Lawmakers Say CFAA Is Too Hard On Hackers 154
GovTechGuy writes "A number of lawmakers are using the death of Internet activist Aaron Swartz to speak out against the Justice Department's handling of the case, and application of the Computer Fraud and Abuse Act. The controversy surrounding the Swartz case could finally give activists the momentum they need to halt the steady increase in penalties for even minor computer crimes."
Their Fear is the problem (Score:5, Insightful)
The main problem is that the law makers still have no clue about computers or technology in general. They hear 'hacker' and think that every kid with a computer in their room can launch a nuclear attack. This is why they try to execute anyone who knows more than them. Their narrow minded fear.
Re:Their Fear is the problem (Score:5, Funny)
They couldn't find the documentation on national security, so they showed WarGames to Congress instead.
Re: (Score:2)
Re:Their Fear is the problem (Score:5, Insightful)
No they don't. They open their freezer to get some ice for their scotch, see a fat wad of cash wrapped in a zip-lock bag, smile to themselves, and then make a note to call the RIAA in the morning to confirm their support for the upcoming legislation. Your government is completely bought and paid for... by Corporations, Trade groups, Unions, special interest groups... etc... they only way to change this is to get the hackers together, hire their own lobbyist and start paying off the government just like everyone else. And no, I'm not kidding.
Re:Their Fear is the problem (Score:4, Insightful)
I completely agree with you. The legislation isn't even set up in a paranoid or ignorant fashion...it's set up to impose insane penalties on anyone who dares to violate IP laws.
I'm not opposed to the idea of IP or profiting off the information-based products you build (though the current system is obviously broken) but the laws impose penalties which are clearly out of line with the scope of the crime. Most often, people liberating information and sharing it gets it into the hands of people who probably would never have paid for it anyway. I don't doubt that there is some impact to a company from a breach like that, but it's not as damaging as the penalties suggest it is.
Taking someone's trade secrets and giving them to a competitor? Yea, that's corporate espionage and it's a Big Deal. Even stealing the source code of a closed source product and putting that online is a relatively Big Deal because competitors will tend to get a hold of it and use it to their advantage. However, what Swartz did is not going to have the same impact to the organization that was breached.
The laws should exist, but they should be written to impose reasonable penalties based on the scope of the crime. Maybe there's some ignorance on the part of lawmakers there, but it's willful ignorance which comes directly from the fact that companies are paying them for the legislation to be passed.
Re: (Score:3, Insightful)
I completely agree with you. The legislation isn't even set up in a paranoid or ignorant fashion...it's set up to impose insane penalties on anyone who dares to violate IP laws.
This is now extremely obvious in Europe.
To make your point:
- Rape a child in Sweden, 100.000 SEK damages (recent sentence)
- Offer pirated TV content, 37.000.000 SEK in damages (recent sentence)
Anyone who fails to see that the law is now in service of the rich media corporations must be blind or otherwise impaired.
Re: (Score:2)
"The legislation isn't even set up in a paranoid or ignorant fashion...it's set up to impose insane penalties on anyone who dares to violate IP laws."
But that is just a symptom of the underlying problem... our whole lobbying setup.
In order to fix it, we need to separate big money from politics. Period. It's not as difficult to do (in principle) as it seems. Although it may not be easy in practice.
If I could have it my way, I would amend the Constitution so that thse things are baked in:
(1) No elected official can accept any money, goods, or perks from anyone during their course of their term, except for the salary and benefits paid them by the g
Re: (Score:2)
Re: (Score:2)
No. 2 in your list is a perfect opening for bundling. The median income is something like $50k so 3% would be $1500. Not chump change but not all that juicy. However, you get together 100 of your like minded friends on an issue, have a fundraiser dinner and invite the candidate to speak. Now you're talking about a $150,000 donation, comprised of 100 $1500 checks, from the "Lobby to Fuck America for Our Personal Profit."
But that's just for that particular candidate. Next, the LFAOPP will have a fundrais
Re: (Score:2)
"No. 2 in your list is a perfect opening for bundling."
No, you weren't paying attention. The ONLY money they'd be able to accept is INDIVIDUAL donations. Bundling doesn't apply.
Re: (Score:2)
With bundling, they ARE only accepting individual donations. In my example, they don't get one $150,000 check. They get 100 individually dontated $1500 checks. They do this right now to skirt similar finance laws.
http://en.wikipedia.org/wiki/Campaign_finance_in_the_United_States#Bundling [wikipedia.org]
Re: (Score:2)
YOU weren't paying attention... fat wad of cash in the freezer... They get their money... People with power always do. There is no solution to this problem. The best you can do is put in term limits so the crooks have less time to get good at corruption and the people bribing them have less time to figure out who's the best person to bribe.
