ACLU Lawsuit Challenges Computer Fraud and Abuse Act (thestack.com) 76
An anonymous reader writes: The American Civil Liberties Union (ACLU) has filed a lawsuit with the U.S. Department of Justice contending that the Computer Fraud and Abuse Act's criminal prohibitions have created a barrier for those wishing to conduct research and anti-discrimination testing online. The ACLU have pursued the matter on behalf of a group of academic researchers, computer scientists and journalists seeking to remove that barrier to allow for third-party testing and research into potential online discrimination. In a public statement the ACLU contend: "The CFAA violates the First Amendment because it limits everyone, including academics and journalists, from gathering the publicly available information necessary to understand and speak about online discrimination."
Re: (Score:2)
WFT is "online discrimination"?
How does someone know your color online and prevent you from viewing a site, etc?
Seriously? I would think "online" is the ultimate in color blind territories.....
Re: (Score:3)
Soap, ballot, and jury box (Score:2)
On Slashdot, you occasionally see comments that refer to three "boxes" used in nonviolent defense of liberty: soap box, ballot box, and jury box. Respectively, these refer to petitioning the government, voting out the bastards who disregard said petitions, and challenging constitutionality of legislation. But some people are opposed to use of the jury box as a substitute for the soap box and ballot box. They use "activist judges" as an epithet for those who use the power of judicial review in a way that the
Re:ACLU lawsuit (Score:4, Informative)
Re: (Score:2)
No. They look for cases they can win to overturn unjust laws. They aren't going to go to court with a teenage hacker who broke into NORAD.
cf. Broderick v. USAF, 1963
Re: (Score:2)
I think you mean 1983. 1963 was the Dr. Who episode with the same title.
Re: (Score:2, Insightful)
The ACLU would be great if they weren't so selective about the civil liberties they defend.
Re: (Score:1)
the Gun Manufacturers aka NRA is doing enough to defend their interpretation of the second amendment.
No, please, don't hold back. Tell us exactly how you feel.
Re: (Score:2)
At least their interpretation doesn't require new grammar rules no one else uses.
Re: (Score:1)
The ACLU would be great if they weren't so selective about the civil liberties they defend.
Yeah. It's a real shame that there is nobody in this country trying to uphold gun rights.
Re:That vile ACLU (Score:5, Insightful)
The law abiding citizens who happen to be gun owners are the ones who are ultimately tasked with upholding their gun rights. The efforts of the NRA just represent the non-violent method of upholding gun rights. And unlike the corporate lobbyists the NRA doesn't buy political support with money they buy political support with the number of voters they can deliver at election time. The anti-gun crowd is shrill at times and relish turning every gun related death into an extinction level event but they are vastly outnumbered by gun owners who only need to vote when they feel their gun ownership rights are being reduced.
Re: (Score:2)
They could drive down the street and run their daughters over with the car and back up over them just to make sure. Same end result.
Re: (Score:1)
and the SJW articles are beginning.
While the ACLU is indeed concerned with social justice, I'm not sure that they've ever formally espoused a position that qualifies for the "SJW" label, which would seem to require saying that people who say mean dumb things on websites should be banned from the internet forever, and further that the SJW faction exclusively gets to decide what constitutes "mean" and "dumb". Free speech being our single most cherished civil liberty, it's conceivable that some, if not all, members of the ACLU may actually be
I don't follow (Score:2)
Re:I don't follow (Score:5, Informative)
One of the provisions makes it a felony for unauthorized access to a computer system. In most EULAs it spells out that reverse engineering is disallowed and creates an area of unauthorized access. Thus a security researcher trying to analyze a system is technically committing a felony under the CFAA as it doesn't make any exceptions. Even if the analysis is being performed completely locally on systems they own if say the OS is Windows or MacOS.
Re: (Score:1)
Sure but how is any of that related to research into potential online discrimination?
Re: (Score:2)
Re: (Score:3)
It doesn't have to make exceptions.... the law prohibits *UNAUTHORIZED* access to a computer system. If you own the computer system yourself, then who else is supposedly supposed to be authorizing you to access it? If someone else controls authorization to access to some piece of property, then by definition that property belongs to THEM. Unless there is another law th
The law is as broad as possible (Score:4, Informative)
This has been discussed multiple times on
Re: (Score:2)
Obviously you don't own the information on someone else's website though... even if they made the information public.
My question remains... how does this law prevent lawful research?
Or does it just prevent lazy research?
Re:The law is as broad as possible (Score:4, Informative)
If you make factual data public, you don't generally "own" it as in you don't have exclusive rights to it. You can't copyright a database of factual information. Basically the CFAA lets a firm make data public but then if someone uses a script to aggregate it, they can claim it was a felon. Just as an example, the CFAA could even apply to things like price comparison websites if a particular merchant doesn't want their public pricing information compared to their competitors.
Re: (Score:2)
Re: (Score:3)
The other issue concerns employee use of employer owned systems. There have been cases where employees have been prosecuted for violating a purely civil agreement between them and their employer about the systems they have access to.
