Search Box

Thursday, June 30, 2016

ACLU On Behalf Of Computer Research

New ACLU Lawsuit Takes on the Internet’s Most Hated Hacking Law

Russell Brandom | June 29, 2016

For decades, the Computer Fraud and Abuse Act has been one of America’s dangerous laws for anyone doing "unauthorized" things with a computer. Used to prosecute Aaron Swartz, Sergey Alenikov, and jailbreaker George Hotz, the law has long been criticized as a blank check for prosecutors. Under the law’s current interpretation, anyone breaking a website’s terms of service to collect information is guilty of a federal crime.
Now, the American Civil Liberties Union is challenging that. This morning, the group brought a suit against the Department of Justice on behalf of a group of researchers, who say the CFAA is a legal threat to their research. The plaintiffs specialize in algorithmic research: bombarding closed algorithms with a range of different inputs to study their hidden biases. Those techniques often involve breaking a websites terms of service, potentially exposing them to prosecution under the CFAA.

After the tragic death of programmer and Internet activist Aaron Swartz, EFF calls to reform the infamously problematic Computer Fraud and Abuse Act (CFAA). In June 2013, Aaron's Law, a bipartisan bill to make common sense changes to the CFAA was introduced by Reps. Lofgren and Sensenbrenner. You can help right now by emailing your Senator and Representative to reform the draconian computer crime law.
The CFAA is the federal anti-hacking law. Among other things, this law makes it illegal to intentionally access a computer without authorization or in excess of authorization; however, the law does not explain what "without authorization" actually means. The statute does attempt to define "exceeds authorized access," but the meaning of that phrase has been subject to considerable dispute. While the CFAA is primarily a criminal law intended to reduce the instances of malicious hacking, a 1994 amendment to the bill allows for civil actions to be brought under the statute.
Creative prosecutors have taken advantage of this confusion to bring criminal charges that aren't really about hacking a computer, but instead target other behavior prosecutors dislike. For example, in cases like United States v. Drew and United States v. Nosal the government claimed that violating a private agreement or corporate policy amounts to a CFAA violation. This shouldn't be the case. Compounding this problem is the CFAA's disproportionately harsh penalty scheme. Even first-time offenses for accessing a protected computer without sufficient "authorization" can be punishable by up to five years in prison each (ten years for repeat offenses), plus fines. Violations of other parts of the CFAA are punishable by up to ten years, 20 years, and even life in prison. The excessive penalties were a key factor in the government's case against Aaron Swartz, where eleven out of thirteen alleged crimes were CFAA offenses, some of which were "unauthorized" access claims.

<more at; related articles and links: (ACLU Challenges Computer Crimes Law That is Thwarting Research on Discrimination Online. June 29, 2016) and (Sandvig V. Glynch  Challenge to CFAA Prohibition on Uncovering Racial Discrimination Online. June 29, 2016)>

No comments:

Post a Comment