Re:Their Fear is the problem (Score:5, Insightful)
Oh, my! "Get the hackers together". Good luck with that. We gots white hats, we gots black hats, we gots grays in various shades - I'll bet if I were to go looking, I could find some fruitcake rainbow hats hiding in their closets. We have so many different motivations for "hacking". We have so many categories of ethics involved. Hackers getting together? Hell, man, even WHITE HAT hackers flirt with existing law, and need to keep their identities secret.
So, who you gonna call? Hack Busters? Hmmmm - I think I have Hack Busters site here somewhere - - - https://www.eff.org/ [eff.org]
No need to reinvent the wheel. Let's just maybe redesign it, fund it, and put it on the road. What we need are sane internet laws, and the EFF is in pursuit of that goal already. They may not represent "hackers" specifically, but they are in a position to attract various sorts of hackers.
It would be great if only ten or fifteen percent of "hackers" were to join the EFF, and send small donations. At the same time, they need to make their voices heard, and explain why they are joining. "I'm a part time hacker, and some of the laws scare the shit out of me!" It matters little if the hacker just reverse engineers games for his own use, or he's pen-testing networks without authorization. They are still hackers, and they need protection from draconian nonsense laws.
It's willful ignorance not fear. (Score:4, Interesting)
They don't even care about the hacker community. They don't even understand what the hacker community is or what it's about. They view all hackers as cyber terrorists and criminals. They view anyone with certain skills are criminal. You can't even get a CEH certification and put it on your resume without getting funny looks and having people think you're a criminal. They view Slashdot as a place where e-terrorists and criminals go to talk about their cyber wizardry.
Seriously, hackers are like warlocks and witches and the only thing the governments want to do is persecute them all. They wont work with hackers, they wont let hackers help them without threatening to ruin their lives or using harsh bullying tactics. Hackers who don't cooperate with them seem to end up charged with rape, child porn, or just a bunch of bullshit charges that prosecutors can find to leverage on them to try to break them.
Why are hackers treated so bad if hackers are so important to the whole cyberwarfare scenario? Hackers no matter how patriotic they are get treated like criminals and terrorists and because of this no patriotic hacker community can try to survive.
Re: (Score:3)
For certain arms of the US government, what you're saying is probably true. The Department of Justice is clearly taking a hard line. The Department of Defense, though, has shown some interest in recruiting hackers. This is an old story now, but Mudge [cnet.com] is currently a program manager in the Defense Advanced Research Projects Agency (DARPA).
Re: (Score:2)
For certain arms of the US government, what you're saying is probably true. The Department of Justice is clearly taking a hard line. The Department of Defense, though, has shown some interest in recruiting hackers. This is an old story now, but Mudge [cnet.com] is currently a program manager in the Defense Advanced Research Projects Agency (DARPA).
Mudge? That is one hacker and not even the hacker we would consider a popular choice. It's a start and I'm glad they are at least doing that but it looks like it's for PR. Like let's choose the hacker who is high profile so we can look like we are recruiting hackers. You're correct it's primarily the DOJ who hates hackers but I think the that a lot of what we see in the media is symbolic measures until it reaches a tipping point where we know a guy who was a hacker who now works for the government agency, m
Re: (Score:2)
Hackers who don't cooperate with them seem to end up charged with rape, child porn, or just a bunch of bullshit charges that prosecutors can find to leverage on them to try to break them
I'm going to have to ask for some citation, please. The exact story you're posting on is discussing how the penalties for hacking-related charges are too high. If the government can throw you in prison for several years for hacking, why would they need to frame you for something unrelated?
Re: (Score:2)
Re: (Score:2)
I think he was referring to those times when a "hacker" has been caught, but been too smart to leave evidence. That being said, I'd like some sources too...Google isn't turning much up for me.
Well I cannot prove without a doubt, but I can say it's a strange coincidence that whomever pisses off the DOJ somehow ends up charged with the sort of stuff which can get you life in prison. It doesn't matter if you're whitehat or blackhat, if you break the law or not, there seems to be a political element to prosecutions as well.
Look at the Kim Dotcom case and tell me that politics weren't involved there? Look at the Julian Assange case? Look at various cases across the USA including Aaron Swartz. A lot o
Re: (Score:2)
Hackers who don't cooperate with them seem to end up charged with rape, child porn, or just a bunch of bullshit charges that prosecutors can find to leverage on them to try to break them
I'm going to have to ask for some citation, please. The exact story you're posting on is discussing how the penalties for hacking-related charges are too high. If the government can throw you in prison for several years for hacking, why would they need to frame you for something unrelated?