In general the law should not criminalize a civil contract violation or in the case of EULA's and Acceptable Use policies, it is questionable whether they are even valid contracts. This is especially true when the law in question is very one sided in favor of big companies usin
Re: (Score:2)
Firstly, that they will have written this usage into your contract, which may have been changed without you signing anything.
You signed the check for another month of service. I haven't known Comcast to get into the ETF game.
I would expect this to mean that they are administering your internet connection. Therefore, they are responsible for the data your modem requests
I thought every packet was tagged with whether it is destined for Comcast's hotspot or for the subscriber. So the person who authenticated to the captive portal on the xfinitywifi SSID is responsible for that data, not you.
Re: (Score:2)
It does when the US Department of Justice says it does and that is how they have been using it.
Re: (Score:3)
Re: (Score:2)
They need to lie and say they are black or lie about their zip code in order to see if there is any disparate treatment. They can't do this with the CFAA as it is technically illegal, since they are lying about their identity.
Why can't these researchers simply hire some black people? Why do they need to commit fraud to do their research? And if I'm offering an online service or business, why should I be compelled to offer my computing resources to assist in your research, noble though your research goals may be?
Re:I don't follow (Score:4, Funny)
...and that was the end of his presidential campaign.
Re: (Score:2)
The view under the DOJ's interpretation of the CFAA is that online roleplay is illegal on sites whose written terms of service explicitly forbid online roleplay.
Re: (Score:1)
Seems like they could just temporarily "identify as" black or "identify as" poor, since Western Civilization now tells us that things like gender and race have no basis in concrete reality.
Re: (Score:3)
Things like that have no lawful basis for certain types of discrimination, but it is wholly erroneous to say they have no lawful basis in concrete reality.
One example of a legal type of discrimination based on sex would be one's right to discriminate on the gender of a person that they may want in a roommate, when the roommate shares any of either a bedroom, bathroom or kitchen with the other pers
Re: (Score:3)
I read the article... it says that the CFAA somehow prevents people from doing legitimate research, but fails to even give a single example of actually how this happens. How does the law that is supposed prevent computer fraud stop a person from doing research, exactly?
How's this?
https://www.databreaches.net/c... [databreaches.net]
Or this?
http://www.computerworld.com/a... [computerworld.com]
Re: (Score:2)
Re: (Score:2)
If you're trying to reconfirm an existing conclusion using their data first, then your own is the best option to see if everything is the same. Remember, the story on /. not more then a few months ago showing that ~60% of studies couldn't be reproduced even using the same methodology as the original?
Re: (Score:2)
They want to use bots on sites. The CFAA is irrelevant in my opinion as they would still be in breach of the ToS.
Invent a new crime. (Score:2)
My life's ambition has long been to invent a new crime. People will say 'that has to be illegal', it will be made illegal after I do it.
The computer fraud and abuse act ruins that. Anything a federal judge doesn't like, crime...ipspostfacto, schmipspostfacto.
Re: (Score:3)
Re: (Score:2)
If you do something with your own computer that a federal judge decides, after the fact, is a crime, it's a crime.
How is it different for offline (Score:3)
If you go to doctor's office and start video recording everyone to collect data on discrimination, will it allow it? Same way, website can limit recording of publicly available information. Doctor's office will also ask you provide true information just like websites do. I don't see much difference between the two. There are many private clubs which limit do the same. I don't see Facebook, Twitter any different than YMCA etc where if I want to be in, I have to become member, pay, provide my true information and then can do limited recording. If you ask online sites to allow fake id, unlimited recording, then why not doctor's office, gyms, hotels etc?
Re:How is it different for offline (Score:5, Interesting)
That doesn't mean the law needs to go away entirely, but having some sort of affirmative defense should play a part, for instance.
Re: (Score:2)
I assume you'd have to pay without insurance but I can't see any reason why you couldn't use any name you like at a doctor's office.
It's not like they do background checks. And celebrities go to hospitals under pseudonyms sometimes, right?
IANAL but, as long as you paid your bill, I assume it wouldn't be fraud.
Any sane person can see the CFAA is broad and overreaching and I get the feeling that this is just another angle the ACLU thinks might work to attack it.
Did we really need a specific law for computer-r
Re: (Score:2)
I'd say we do need specific laws for some computer-related crimes. One would be unauthorized access, provided we define "unauthorized" in a reasonable manner. Logging in with a supplied account name and password should not count, for example, no matter for what purpose. Fraud normally requires proof of harm, as does property damage. Someone hacking into a computer system may not do visible harm, but we really are better off if it's illegal.
It's All about intent (Score:2)
Re: (Score:2)
Crimes do not necessarily require criminal intent. It's illegal to kill someone even if you weren't trying to kill them. It's criminal to be criminally negligent even if it was out of laziness rather than malice.
Solicitation to commit a criminal activity is mostly illegal by itself. Police are allowed to participate in some illegal activities while running sting operations, so a police officer could solicit, although aggressive solicitation would probably constitute entrapment.