Model Lesson Plan - UW School of Law

By Vernon Davis,2015-03-18 14:36
13 views 0
Model Lesson Plan - UW School of Law

    Model Lesson Plan

Topic: Cyber-crime

    Created by: Caitlin Wilson


    Sources: U.S. Dept. of Justice, Cyber-ethics for Kids, available at;

     Gregg R. Zegarelli. Computer Fraud and Abuse Act of 1986, Computer

    Science Study Guide available at


     Hackers (1995)

    Time: 50 minutes

    I. GOALS

    a. This lesson will introduce students to the criminal implications and consequences

    of computer crime, specifically hacking.


    a. Knowledge Objectives

    i. As a result of this class, students will be better able to:

    1. know what types of Internet activity are or should be considered


    2. understand how criminal prohibitions against certain types of

    Internet activity are best implemented in law.

    b. Skills Objectives

    i. As a result of this class, students will be better able to:

    1. determine whether computer crimes are unique and require their

    own legislation or whether they are just “updated” versions of

    traditional crimes;

    2. determine whether their own computer activity or that of their

    peers could be considered criminal.

    c. Attitude Objectives

    i. As a result of this class, students will be better able to feel:

    1. their actions and the actions of their peers, especially regarding

    Internet activity, can and will have real consequences.


    a. Opening discussion (5+ minutes)

    b. Start discussion by asking:

    i. What comes to mind when you hear the term computer crime?

    1. Pirating music, software; child pornography; identity theft


    ii. Do you think these types of actions constitute completely new crimes or

    do you think they are just “updated” versions of other crimes? Why?

    iii. How would you feel if someone hacked into your email and read your

    personal messages? How would you feel if someone hacked into the

    school computers and had access to personal information about you, like

    your grades?

    c. Film Clip (10 minutes)

    i. How relevant is computer crime to people your age?

    1. Show opening sequence from the film Hackers, which features the

    U.S. Secret Service using excessive force to raid the home of an

    eleven year old, who has written a virus that was unleashed and

    crashed 1507 computer systems.

    d. Discussion (2 minutes)

    i. This movie is dated, however, teens have historically been linked to

    computer crimes, causing problems both then and now:

    1. A teenager can (and did) cut off the phone service to an entire

    town for hours by hacking the local phone company. Adolescents

    can (and have) seriously hurt the music, gaming and software

    industries, shut down Internet news and commerce sites, brought

    businesses and government agencies to a halt, and attacked

    military networks in ways that have initiated high-level concern for

    the economy and for public health and safety.

    e. Case Study (20 minutes)

    i. Modified fact pattern attached.

    1. Press Release regarding Massachusetts Teen Convicted for

    Hacking into Internet and Telephone Service Providers and

    Making Bomb Threats to High Schools in Massachusetts and

    Florida (September 8, 2005) is available by the following link:

    ii. Have students count off in groups of four.

    iii. Distribute fact pattern to groups.

    iv. Read the fact pattern aloud.

    v. Let students work in groups to determine what “crimes” Henry has

    committed (traditional crimes or computer crimes?) and what they feel the

    consequences for those crimes should be.

    vi. Have groups report back to entire class.

    vii. Record ideas on board, both ideas for what crimes Henry has committed

    and what his punishment should be.

    1. For example, Henry could be guilty of trespass and theft as well as


    viii. Inform class what “really” happened in the case of “Henry” (see press


    ix. Ask class whether the law should treat traditional crimes committed via

    computer differently.


f. Explanation of Law with Overheads (10 minutes)

    i. There are both state and federal laws which deal specifically with

    computer crime and there are laws which are not exclusively directed

    toward the Internet including laws relating to child pornography,

    threatening communications, fraud and intellectual property, that have

    been used to adjudicate cyber crimes.

    ii. Introduce Statutes

    1. State Laws

    a. Malicious Mischief Statute, RCW 9A.48.70, .80, .90, .100

    b. Computer Trespass Statute, RCW 9A.52.110, .120, .130

    2. Federal Statutes

    a. Computer Fraud and Abuse Act, 18 U.S.C. ?1030 (as

    amended by USA Patriot Act)

    i. Depending on time, determine how in-depth

    discussion of these laws will be.

    g. Wrap-Up

    i. The most important points to take away from today’s class are that the

    government recognizes computer crimes, including hacking, can be

    serious criminal offenses, even leading them to create laws that

    specifically deal with computer crime and teens can be penalized harshly

    for their misuse of computers.


a. Participation in class discussion.

    b. Group participation in case study.

    c. Homework assignment.


    a. Students should develop their own code of cyber-ethics with provisions for both

    public and private use computers. They should incorporate their own beliefs

    about how computers should be used in light of the pertinent laws.

    See for example.


    1Henry the Hacker

    In March 2004, a high school student, “Henry” sent an e-mail to a Florida school with the caption, “this is

    URGENT!!!” The text of the e-mail read:

    “your all going to perish and will all die

    Tuesday, 12:00 p.m.

    we’re going to have a “blast”

    hahahahahaha wonder where I’ll be? youll all be destroyed. im sick of your [expletive deleted]

    school and piece of [expletive deleted] staff, your all gonna [expletive deleted] die you pieces of

    crap!!!! . . . “

    As a result of this bomb threat, the school was closed for two days, while a bomb squad, canine team, the fire department and Emergency Medical Services were called in. In August 2004, Henry logged into the Internet computer system of a major Internet Service Provider (“ISP”) using a program he had installed on an employee’s computer. This program allowed him to use the employee’s computer remotely to access other computers on the internal network of the ISP

    and gain access to portions of the ISP’s operational information.

    In January 2005, Henry gained access to the internal computer system of a major telephone service provider that allowed him to look up account information of the telephone service provider’s customers.

    He used this computer system to discover key information about an individual who had an account with the telephone service. He then accessed the information stored on this individual’s mobile telephone, and posted the information on the Internet.

    During this same time period, Henry used his access to the telephone company’s computer system to set-

    up numerous telephone accounts for himself and his friends, without having to pay for the accounts. Also in January, 2005, an associate Henry set-up accounts for the him at a company which stores identity information concerning millions of individuals allowing the him to look at the identity information for numerous individuals, some of which he used for the purpose of looking up the account information for the victim whose personal information he posted on the Internet.

    In the spring of 2005, Henry, using a portable wireless Internet access device, arranged with one or more associates to place a bomb threat to a school in Massachusetts and local emergency services, requiring the response of several emergency response units to the school on two occasions and the school’s evacuation on one.

    In June 2005, Henry called a second major telephone service provider because a phone that a friend had fraudulently activated had been shut off. In a recorded telephone call, Henry threatened the telephone service provider that if the provider did not provide him access to its computer system, he would cause its web service to collapse through a denial of service attack- an attack designed to ensure that a website is so flooded with request for information that legitimate users cannot access the website. The telephone service provider refused to provide the requested access. Approximately ten minutes after the threat was made, Henry and others initiated a denial of service attack that succeeded in shutting down a significant portion of the telephone service provider’s web operations.

    After all this, Henry was caught. What crimes did Henry commit? What do you think happened to Henry?

     1 Fact pattern modified from press release available at