Because you were too smart or whatever you did wasn't really illegal but pissed people in government off.
Re: (Score:2)
Of course when these laws effect someone who is a 'good kid', like a normal looking kid from a good school, t
Still missing the point a bit? (Score:3, Interesting)
Re:Still missing the point a bit? (Score:5, Insightful)
If this were a Chinese-American hacker stealing schematics from Raytheon we'd all be happy to see the harshest threats/penalties applied. The issue here was bullying at the DOJ. You can't fix that with a few tweaks to the law, and if you lower maximum penalties you will find yourself regretting it when someone actually does do something worthy of those maximum penalties.
But then he gets not prosecuted for stealing scientific articles, but for transmitting weapon secrets to foreign powers -- independently of the means to get his hands on said documents. Your argument seems to be that we need to have harsh penalties for wielding a knife, because someone may stab a person with a dagger.
Re: (Score:2)
Re: (Score:2)
Neither did Swartz. Swartz got prosecuted for physically breaking into a computer network on private property without authorization; that's pretty serious no matter how you look at it. A court might have decided there were extenuating circumstances, but that's for a court to decide, not the prosecutor.
And even in the worst case, Swartz would have faced only about a year in prison under federal sentencing guidelines, since the maximum prison ter
Re: (Score:2)
I dunno. I seems too fucking hard to legislate some common sense? OR use common sense when applying laws?
The problem is using prosecution to further your political career which is what these people are doing and completely ignoring the fact that you're at the same time ruining lives.
So i get it, they did wrong, but the wrong they did didn't harm anyone, didn't cause irrevocable damage, even in some cases the complainers of the damages asked charges to be dropped. Why do you feel the need to railroad them
Re: (Score:2)
Comment removed (Score:4, Informative)
Re:Still missing the point a bit? (Score:4, Interesting)
If this were a Chinese-American hacker stealing schematics from Raytheon we'd all be happy to see the harshest threats/penalties applied. The issue here was bullying at the DOJ. You can't fix that with a few tweaks to the law, and if you lower maximum penalties you will find yourself regretting it when someone actually does do something worthy of those maximum penalties. And if you close these holes, aren't they just going to find others? You have issues with behaviors/attitudes at DOJ that need to be fixed, not just a few sentences in a statute. So, sure, maybe they should tweak the laws a bit; but how does that fix the oversight issues? Seems like a nice way to convince everyone they "did something" without actually fixing the issue.
Those penalties wont stop people from doing it. If it's a cyberwar and nation states are sponsoring it then no amount of harsh penalties will have any affect. If it's not that then the harsh penalties will have the wrong effect on the wrong people.
Being tough doesn't really DO anything. It's all about looking tough but it doesn't DO anything but hurt people so you can look a certain way to some other people. Looking tough is the problem. The solution to this problem is REALLY simple. The solution is a tigher and better hacker community. If the US government wants patriotic hackers then it's up to them to actually promote that kind of hacker community and you aren't going to promote that by persecuting hackers. You promote that by rewarding the heroes and patriots (which never seems to happen). When a hacker does something heroic or patriotic he or she is rewarded with a jail penalty, a blacklisting from the industry, loss of the right to own a gun, to vote, etc.
Re: (Score:3)
If the victim (hacker target, mugging victim, etc) doesn't want to press charges or continue with the case and can show no duress or influence to cause this decision (not being threatened, etc) then the case should be dropped. Not picked up and ran with by the local DA/DOJ
Re: (Score:3)
If this were a Chinese-American hacker stealing schematics from Raytheon we'd all be happy to see the harshest threats/penalties applied.
Speak for yourself. I would have zero interest in prosecuting the Chinese-American for industrial espionage and imposing absurd, draconian 30-50 year penalties. Especially since you haven't mentioned anything about him smuggling it to China. A Chinese-American is every bit as much of a true American as you or I. The idea that his loyalties would automatically be with another country is offensive and racist.
Re: (Score:2)
Depends on the articles.
Lifting detailed engineering prints for our latest thermonuclear weapons, then selling them to Iran or Korea is probably just a little bit worse than a single murder.
Hacking into a "celebrity" email merits something like a peeping tom charge, which is obviously a lot less serious than murder.
Re: (Score:2)
No, we cannot agree on one point: "stealing".
