In the wake of social justice activist Aaron Swartz’s tragic death, Internet users around the country are taking a hard look at the Computer Fraud and Abuse Act (CFAA), the federal anti-hacking law. As we’ve noted, the CFAA has lots of problems. In this three-part series, we'll explain these problems in detail and why they need to be fixed.
Here is the CFAA's greatest flaw: the law makes it illegal to access a computer without authorization or in a way that exceeds authorization, but doesn’t clearly explain what that means. This murkiness gives the government tons of leeway to be creative in bringing charges.
For example, overzealous prosecutors have gone so far as to argue that the CFAA criminalizes violations of private agreements like an employer’s computer use policy or a web site’s terms of service. Thankfully, some federal courts have recognized the absurdity of this argument, but Congress needs to fix the law to make it crystal clear. Vague laws are dangerous precisely because they give prosecutors and courts too much discretion to arbitrarily penalize normal, everyday behavior.
So, under the government’s theory, what innocuous activities could the CFAA criminalize? Here are a few things that could violate the CFAA under the government’s misguided interpretation of the law:
- Lying about your age on Facebook. Facebook’s Rights and Responsibilities make users promise not to “provide any false personal information on Facebook.” So don’t even think about RSVP’ing to an event you can’t attend, or posting a misleading status update, or telling people you’re married when you’re not. These are all activities that could violate Facebook’s terms, and have you facing a years-long prosecution if the government decides to make an example of you.
- Saying you’re “tall, dark and handsome” on Craigslist when you’re actually short and homely. Under Craigslist’s Terms of Service, a user can’t post “false or fraudulent content” on the site. And that’s not all—flagging something multiple times or encouraging others to flag content is also a violation of terms—not exactly the sort of dangerous activity the CFAA was meant to criminalize.
- Buying a lotto ticket with Square. Square’s Wallet User Agreement bans tons of different types of transactions, from making purchases “in connection with” membership clubs, identity theft protection services, lotto tickets or “occult materials.” Does that mean you can’t use Square to buy copies of the Twilight books? Only Square and federal prosecutors could tell you for sure.
- Posting impolite comments on the New York Times’ Web Site. The New York Times has an almost Victorian Terms of Service (1/24/13), which admonishes users to “be courteous” and “use respectful language” and “debate, but don’t attack.” So before you engage in a late night impassioned discussion in a comment thread on an article, check to make sure your language doesn’t edge into “impolite” and land you in the Big House.
- Using Hootsuite to update your Google Plus page. The social media management tool Hootsuite lets users manage their Twitter and Facebook accounts, and it has been happily promoting its new Google Plus integration. But be wary: Google’s Terms of Service warn that you mustn’t “misuse our Services” and specifically cautions that users should not “try to access them using a method other than the interface and the instructions that we provide.” Since Google doesn’t provide Hootsuite, using the Hootsuite dashboard to update your Google Plus account could be cause for criminal liability.
- Sending a sexy message on eHarmony. eHarmony may be about finding love, but don’t even think about sending a sexually suggestive missive to someone through the service. eHarmony’s Terms of Service ban individuals from using the service to send messages that are “sexually oriented.” The terms also ban users from submitting content that is “off-topic” or “meaningless.” So, stay focused but not too sexy in your eHarmony communications or your search for love might attract the attention of a government prosecutor.
Representative Zoe Lofgren (D-CA) has started the conversation and advocacy groups like Demand Progress have joined us in working to fix the vague, dangerous and overly punitive sections of CFAA that were misused to persecute Aaron Swartz. Please join EFF in calling on Congress to fix the glaring problems with CFAA by sending an email to Congress now.
1. Protecting Privacy
A person seeks to access information about a disease that he has just been diagnosed with or a religion he is interested in, but wants to protect his privacy while looking at this information. Depending on how he chooses to access the information, he faces tracking by cookies, IP logging, or MAC address logging by his ISP or router, which can reveal his activities to his ISP, the online services he uses, advertising networks and the other third parties who have access to them, and possibly even the government without a warrant.
2. Protecting Innovation
An entrepreneur creates a website that allows a user to view his social networking services in a new, innovative way, such as ordering posts by poster or topic rather than timeline, prioritizing the user’s family members’ posts, or combining content from the user’s various social networking services on the same page. One anti-competitive social networking service disapproves of this, and so blocks the IP address of the website.
3. Protecting Security Research
A user finds that her online account with a dating website has been hijacked. In investigating what happened, she begins testing the URL structure for the dating website. She discovers that anyone can access her account, including her private information, contacts and dating history, all without putting in a new password simply by typing in the right URL. She determines that she could do this for many other users as well as herself. She wants to inform the company and demonstrate what she discovered so that the company can fix the big security hole she found.It should be legal for someone to investigate the URL structure of a website to determine if there are security flaws.
4. Working Around Discrimination Systems
Last month, the Wall Street Journal reported that the office supply giant Staples was using cookies to perform price discrimination. Specifically, Staples was using cookies that stored users’ ZIP codes to show consumers different products and prices on the Staples web site based on the consumers’ geographic locations. The current version of Aaron’s Law would protect users who delete or modify "identifiers" that are used to track them, including cookies that contained a unique ID. That may be sufficient, but since the cookies reported by the Wall Street Journal do not identify any particular user and simply store a ZIP code, more clarity might be needed to ensure it’s legal to delete them.
5. Malfunctioning Systems
Firewalls, servers and other network equipment can be very complicated devices, and it is common for them to malfunction and block users without any intent on the administrator's part. Authorized users often try to find a way to avoid the problems caused by the misconfigured device, especially when real technical support is sparce, and these efforts should not be criminal.
