Lawmakers Say CFAA Is Too Hard On Hackers

GovTechGuy writes "A number of lawmakers are using the death of Internet activist Aaron Swartz to speak out against the Justice Department's handling of the case, and application of the Computer Fraud and Abuse Act. The controversy surrounding the Swartz case could finally give activists the momentum they need to halt the steady increase in penalties for even minor computer crimes."

Their Fear is the problem

[sensationull]

The main problem is that the law makers still have no clue about computers or technology in general. They hear 'hacker' and think that every kid with a computer in their room can launch a nuclear attack. This is why they try to execute anyone who knows more than them. Their narrow minded fear.

Charges against Ortiz?

[Anonymous Coward]

So when will we see charges pressed against Carmen M. Ortiz? There has to be some law which covers harassing someone to the point of suicide.

Re:Still missing the point a bit?

[Sique]

If this were a Chinese-American hacker stealing schematics from Raytheon we'd all be happy to see the harshest threats/penalties applied. The issue here was bullying at the DOJ. You can't fix that with a few tweaks to the law, and if you lower maximum penalties you will find yourself regretting it when someone actually does do something worthy of those maximum penalties.

But then he gets not prosecuted for stealing scientific articles, but for transmitting weapon secrets to foreign powers -- independently of the means to get his hands on said documents. Your argument seems to be that we need to have harsh penalties for wielding a knife, because someone may stab a person with a dagger.

Re:Why...

[Sique]

He violated Terms of Service of JSTOR. And he took responsibility for it (by handing over his HD to JSTOR and admitting what he did). Everything else is overboarding prosecution and trying to boost one's career at the expense of someone vulnerable.

Re:Make the penalties lighter?

[Sique]

Then he should be prosecuted for what he actually did. You seem to conflate the means to commit a crime with the crime itself. If you stab a person in the back, you get persecuted for murdering a person, not for wielding a knife.

Re:Their Fear is the problem

[Charliemopps]

No they don't. They open their freezer to get some ice for their scotch, see a fat wad of cash wrapped in a zip-lock bag, smile to themselves, and then make a note to call the RIAA in the morning to confirm their support for the upcoming legislation. Your government is completely bought and paid for... by Corporations, Trade groups, Unions, special interest groups... etc... they only way to change this is to get the hackers together, hire their own lobbyist and start paying off the government just like everyone else. And no, I'm not kidding.

Do what the Chinese government does: fight dirty

[benjfowler]

Even since Operation Sundevil, the US has had this COMPLETELY counterproductive policy of hounding talented crackers out of existence, rather than nurturing their talent. Utterly stupid, IMHO, and frankly, the people responsible for creating and enforcing this stupid policy should be ashamed of themselves.

The Chinese have this 'thousand grains of sand' thing they do, where they nurture a huge and thriving computer underground (rather than turning them all in involuntary organ donors as they would). They're sent out to smash and grab everything they can from the West, where anything garnered is processed through a specially designed intelligence gathering system, where useful material is routed to local companies and government decision makers.

Granted, the Chinese Communist Party has no morals, but we are in the world we live in, and we have to do the same to compete. I guarantee that if I had any kind of policy input anywhere, I'd be doing exactly this.

At the end of the day, we have a choice: we can either fight with all the tools in our arsenal and shape the world in the West's image -- a relatively peaceful prosperous and moral place. Or we can let the Chinese Communist Party turn it into a quasi-criminal dictatorial dystopia. It's really our choice. In any case, it's the height of suicidal stupidity to fight our enemies with our hands tied behind our backs.

Re:It's time for a workers government

[Nexus7]

Oh, I missed the memo. Is the revolution here? Is it time to line 'em up against the wall?

But seriously, lawmakers talking of laws being too harsh? Judges releasing people convicted under three-strikes in California? For America with its chart-topping prison population numbers, that's revolutionary enough.

Steady increase

[Geoffrey.landis]

But seriously, lawmakers talking of laws being too harsh? Judges releasing people convicted under three-strikes in California? For America with its chart-topping prison population numbers, that's revolutionary enough.

Indeed; I think that the problem isn't "the steady increase in penalties for even minor computer crimes," but the gradual increase in penalties for all crimes.

Rather than working on solving more crimes, the justice system seems to be trending toward making penalties harsher for the criminals that they do catch. This is a vicious circle; the harsher the penalties are, the more money we're spending on keeping people incarcerated.