Swartz didn't steal anything. He copied. There is a difference. As long as people like you keep accepting this gross mischacterization, this misperception that ideas can be owned, we will see more of this kind of tragedy. Stealing is such a loaded word that it's easy to advocate harsh punishments once the public is suckered into thinking of some activity as stealing when it isn't. Perhaps it's unfortunate that our language is so possessive. We say "their
Charges against Ortiz? (Score:5, Insightful)
So when will we see charges pressed against Carmen M. Ortiz? There has to be some law which covers harassing someone to the point of suicide.
Re: (Score:2)
The problem is that everyone reaches suicidal tendencies at different points. Some people are suicidal even when living a fairly good life, others have withstood years of carefully designed physical and mental abuse. It's not like murder in which everyone has a somewhat similar tolerance. It might be closer to negligent manslaughter, but it's certainly difficult to set clearly defined criteria.
Re: (Score:3)
The doctrine of prosecutorial immunity puts Ortiz above the law. There are simply too many immunities. Prosecutorial, legislative, judicial, qualified, and sovereign immunities all prevent the justice system from actually providing justice. We can't touch Ortiz for her abuse of power. We can't touch Ashcroft for violating the 4th amendment. We can't touch legislators for passing blatantly unconstitutional laws. We have no power to defend ourselves against the most dangerous criminal organization in t
Yes someone actually believe in the 2nd amendment (Score:2)
and he is now allegedly dead [ap.org] .
Re: (Score:2)
He did not believe in the Second Amendment. His manifesto actually advocated strong gun control for us civilians.
However, the case does serve to destroy the theory that the people can't fight the government using firearms. One armed man put the government into panic mode, made the cops so scared that they started shooting at innocent people, forced them to stop doing motorcycle patrols, etc. Not to mention the fact that the bill for this effort is easily in the millions if not tens of millions. All for
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
In some cases there shouldn't be any consequences to your actions. For instance when the alleged victim doesn't want there to be any as in this case.
Re: (Score:2)
She abused the law to attempt to further her political ambitions and in so doing she was at least partially responsible for the death of another human being. So, yes, I would like to see her imprisoned, but would settle for her being fired and not allowed to work as a prosecutor again anywhere in the US. She can get a job as a defense lawyer if she wants where her lack of ethics won't harm anyone.
Soft on crime? (Score:2)
Do any of the lawmakers who vote for sane penalties stand a chance of reelection with the other side running "soft/weak on crime" attack ads?
They worry about Cyberwarfare but hate hackers?! (Score:2)
This is the current situation, the governments typically claim that there is going to be this great need for talented "Ethical" hackers and that there is a cyberwar coming. Yet when we look at how the government treats even the patriotic hackers, they get treated like trash. Adrian Lamo is supposed the most patriotic hacker in America? Turned in Bradley Manning? And they thank him by basically letting the entire media declare him a snitch, an informant, and make him out to be horrible.
So if that is how they
Re: (Score:2)
And they thank him by basically letting the entire media declare him a snitch, an informant, and make him out to be horrible.
In the US, the "media" operates under the first amendment, and it would be hard for the government to prevent the media from declaring him to be whatever they wanted to declare him to be. Would you want the government to be able to silence the media upon request, or to demand that they publish only happy, positive thoughts about certain people?
...where does this leave the hacker community? It's a sad state of affairs but I think it's because the government has no understanding of certain necessary aspects of the hacker community.
Is it necessary to break the law for there to be "a hacker community"? Is there no legal means of learning/practicing cybersecurity skills? Does every hacker need
Re: (Score:2)
If no one is hurt physically then the punishment shouldn't be physical either. If money is taken then a fine would be appropriate. If inconvenience was caused as in this case then imposing a larger inconvenience would be appropriate. For instance losing his drivers license or getting his computer confiscated for a few months.
Life in prison for causing a minor inconvenience gives sadists a great big hard-on, but the punishment does not fit the incredibly trivial crime. Injustice is what is being served. For
Re: (Score:2)
If no one is hurt physically then the punishment shouldn't be physical either. If money is taken then a fine would be appropriate.
So, I steal five million dollars from you and blow it on a gambling spree in Las Vegas. Sorry, I have no money to pay the fine, you don't get anything. In the meantime, you've not been able to pay your mortgage or car loan so your home and car have been repossessed. All I took was money, all I owe you is a fine. So, where is the punishment, and more important, where is the prevention?
It's nice to say "an eye for an eye", but what do you do if a blind man pokes your eyes out?
