Today's world of high-speed, continuous Internet connections brings the world to the desktops of individuals and corporations alike. However, with the benefits of constant interconnectivity, the threat of security breaches has also risen.[1] Therefore, the access and use of the Internet becomes a double-edged sword - wielding it insecurely or inappropriately opens up individuals and corporations to a flurry of hacking attacks.[2] These security breaches are not insignificant. Recent estimates of the damage done by hackers to corporations last year alone have been well over $100 million.[3] Furthermore, the frequency and damage of these attacks are only expected to rise as more computers become connected to the Internet.[4]

With both the growth of the Internet and the explosion of Internet security breaches, it is surprising that criminal and civil remedies have been limited and disjointed. Initially, criminal solutions to the issue of hacking have proven insufficient. Although 18 U.S.C. § 1030 does impose criminal liability for "whoever...intentionally accesses a computer without authorization or exceeds authorized access,"[5] current law enforcement agencies are unequipped to handle the enormous burden imposed by the rapid expansion of the Internet.[6] As well, incidents of hacking go unreported as corporations are loath to open their entire computer system to law enforcement officials.[7] In the realm of civil liability, few commentators and courts have developed a coherent cause of action or damage formulation to redress victims of hacking or deter future hackers.[8] To sufficiently address the problems caused by hackers, this note seeks to develop a cohesive theory of damages against hackers arising out of the tort of trespass against chattels.

Initially, it is important to stress the inadequate remedies for victims of a hack attack in the current civil court system. With the criminal system unable to cope with the level of hacking, civil liability - notwithstanding vigilantism - is perhaps the only legitimate response for many corporations. The current literature proposes many varied causes of action against third party corporations through which a hack occurs,[9] system operators,[10] and even Internet providers.[11] These commentators propose such solutions because they work from the ill-founded notion that all hackers are judgment-proof and insolvent.[12] The presumption that hackers are young teenagers or closeted adults without means to justify a suit is incorrect.[13] Adhering to misguided stereotypes will not sufficiently deter hackers - the root of the problem - from future nefarious action, and will "hobble the Internet as a common resource."[14]

Currently, some courts have identified trespass to chattels as an appropriate cause of action against hackers.[15] Trespass to chattels has evolved to include the unauthorized use of personal property, and "[i]ts chief importance now, is that there may be recovery

where trespass would lie at common law, for interferences with the possession of chattels which are not sufficiently important to be classed as conversion, and so to compel the defendant to pay the full value of the thing with which he has interfered. Trespass to chattels survives today, in other words, largely as a little brother of conversion."[16] This cause of action would be "a useful mechanism to redress injuries to intangible interests that result where a party uses intangible contacts to intermeddle with chattels to a degree too small to be conversionary."[17] As hackers enter servers and intentionally destroy or alter information, they can now be held liable for trespass, and the victims can seek redress.

Unfortunately, victims of hacking do not seek civil prosecution of hackers because they feel as if they would be throwing good money after bad. That is to say that, much like the commentators outlined above, parties do not construe hackers as solvent entities that could provide sufficient redress. However, bearing in mind current damage calculations upheld by recent court decisions, it would be possible to sufficiently recover from a solvent hacker.

The primary consideration for a coherent damage theory would revolve around the precept that intentional torts are not dischargeable in bankruptcy. In re Brandl sustained such a premise when the Defendant had introduced a virus into the computer hardware that housed most of the Plaintiff's records.[18] After judgment was entered for the Plaintiff in local district court, the Defendant declared bankruptcy and attempted to discharge the debts.[19] The court reasoned that "when [Defendant] put the computer virus on the Plaintiff's hardware, the Defendant acted both deliberately and with the goal of causing harm to the Plaintiff, and the Plaintiff suffered that harm as a result. The Plaintiff, then, is entitled to judgment determining that the debt in question survives as enforceable, notwithstanding the past grant of discharge in bankruptcy to the Defendant."[20] Much like introducing a virus into a computer system, a hacker who enters a computer and destroys or alters information to the detriment of the owner of the system acts with clear intention and would be precluded from discharging his debt.

Furthermore, the opportunity for punitive damages should not be forgotten in any intentional tort damage calculation. In New York, for example, a court sought extensive punitive damages against a Defendant who willfully established a faulty computer system contingent on further business from Plaintiff.[21] That court indicated that punitive damages are established when the complaint alleges "malice, willfulness, wantonness or recklessness" in the perpetration of a tort.[22] Emphasizing the need for those with computer knowledge to utilize their power carefully, the court believed that the imposition of punitive damages could deter future computer hacking and viral attacks.[23] Excluding the regular damages assessed for damaged hardware or lost productivity due to virtual trespass, the promise of punitive damages provides a solid incentive to victims to litigate against hackers, and also serves as a deterrent to would-be hackers facing such penalties.

Developing a coherent series of damages within trespass to chattels will greatly enhance a victim's ability to deter future hacks and seek redress. Given that a hacker cannot discharge intentional torts under bankruptcy, and that the courts are willing to grant punitive damages for malicious computer interference, there are great opportunities to make an example out of a virtual trespasser. Once established, the clear standard of trespass, combined with substantial damage provisions, could encourage settlement and promote efficiency in the adjudication of these cases. Finally, and most importantly, this cause of action and damage remedy would provide solutions for victims where the legislative and executive branches have yet to be successful. A coherent cause of action against a hacker for trespass to chattels could provide to an individual the means and incentive to reduce hacking - one major problem that pervades and restrains the growth and utilization of the Internet.[24]