Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Thursday April 30 2020, @03:36PM   Printer-friendly
from the is-"view-source"-a-crime? dept.

Possibly paywalled: There's finally a Supreme Court battle coming over the nation's main hacking law (Alternative URL)

The Supreme Court is finally considering whether to rein in the nation's sweeping anti-hacking law, which cybersecurity pros say is decades out of date and ill-suited to the modern Internet.

The justices agreed to hear a case this fall that argues law enforcement and prosecutors have routinely applied the law too broadly and used it to criminalize not just hacking into websites but also far more innocuous behavior – such as lying about your name or location while signing up on a website or otherwise violating the site's terms of service.
If the court agrees to narrow how prosecutors can use the law, it would be a huge victory for security researchers.

They routinely skirt websites' strict terms of service when they investigate them for bugs that cybercriminals could exploit.

It would also make the Internet far safer, they say. That's because current interpretations of the 1986 law, known as the Computer Fraud and Abuse act (CFAA), have made researchers wary of revealing bugs they find because they fear getting in trouble with police or with companies, which can also sue under the law in civil courts.

"Computer researchers are constantly afraid that a security test they run is going to run them afoul of the law," Tor Ekeland, an attorney who specializes in defending people accused of violating the CFAA, told me. "This law makes the Internet less safe because it chills legitimate information security research and it's bad for the economy because it chills innovation."

The fight centers on whether the law should apply just to hacking or more broadly to breaking rules on a computer.

How many Soylentils read the entire terms of service of all the web sites they visit? In some cases, people have been convicted of crimes for violating them. It would be best to read the entire article before commenting as there are several nuances and historical precedents that it addresses.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Interesting) by deimtee on Friday May 01 2020, @06:35AM (1 child)

    by deimtee (3272) on Friday May 01 2020, @06:35AM (#988832) Journal

    Unless you had physical access, all you did was send the server information. It responded with other information.
    Think of it as persuasion.

    I really want a lawyer to stand up in court and argue that your free speech rights mean that you can say whatever you like to a server over a phoneline, and that how it responds is the owner's problem.
    A law that says this string 10110011001101111011011100101110110 is ok, but this one 1011101101011011000110010010101110110 is not, is necessarily restricting free speech.

    --
    If you cough while drinking cheap red wine it really cleans out your sinuses.
    Starting Score:    1  point
    Moderation   +2  
       Insightful=1, Interesting=1, Total=2
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   4  
  • (Score: 2) by meustrus on Friday May 01 2020, @07:04PM

    by meustrus (4961) on Friday May 01 2020, @07:04PM (#989112)

    A law that says this string 10110011001101111011011100101110110 is ok, but this one 1011101101011011000110010010101110110 is not, is necessarily restricting free speech.

    Much as I would like to see the same thing, free speech is not an absolute. It is allowable to categorize certain speech as official statements for which fraud is illegal.

    If the latter statement were a binary representation of someone else's credentials, you are fraudulently representing that you are a different person than you are. If you did that in a credit application, it would be identity theft.

    Of course, if you did it on a physical bulletin board, it wouldn't be a crime.

    Which comes around to other comments here to the effect that there shouldn't be anything special about the computer in regards to the law. It should be a crime whether you did it through a computer or in person.

    --
    If there isn't at least one reference or primary source, it's not +1 Informative. Maybe the underused +1 Interesting?