If inconvenience was caused as in this case then imposing a larger inconvenience would be appropriate. For instance losing his drivers license or getting his computer confiscated for a few months.
Your "inconvenience" has turne
Re: (Score:2)
As far as the 5 million dollar theft scenario the owner could probably get it back from the casino once it was shown to be stolen money. I don't think you are allowed to profit from stolen money. But obviously that misses your point. Maybe the thief hid the money somewhere, maybe buried it in some remote location. In that case I still wouldn't see the point of throwing the guy in jail. I think garnishing his wages so for the rest of his life he has to live at some minimum poverty level no matter how much mo
Re: (Score:2)
As far as the 5 million dollar theft scenario the owner could probably get it back from the casino once it was shown to be stolen money.
You're clueless. What makes you think the casino is liable for the $5 million of your money that I lose at one of their poker tables? They didn't get the money (except for whatever rake they have). Why do they owe you all the money back? Do you not realize how easily they could be taken for millions by someone who drops a bundle, and then has a friend come claim "that's stolen money, give it back to me"?
Here's an example perfectly on point. A local startup hi-tech company got a large investment from an ea
Re: They worry about Cyberwarfare but hate hackers (Score:2)
The government didnt set the record straight. No censorship required. No public official defended Lamo but they all bashed Manning. What does that show? Disdain and disgust toward all hackers?
Comment removed (Score:5, Insightful)
Re:Do what the Chinese government does: fight dirt (Score:5, Interesting)
Even since Operation Sundevil, the US has had this COMPLETELY counterproductive policy of hounding talented crackers out of existence, rather than nurturing their talent. Utterly stupid, IMHO, and frankly, the people responsible for creating and enforcing this stupid policy should be ashamed of themselves.
The Chinese have this 'thousand grains of sand' thing they do, where they nurture a huge and thriving computer underground (rather than turning them all in involuntary organ donors as they would). They're sent out to smash and grab everything they can from the West, where anything garnered is processed through a specially designed intelligence gathering system, where useful material is routed to local companies and government decision makers.
Granted, the Chinese Communist Party has no morals, but we are in the world we live in, and we have to do the same to compete. I guarantee that if I had any kind of policy input anywhere, I'd be doing exactly this.
At the end of the day, we have a choice: we can either fight with all the tools in our arsenal and shape the world in the West's image -- a relatively peaceful prosperous and moral place. Or we can let the Chinese Communist Party turn it into a quasi-criminal dictatorial dystopia. It's really our choice. In any case, it's the height of suicidal stupidity to fight our enemies with our hands tied behind our backs.
Here is the problem. The USA does compete but treats it's hackers and crackers like trash and although I cannot say China is any better, the USA has the tools to do much better than this. The USA still controls the internet itself. The USA could basically get the vast majority and practically all the best hackers and crackers on their side. The USA kinda does this but does it in a way which makes the hacker community hate or fear the US government. Fear can get people to cooperate with you but too much and they hate, the US government likes to use fear, threats, etc.
In the case of Aaron Swartz the US government was willing to use threats to try to scare him into submission. Why not appeal to some of the better emotions? On top of that, if there really is some cyber war and the situation is so desperate and there really aren't people with enough skill then the people who show any sort of talent at all shouldn't be put in prison. In World War 2 the Italian Mafia was recruited by the CIA to fight the fascists. In this example these were criminals but the point is, the US was always the most dirty of dirty at war, it's just the current iteration of the US government is secretly still dirty but in public trying to put on this impression of "tough on crime" and hatred of hackers which makes no logical sense. Ultimately these hackers CAN support the US war operations so demonizing them for what?
There has to be a clear separation between cyber-criminal and hacker. Hackers care about ethics and want to support what they believe is right whether they think it's the USA (patriotism) or social justice. Cybercriminals just want to make money and hack for the sake of hacking.
Re: (Score:2)
Do they really control the internet? Maybe the connectivity between states, but I'm willing to bet, that if they cut off China, it will be back online in 24 hours and entirely independent of the USA.
There's no cyberwar between China and USA. There are minor clashes in a very stupid game that does nothing but put money in the pockets of third parties and make sensational headlines.
The economic situation will prevent true conflict from becoming reality, because right now, the USA and China both have their hands in eachother's pockets, if one goes down, they both do.
Right now yes the USA controls the internet at the backbone level. Yes they could create a new internet if the USA wasn't involved but the vast majority of sites are still on the US internet.