Criminal Law Still Reaches Actual Intrusions and Actual Harm
EFF's proposal still leaves plenty of room—and plenty of severe criminal penalties—for punishing actual computer intrusions and redressing actual harm. If Congress adopts EFF’s full CFAA reform proposal, it will still be a serious crime for an outsider to steal proprietary information. It will still be a serious crime to knowingly transmit codes that cause damage to a computer, traffic in passwords or engage in extortion by using threats of intrusion. It will still be a crime to take information from other people’s computers for fun or to make a political point, and it will be a serious crime if actual harm occurs as a result. (We'll be discussing more about the penalty adjustments we've proposed in Part 3 of this series.)And remember, an array of other serious criminal laws will still exist if we amend the CFAA and these will still apply to computer-related activity. These include falsifying identification (18 U.S.C. § 1028), stealing trade secrets (18 U.S.C. § 1832), copyright infringement (including if there is no monetary gain) (17 U.S.C. § 506, 18 U.S.C. § 2319), extortion (18 U.S.C. § 2113(a), 18 U.S.C. § 1951, and/or 18 U.S.C. § 875), and circumventing technological measures aimed at protecting copyrighted works for financial gain (17 U.S.C. §§ 1201-1202, 1204).
The Big Picture: The Computer Fraud and Abuse Act Should Criminalize Wrongful Intrusions Into Computers
http://www.thejuicemedia.com Juice Rap News - Episode 17: The War on Terra. It's 2013 and the world did not end by meteorite or by Mayan calendar. But fear not: we might just be able to get the job done ourselves. Join Robert Foster as he sets out to discover where Civilisation™ is making the fastest progress towards annihilation. In this edition of the Civilisation Report, Robert learns about Australia and Canada - two oft-neglected pioneers of peace, progress and prosperity - in conversation with our antipodean colonial correspondent Ken Oathcarn and his Canuck counterpart, Fagin Heighbard. Dear viewers, consider this a fair warning that in terms of language and affront to the dominant culture this could get fucking messy.
- Written & created by Giordano Nanni & Hugo Farrant in a suburban backyard home-studio in Melbourne, Australia - on Wurundjeri Land.
- Gratitude to our donors whose generosity has made this episode possible. SUPPORT the creation of new episodes of Juice Rap News, an independent show which relies on private donations: http://thejuicemedia.com/donate
** CONNECT with us:
- Website: http://thejuicemedia.com
- Twitter: http://twitter.com/juicerapnews
- Farcebook: https://www.facebook.com/rapnews
- FREE MP3: http://thejuicemedia.com/video
- LYRICS available here: http://thejuicemedia.com/video/lyrics
- Main Beat: the appropriately titled "Dangerous Times" by Red Skull: http://www.youtube.com/watch?v=OpC1WEmmBYU
- Orchestral compositions: Adrian Sergovich (a legend)
- Alien Song performed by Jonathan Dreyfus (another legend) and AC/Dickelback, with Justin Olsson (drums). Based on "Englishman in New York" by Sting. Recorded, mixed and mastered by Jez Giddings and Craig Harnath at Hothouse Audio St. Kilda. Produced by Jez Giddings and Jonathan Dreyfus.
- Tar Sands video footage: our deepest thanks to Chris of Tundra Punks for putting us in touch with the awesome film-makers who are raising awareness about Mordo...err the Tar Sands and whose footage was used in this episode: Emmanuel Vaughan-Lee, Elias and Adrianne from globalonenessproject.org (Cinematography: Emily Topper; Rob Humphries; Editing: Elias Koch; Footage courtesy of Elemental The Film LLC http://www.elementalthefilm.com); Eriel Deranger of Athabasca Chipewyan First Nation; H2Oil animations are courtesy of Shannon Walsh; http://www.youtube.com/watch?v=EOk0Fyov_2A (Animations by James Braithwaite, Dale Hayward & Sylvie Trouves: http://www.h2oildoc.com)
- Thanks to the one and only Franklin Lopez of http://submedia.tv (and Maude) for Canuck cultural consultation and advice. Make sure you check out his 'git'-wrenching film, END:CIV: http://www.youtube.com/watch?v=3hx-G1uhRqA
- Video and music editing: Giordano
- Image and website assistance: Zoe Tame http://visualtonic.com.au
- Props: Zoe Umlaut for creating our correspondents' microphones; and Sam for lending us his guitars.
- Thanks to Lucy for assistance with filming and all-round production tasks!
- Captions: Merci to Koolfy from la Quadrature du Net for creating the sync'd English captions for our episodes!
- Thanks to Marjan Rizov for Macedonian translation
- Thanks to Euclides and Vagner for Portuguese translation
- Thanks to Julie Chatagnon for French translation
- Thanks to Jonas Maebe for Dutch translation
- Thanks to Tamara for Serbian translation
- Thanks to Benjamin for German translation
- Thanks to Oren Koriat for Hebrew translation
- Thanks to Vojta Němec for Czech translation
** If you'd like to translate this episode into your language, please contact us via our website http://thejuicemedia.com/contact
** IMPORTANT LINKS:
History is happening! Here is information about what some humans are doing right now to help save what's left of our relationship with this planet.
For more info about Tar Sands, Idle No More; the Kimberleys, Barrier reef, and CSG/Lock the Gate struggles:
if you're optimistic, make sure you watch this documentary:
The War on Terra: http://uncyclopedia.wikia.com/wiki/War_on_Terra
"Nations in top three for carbon emissions" (Dec 2012):