I also find perturbing the technique used by prosecutors of charging people with a vast array of charges with huge possible penalties, so that they will have incentive to plea-bargain down to avoid the worst-case scenario that will be extremely harsh. This may indeed succeed for the prosecutors in getting guilty pleas, and succeed to some extent in saving the expense of trials-- but if some accused people actually are innocent (or even are guilty of minor crimes but not of everything in the book that they've been charged with), it is a failure of justice.

Re:Their Fear is the problem

[endus]

I completely agree with you. The legislation isn't even set up in a paranoid or ignorant fashion...it's set up to impose insane penalties on anyone who dares to violate IP laws.

I'm not opposed to the idea of IP or profiting off the information-based products you build (though the current system is obviously broken) but the laws impose penalties which are clearly out of line with the scope of the crime. Most often, people liberating information and sharing it gets it into the hands of people who probably would never have paid for it anyway. I don't doubt that there is some impact to a company from a breach like that, but it's not as damaging as the penalties suggest it is.

Taking someone's trade secrets and giving them to a competitor? Yea, that's corporate espionage and it's a Big Deal. Even stealing the source code of a closed source product and putting that online is a relatively Big Deal because competitors will tend to get a hold of it and use it to their advantage. However, what Swartz did is not going to have the same impact to the organization that was breached.

The laws should exist, but they should be written to impose reasonable penalties based on the scope of the crime. Maybe there's some ignorance on the part of lawmakers there, but it's willful ignorance which comes directly from the fact that companies are paying them for the legislation to be passed.

Re:Steady increase

[click2005]

Not all crimes get harsher penalties. Rape & murder get a comparative slap on the wrist these days.

People's lives have no value but cost someone money (even imaginary income) and they throw the book at you.

Re:Why...

[Bobfrankly1]

If you punch someone in the face and put them in the hospital, you don't get to say,"Oh, one punch to the face put you in the hospital? You really need to toughen up!" and get out of it. You still get arrested and go to jail.

And yet this is neither a face, nor is a hospital involved. This kind of retarded logic is similar to what corporations use to assign themselves rights that belong to people and not companies. Aaron may have been bringing those servers to a crawl, but he did so by using the websites, not a denial of service attack. By your logic, slashdot readers would be at fault for bringing down websites by simply trying to view their contents. Would you like to be in court for your part in "Slashdot Effect"?

Re:Their Fear is the problem

[Runaway1956]

Oh, my! "Get the hackers together". Good luck with that. We gots white hats, we gots black hats, we gots grays in various shades - I'll bet if I were to go looking, I could find some fruitcake rainbow hats hiding in their closets. We have so many different motivations for "hacking". We have so many categories of ethics involved. Hackers getting together? Hell, man, even WHITE HAT hackers flirt with existing law, and need to keep their identities secret.

So, who you gonna call? Hack Busters? Hmmmm - I think I have Hack Busters site here somewhere - - - https://www.eff.org/ [eff.org]

No need to reinvent the wheel. Let's just maybe redesign it, fund it, and put it on the road. What we need are sane internet laws, and the EFF is in pursuit of that goal already. They may not represent "hackers" specifically, but they are in a position to attract various sorts of hackers.

It would be great if only ten or fifteen percent of "hackers" were to join the EFF, and send small donations. At the same time, they need to make their voices heard, and explain why they are joining. "I'm a part time hacker, and some of the laws scare the shit out of me!" It matters little if the hacker just reverse engineers games for his own use, or he's pen-testing networks without authorization. They are still hackers, and they need protection from draconian nonsense laws.

Hackers are the Other

[TheSpoom]

The CFAA has immense penalties for two reasons:

1. Lawmakers look for any excuse to be "tough on crime".
2. Hackers are a small minority group that scare most people.

Combine these two things and one can see that hackers are an "acceptable target" for both the lawmakers and their constituencies, especially with the recent Chinese red scare going on.

Hackers need a PR firm.

Re:Their Fear is the problem

[Anonymous Coward]

I completely agree with you. The legislation isn't even set up in a paranoid or ignorant fashion...it's set up to impose insane penalties on anyone who dares to violate IP laws.

This is now extremely obvious in Europe.

To make your point:

- Rape a child in Sweden, 100.000 SEK damages (recent sentence)
- Offer pirated TV content, 37.000.000 SEK in damages (recent sentence)

Anyone who fails to see that the law is now in service of the rich media corporations must be blind or otherwise impaired.

Maybe prosecutors will figure this out

[DickBreath]

If you're going to throw the book at someone for a computer 'crime'*, then maybe it should be an e-book instead of a book that is in in dead tree format.


*Especially when it is a 'crime' instead of real crime. You know, real crime, like the kind that involves violence, or the real crimes that occur in boardrooms, wall street and congress.