Recruiting Hackers (Score:2)
Sadly, the Gov't may be right - this may be their only way of enlisting the talent they desire. I mean, would you volunteer to do the things they might be asking the hackers
Re: (Score:2)
If that happened to me I'd work for the other side as a double agent. I would never help these bastards under any circumstances. I'd rather die.
Re: (Score:2)
Ah, the old "only [criminals|rebels|rulebreakers] have skills" argument.
Re: (Score:2)
Re: (Score:2)
Make enough rules, and that becomes true. We're well above that point now.
it won't happen for a few simple reasons. (Score:3)
it won't happen because:
1. cybercrime is linked to terrorism because any crime is fast becoming linked as a terrorist act. dont believe me? just kook at the press and how they descibed the rogue cop in the news this week. because of that terrorism must be fought and eradicated so we don't have another 9/11. trust me the hicks out there believe this and so do their congressmen.
2. congress is reluctant to abolish bad laws. why? it sets a precident whereby future congressional acts would invalidate current actions and it takes a 2/3 majority just to do it. That's not happening in the current congress.
3. the police state is now upon us. the white house can kill anybody at any time because their lawyer said so. every minor offense now is considered a felony. don't believe me? we have the highest rate of prison population to overall population in the free world. yes there are other factors drugs poverty etc. but thats what the government should be focused on, not getting public paid for data by violating the use terms of some website.
Hackers are the Other (Score:4, Insightful)
The CFAA has immense penalties for two reasons:
1. Lawmakers look for any excuse to be "tough on crime".
2. Hackers are a small minority group that scare most people.
Combine these two things and one can see that hackers are an "acceptable target" for both the lawmakers and their constituencies, especially with the recent Chinese red scare going on.
Hackers need a PR firm.
Is "too hard" really the problem? (Score:2)
While it's always nice to see people move a step toward thinking, it's still not nearly as satisfying as thinking.
Go ahead and revise penalties for crimes, but that should be totally secondary to making wise decisions about what is a crime and what is not. When something as innocent as taking a breath of air is a crime, and you make a light penalty of $0.001 per breath, it's still a serious problem, since my BreathBot can perform 60 Gigabreaths per second.
Lawmakers, why should something like CFAA have be
Maybe prosecutors will figure this out (Score:4, Insightful)
*Especially when it is a 'crime' instead of real crime. You know, real crime, like the kind that involves violence, or the real crimes that occur in boardrooms, wall street and congress.
Re:Why... (Score:5, Insightful)
Re: (Score:2)
He physically broke into a private computer network; that's the primary charge. And it's justifiably a pretty serious one.
Re: (Score:2)
"breaking into" is a physical analogy which doesn't work in this case. He didn't have to physically break into anything. No locks were picked or forced and even if there were forced entry it would just be a B&E charge which, as we all know, gets a slap on the wrist for a first offense. Probably just probation and no jail time. At worst a few months in a minimum security jail. One could argue trespassing, but it's questionable and obviously in that case the penalties are even lighter than a first offense
Re: (Score:2)
I'm not making a physical analogy. If you don't know what the informal term "break into a computer network" means, just look at the indictment and the CFAA. Swartz met the conditions of that act.
And, in fact, Swartz was fac
Re: (Score:2)
No, he took down JSTOR servers with excess traffic by running an overly aggressive and efficient web crawler against them,
If JSTOR's servers can be brought down by a single laptop, those servers are crap.
I don't care how fast the connection is between them, a single laptop should not have the processing power to bring down a server.
Re: (Score:3)
Re:Why... (Score:4, Insightful)
If you punch someone in the face and put them in the hospital, you don't get to say,"Oh, one punch to the face put you in the hospital? You really need to toughen up!" and get out of it. You still get arrested and go to jail.
And yet this is neither a face, nor is a hospital involved. This kind of retarded logic is similar to what corporations use to assign themselves rights that belong to people and not companies. Aaron may have been bringing those servers to a crawl, but he did so by using the websites, not a denial of service attack. By your logic, slashdot readers would be at fault for bringing down websites by simply trying to view their contents. Would you like to be in court for your part in "Slashdot Effect"?
Re: (Score:2)
And yet this is neither a face, nor is a hospital involved. This kind of retarded logic...
It's called an analogy . Attacking the hypothetical part of someone''s analogy is what Scott Adams likes to call a "win by knockout."
Re: (Score:3)
And yet this is neither a face, nor is a hospital involved. This kind of retarded logic...
It's called an analogy . Attacking the hypothetical part of someone''s analogy is what Scott Adams likes to call a "win by knockout."
