Possibly paywalled: There's finally a Supreme Court battle coming over the nation's main hacking law (Alternative URL)
The Supreme Court is finally considering whether to rein in the nation's sweeping anti-hacking law, which cybersecurity pros say is decades out of date and ill-suited to the modern Internet.
The justices agreed to hear a case this fall that argues law enforcement and prosecutors have routinely applied the law too broadly and used it to criminalize not just hacking into websites but also far more innocuous behavior – such as lying about your name or location while signing up on a website or otherwise violating the site's terms of service.
If the court agrees to narrow how prosecutors can use the law, it would be a huge victory for security researchers.
They routinely skirt websites' strict terms of service when they investigate them for bugs that cybercriminals could exploit.
It would also make the Internet far safer, they say. That's because current interpretations of the 1986 law, known as the Computer Fraud and Abuse act (CFAA), have made researchers wary of revealing bugs they find because they fear getting in trouble with police or with companies, which can also sue under the law in civil courts.
"Computer researchers are constantly afraid that a security test they run is going to run them afoul of the law," Tor Ekeland, an attorney who specializes in defending people accused of violating the CFAA, told me. "This law makes the Internet less safe because it chills legitimate information security research and it's bad for the economy because it chills innovation."
The fight centers on whether the law should apply just to hacking or more broadly to breaking rules on a computer.
How many Soylentils read the entire terms of service of all the web sites they visit? In some cases, people have been convicted of crimes for violating them. It would be best to read the entire article before commenting as there are several nuances and historical precedents that it addresses.
(Score: 2) by meustrus on Thursday April 30, @03:50PM
Under CFAA, web sites get to make their own laws and sue you in US court for breaking their made up rules.
Every computer system you access might as well be its own separate legal jurisdiction. They don't even have to pay the costs of maintaining their own enforcement!
It's the perfect Libertarian paradise! Everyone gets to make their own rules, and the cost of enforcing them is mostly socialized!
Who needs all that bureaucracy in the way of making the rules anyway? The best laws, after all, are the first drafts of corporate lawyers based on vague directives from the CEO. Hey, if their rules were bad, Facebook would just die by the invisible hand, amirite?
Best yet, you can't complain about the Libertarian paradise, because doing so might violate the terms of service and make you a dangerous hacker!
Truly, this is the utopia our lord Adam Smith envisioned.
(Score: 2) by VLM on Thursday April 30, @04:03PM (2 children)
Speaking of nuances:
Hilariously its paywalled and takes multiple clicking around to find the terms of service to find out if I can legally read the article without prosecution. You have to F around on the website for awhile before you can figure out if its legal to F around on the website which is pretty funny.
The URL for the TOS looks weird maybe contains PII so I won't copy and paste it here. I mean it doesn't look at first glance like they embedded my IP addrs in the URL but who knows with scummy companies out there.
The law shouldn't even exist. We already have fraud laws on the books. Filling out a fake mortgage application is already illegal on paper, we don't need extra laws to make it illegal solely because the criminal used a keyboard instead of an ink pen.
Its the law analogy of taking an existing business model, put it on the internet, and go patent troll rent seeking. Its simply an unnecessary law, about as stupid as having a law with parallel consequences for counterfeiting $5 bills as opposed to $1 bills, or tax fraud when you use a black ink pen as opposed to a blue ink pen on your 1040.
(Score: 2) by hendrikboom on Thursday April 30, @04:23PM
It's reasonable for the law to deal with damage caused but an attack. Not much more.
(Score: 2) by PiMuNu on Thursday April 30, @04:24PM
> The law shouldn't even exist.
Have you not seen War Games? That sort of thinking can start World War III
(Score: 2) by Runaway1956 on Thursday April 30, @04:28PM
In my case, there's no need to read the rules, because I don't intent to abide by any rules. Seriously, I don't. Starting with adblockers and noscript, I go in with the full intent of blocking the website from making money off of me. On the rare occasion that I actually read a TOS, it's only to gain some insight into who and what the site is, and what they are all about.
There are places, such as Soylent, where I don't intend to break any rules. But, that's because I approve of the rules, and I feel I can live with the few rules found here. "If you're a rude asshole, people might be rude back at you." "If you're nice, people might be nice back at you." "If you bring something to a conversation, some people might be grateful." Basic, common sense rules. This isn't a children's day care center, so I don't feel the need to observe school marm rules.
Other places, I might allow some ads and stuff. Might. Like, I hang around enough, and I feel I'm gaining something for my time, I'll reward the site by looking at some ads - IF the ads are reasonable. Flashing banners and crap? Forget it.
I'm only interested in a TOS if and when the site impresses me enough to care what they think. Otherwise, I'm just another lawless asshole, doing what he wants to do. If I get booted, banned, blocked, IP blocked, or whatever, it doesn't matter. I'll just turn around and be a bigger pain in their asses because they have justified it.
