.
Legislation which paid rewards to informers would be more effective
than legislation which merely offered to punish those apprehended.
The NCSA offers a $1,000 reward for anyone who plays a pivotal role
in the conviction -- with jail time -- of a virus author. Legislation could
do the same.
The program code for many viruses has been published in many
sources, making imitation and the creation of new viruses fairly
simple. There may be 10,000 programmers in this country alone who
are now capable of creating a new virus. Many more can modify an
existing virus in a few minutes, using commercially-available software.
The committee might consider whether the publication or distribution
of virus code should be punishable, as it seems to aid and abet the
crime.
Because most viruses are reasonably easy to prevent with proper
procedures, and easy to detect with software, legislation should
encourage/support public education efforts for virus prevention and
detection. Ultimately, we may shift some of the burden of virus
damage to users who haven't shown reasonable care.
There are no trustworthy statistics on incidents of virus infection. A
national clearinghouse for such information would be valuable.
We wish you well in your efforts to provide a serious, measured
response to a serious international problem. As our society becomes
increasingly dependent on computers, it will become increasingly
victimized by viruses, and the work of your committee will become
more important than ever. If there is anything we can do to support
your efforts, please let us know.
#=> END <=#