I disagreed with the analogy, as he was comparing people to things in an attempt to elicit a stronger emotional response. Comparing a physical assault on a human being to bringing down a website through over-use isn't an analogy, it's a failed attempt at one. I also presented a more comparable situation, an analogy if you will, in referencing the slashdot effect. It would seem you can only recognize the first analogy you see in a paragraph, maybe you should work on that...
Re: (Score:2)
I disagreed with the analogy
Perhaps that is what you meant to do. But that is not what you did. You stated "And yet this is neither a face, nor is a hospital involved." which attacks the hypothetical part of the analogy instead of the point that the analogy made. The fact that you thought the poster was looking for an emotional response confirms that you didn't get the point beamdriver was making.
What I believe beamdriver was saying through the analogy is something like "The fragility of the component is not relevant in determinin
Re: (Score:2)
And yet this is neither a face, nor is a hospital involved. This kind of retarded logic...
It's called an analogy . Attacking the hypothetical part of someone''s analogy is what Scott Adams likes to call a "win by knockout."
I also failed to mention the third analogy, the one where I compared the original analogy to the logic that corporations use. For someone who can't recognize an analogy, I sure do use alot of them =D
Re: (Score:2)
If you punch someone in the face and put them in the hospital, you don't get to say,"Oh, one punch to the face put you in the hospital? You really need to toughen up!" and get out of it. You still get arrested and go to jail.
Unless you are a cop. Or a prosecutor. So you are trying to say that Swartz was a violent guy. A menace to society who needed to be locked away before he physically hurt more people. I'm sorry, but I cannot agree with that based on what I have read about him.
Re: (Score:2)
If you punch someone in the face and put them in the hospital, you don't get to say,"Oh, one punch to the face put you in the hospital? You really need to toughen up!" and get out of it. You still get arrested and go to jail.
Actually, you get booked, then released on a very small bail, and then you end up paying a fine.
Punching somebody in the face is a misdemeanor, unless a dangerous weapon is involved (we're talking a knife/gun too - not even a baseball bat unless you really go to town on somebody).
If Aaron assaulted a security guard on the way into the building he'd get far less time for that then hooking up the computer. That's why computer crimes are out of whack.
Re: (Score:2)
One of the issues here is the lack of mens rea in the CFAA.
Re: (Score:3)
Yeah - whatever. I'm no bleeding heart, and I'm not crying myself to sleep at night because Swartz committed suicide.
At the same time, there WERE a bunch of cunts in DOJ who were using him to promote their own careers. He WAS being railroaded. There was nothing right about DOJ's handling of the case.
Whatever else you might say or think about Swartz, on his way out, he handed the hacker community a golden opportunity, and a weapon, to use against the DOJ. Why not use it?
I already mentioned cunts? Maybe
Re: (Score:2)
So you're basically saying is to use the Swartz?
Re: (Score:2)
The man handed you a gift. You gonna use it? A simple suicide is pointless. Martyrdom is a whole new ballgame. Look at what the Moslems and the Christian Churches have done with martyrs, down through the centuries.
Re: (Score:2)
So you admit that you are scared then? Killing yourself takes a great deal of courage. Cowards are incapable of it.
Re:Make the penalties lighter? (Score:5, Insightful)
Re: (Score:2)
Re:Make the penalties lighter? (Score:5, Interesting)
Then he should be prosecuted for what he actually did. You seem to conflate the means to commit a crime with the crime itself. If you stab a person in the back, you get persecuted for murdering a person, not for wielding a knife.
No. You get prosecuted for murder, attempted murder, conspiracy to commit a murder, wielding a knife, trespassing, aggravated assault, unlicensed practice of surgery, jaywalking, wearing blue jeans on Sunday and 25 other remotely applicable transgressions and ridiculous ancient county laws.
Re: (Score:2)
Swartz was prosecuted for what he actually did: he broke into MIT's computer network via a physical connection and caused their system managers several days of headaches.
In terms of cost and hassle to MIT, that's probably the equivalent of physically stealing a few laptops. What do you think should the penalty for that be?
Re: (Score:3)
Right now a hacker can cause billions in damages, and pull potentially millions of dollars in ill-gotten loot, and maybe see 15 years in prison. That is way too soft in my opinion.
On the issue of Swartz, I don't know why the guy is some sort of cause-celeb just because he off-ed himself. He broke the law, plain and simple.
In cases where individuals get unauthorized access, and aren't doing anything with it (not Swartz who was planning to distribute), I think there could be room for more lenient sentencing, especially on first offenses.
