Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
The Courts Crime Government United States

Supreme Court To Consider Limiting America's 'Anti-Hacking' Law (washingtonpost.com) 21

America's Supreme Court "is finally considering whether to rein in the nation's sweeping anti-hacking law, which cybersecurity pros say is decades out of date and ill-suited to the modern Internet," according to the Washington Post's cybersecurity writer: The justices agreed to hear a case this fall that argues law enforcement and prosecutors have routinely applied the law too broadly and used it to criminalize not just hacking into websites but also far more innocuous behavior — such as lying about your name or location while signing up on a website or otherwise violating the site's terms of service...

[C]urrent interpretations of the 1986 law, known as the Computer Fraud and Abuse act (CFAA), have made researchers wary of revealing bugs they find because they fear getting in trouble with police or with companies, which can also sue under the law in civil courts. "Computer researchers are constantly afraid that a security test they run is going to run them afoul of the law," Tor Ekeland, an attorney who specializes in defending people accused of violating the CFAA, told me. "This law makes the Internet less safe because it chills legitimate information security research and it's bad for the economy because it chills innovation...."

"This is about whether a statute should be drafted so broadly that everyone is committing crimes all the time and the government gets to choose who to prosecute," Greg Nojeim, senior counsel at the Center for Democracy and Technology, told me... The Justice Department even charged WikiLeaks founder Julian Assange under the law — his crime was allegedly giving advice to one of the site's main leakers Chelsea Manning about how to crack a Defense Department password to gather more information...

One of the best-known CFAA prosecutions was of the Internet activist Aaron Swartz.

This discussion has been archived. No new comments can be posted.

Supreme Court To Consider Limiting America's 'Anti-Hacking' Law

Comments Filter:
  • by alvinrod ( 889928 ) on Saturday April 25, 2020 @06:26PM (#59990702)

    The justices agreed to hear a case this fall that argues law enforcement and prosecutors have routinely applied the law too broadly and used it to criminalize not just . . .

    This could be applied to a lot of laws on the books.

    • My favorite was in the late 1990s, when government passed an intrusive anti-terrorism bill, swearing they would only use it for terrorism, then immediately began using it on drugs. When asked, they did not even bother with the sophistry that drugs are terrorism. They just flat-out stated ha ha the law doesn't say terrorism only.

      So watch these m-effers who plan to lie and lie. This is not appropriate in democracy, to put it mildly.

  • by tacarat ( 696339 ) on Saturday April 25, 2020 @06:28PM (#59990710) Journal
  • by msauve ( 701917 ) on Saturday April 25, 2020 @06:54PM (#59990774)
    One thing I've learned over time is that despite the spin, the legal system has very little to do with justice. It's about process and money (e.g. which party can overwhelm the other with case law and motions, even if inapplicable). The King has no clothes.

    Another thing I've learned is that judges very rarely understand technology. Probably because any explanations get filtered through lawyers who either don't understand it either, or are being disingenuous in their explanations.
    • by DRJlaw ( 946416 ) on Saturday April 25, 2020 @07:29PM (#59990872)

      Another thing I've learned is that judges very rarely understand technology. Probably because any explanations get filtered through lawyers who either don't understand it either, or are being disingenuous in their explanations.

      Another thing that I've learned is that technologies very rarely understand the law or how ambiguities within it are resolved.

      The CFAA says [cornell.edu], in highly abbreviated form, "Whoever... intentionally accesses a computer... [and] exceeds authorized access... shall be punished as provided in subsection (c) of this section."

      What does "exceeds authorized access" mean? Do people have to, e.g., exploit a technical defect to gain access to another account like a superuser account? Can an employee exceed authorized access by giving their credentials to a competitor to access their employer's private business information? Can a competitor exceed authorized access by using such credentials to access the employer's private business information? Can you exceed authorized access by providing false information, scraping a site (that requires login), or doing something else in violation of the site's TOS?

      By the way, the statute defines "exceeds authorized access" to mean "to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter." Big help.

      Different people have different opinions concerning what that term means. Different judges have different opinions concerning that that term means. Different appellate judges have different opinions concerning what that term means. Trespassing [seattle.gov] can occur if you violate conditions upon physical entry to real property, so why can't a CFAA violation occur if you violate conditions upon electronic entry into a computer system?

      You don't have to misunderstand the technology to have such opinions, either. It may be comforting to claim that a judge that issues an opinion that you disagree with doesn't understand the technology, but at least one side has every incentive to teach the judge how to understand the technology. and more oftentimes than not they do.

      What you rarely understand is that your technical arguments may not be legally relevant, or that in their relevant respect they may support a judge's opinion in a way that you don't appreciate.

    • I think it's more of a matter that justice is difficult to administer even when it isn't a group of very fallible humans doing it. The whole thing has to run on process in order to prevent people from abusing the entire system. However, the law is incredibly complex and as a result that means that even when no one is intentionally trying to subvert the legal process there will inevitably be some procedural errors that can be appealed. Yes, that means that the system can to some degree be gamed by whichever
      • Also, juries should be the ones delivering verdicts, so a failure of understanding technology is on their end. Judges are merely there to make sure that the process is being followed correctly or to issue rulings on matters of law. If juries can't understand technology or how it relates to laws then I think that's a better argument that we probably shouldn't have such laws in the first place. Most of it just seems to be moral busybodies that can't keep their nose out of someone else's business or the government trying to play corporate favorites.

        I disagree. A jury's job is to weigh the facts presented and decide wether or not the person violated the law. They need not understand the technology; if either side feels it is important to understand aspects of the technology to bolster their case then it is up to them to provide an explanation to that end. They do so at their own risk, however, since they also risk hurting their case. For example, I know of a case where the defense attorney tried to argue their client was not guilty of DUI because the

  • We're talking about cybersecurity here, why are they doing this? Now all of a sudden, my data and privacy are in danger because of this nonsense? I guess I'll have to use this G Suite security service from https://spinbackup.com/product... [spinbackup.com] as a part of my cybersecurity preset.

A committee takes root and grows, it flowers, wilts and dies, scattering the seed from which other committees will bloom. -- Parkinson

Working...