Prison wont deter hackers. Also the US government WANTS hackers but HATES hackers. It's a very confusing situation where on one hand you hear about the US government talking about this great cyber war in which all the US cyber assets will be made to go up against the cyber warriors and assets of China or Russia.
But then you see the same US government dishing out long sentences. If it's a so called cyber war then prison will actually make the situation worse. You send a patriotic hacker to prison for 10 year
Re: (Score:2)
Right now a hacker can cause billions in damages
Example?
pull potentially millions of dollars in ill-gotten loot
Example?
He broke the law
Swartz who was planning to distribute
Oh Lord no! He was planning to distribute academic papers to people! The potential damage is unthinkable! PEOPLE MIGHT LEARN!
Re:It's time for a workers government (Score:4, Insightful)
Oh, I missed the memo. Is the revolution here? Is it time to line 'em up against the wall?
But seriously, lawmakers talking of laws being too harsh? Judges releasing people convicted under three-strikes in California? For America with its chart-topping prison population numbers, that's revolutionary enough.
Steady increase (Score:5, Insightful)
But seriously, lawmakers talking of laws being too harsh? Judges releasing people convicted under three-strikes in California? For America with its chart-topping prison population numbers, that's revolutionary enough.
Indeed; I think that the problem isn't "the steady increase in penalties for even minor computer crimes," but the gradual increase in penalties for all crimes.
Rather than working on solving more crimes, the justice system seems to be trending toward making penalties harsher for the criminals that they do catch. This is a vicious circle; the harsher the penalties are, the more money we're spending on keeping people incarcerated.
I also find perturbing the technique used by prosecutors of charging people with a vast array of charges with huge possible penalties, so that they will have incentive to plea-bargain down to avoid the worst-case scenario that will be extremely harsh. This may indeed succeed for the prosecutors in getting guilty pleas, and succeed to some extent in saving the expense of trials-- but if some accused people actually are innocent (or even are guilty of minor crimes but not of everything in the book that they've been charged with), it is a failure of justice.
Re:Steady increase (Score:4, Insightful)
Not all crimes get harsher penalties. Rape & murder get a comparative slap on the wrist these days.
People's lives have no value but cost someone money (even imaginary income) and they throw the book at you.
Re: (Score:2, Informative)
Swartz was facing a maximum (!) of about a year of prison under federal sentencing guidelines, had been offered a plea bargain of six months, and probably would have been sentenced to even less given his background and stellar law team.
The average prison sentence for rape in the US is about 11.8 years
Re:Steady increase (Score:5, Informative)
Except that's not how it works. A plea deal isn't a contract in which you get what you want in exchange for what they want.
http://cyberlaw.stanford.edu/blog/2013/01/towards-learning-losing-aaron-swartz-part-2 [stanford.edu]
Re: (Score:2)
The risk arose because he committed a felony under to the CFAA. After that, everything was a gamble. Why do you expect the prosecutor not to prosecute him under the law when he clearly violated the law?
Re: (Score:2)
So if it's not the prosecutor, which part of the system do you think is broken? Are you saying it should be legal (or merely a misdemeanor) for people to walk onto someone's private property, connect to their network, and commit copyright violations using their for-pay services?
Re: (Score:2)
But don't let facts get in the way of a good rant.
You keep using that word.
Re: (Score:2)
Yes. So why don't you actually start using facts instead of fabricating your evidence.
Re: (Score:2)
After which he would check the box stating he has been convicted of a felony on every job application he ever fills out. Even fast food doesn't hire people once they do that. His best bet at future employment would be cutting up old asbestos in some scrap yard somewhere for less than minimum wage under the table.
All because he violated a TOS?
Re: (Score:2)
Yes, that's the consequence of committing a felony. And there is little doubt that he committed a felony.
Plenty of felons convicted due to Internet-related crimes have excellent careers in security, writing books, as entrepreneurs, or in academia. Just
Re: (Score:2)
fixed it for you
Re: (Score:2)
Read something recently that boiled down to "we increase penalties for crimes whenever we find that the Law Enforcement types aren't bothering to arrest people for these crimes because the penalties aren't high enough to make it worth the hassles of a trial"
Re: (Score:2)
Logic seems to be missing in many cases.
Logic also seems to be missing from your post. How the hell does the existence of murders surrounding bicycle robberies lead to harsher sentences for bicycle robberies that do not include murder? These are two separate crimes that occurred at the same time. For a car analogy, it'd be like increasing penalties for just speeding down the highway because sometimes people will get drunk off their ass before getting behind the wheel and speeding down the highway.
Punish for the crime that was committed, not