close
    • chevron_right

      The Supreme Court will finally rule on controversial US hacking law

      Timothy B. Lee · news.movim.eu / ArsTechnica · Monday, 30 November, 2020 - 23:40 · 1 minute

    Justices Sonia Sotomayor and Neil Gorsuch, back, and Stephen Breyer, right, seemed skeptical of the government

    Enlarge / Justices Sonia Sotomayor and Neil Gorsuch, back, and Stephen Breyer, right, seemed skeptical of the government's broad reading of the CFAA. Justice Thomas, center, seemed more sympathetic to the government's view. Chief Justice Roberts, left, kept his cards close to his chest. (credit: Andrew Harrer/Bloomberg via Getty Images)

    The Supreme Court on Monday considered how broadly to interpret the Computer Fraud and Abuse Act, America's main anti-hacking statute.

    Here's how I described the case back in September:

    The case arose after a Georgia police officer named Nathan Van Buren was caught taking a bribe to look up confidential information in a police database. The man paying the bribe had met a woman at a strip club and wanted to confirm that she was not an undercover cop before pursuing a sexual—and presumably commercial—relationship with her.

    Unfortunately for Van Buren, the other man was working with the FBI, which arrested Van Buren and charged him with a violation of the CFAA. The CFAA prohibits gaining unauthorized access to a computer system—in other words, hacking—but also prohibits "exceeding authorized access" to obtain data. Prosecutors argued that Van Buren "exceeded authorized access" when he looked up information about the woman from the strip club.

    But lawyers for Van Buren disputed that. They argued that his police login credentials authorized him to access any data in the database. Offering confidential information in exchange for a bribe may have been contrary to department policy and state law, they argued, but it didn't "exceed authorized access" as far as the CFAA goes.

    Obviously, no one is going to defend a cop allegedly accepting bribes to reveal confidential government information. But the case matters because the CFAA has been invoked in prosecutions of more sympathetic defendants. For example, prosecutors used the CFAA to prosecute Aaron Swartz for scraping academic papers from the JSTOR database. They also prosecutied a small company that used automated scraping software to purchase and resell blocks of tickets from the TicketMaster website.

    Read 22 remaining paragraphs | Comments

    index?i=DoY_8_awtyw:jxoREoVgfzc:V_sGLiPBpWUindex?i=DoY_8_awtyw:jxoREoVgfzc:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA
    • chevron_right

      Court: Violating a site’s terms of service isn’t criminal hacking

      Timothy B. Lee · news.movim.eu / ArsTechnica · Monday, 30 March, 2020 - 15:36

    Court: Violating a site’s terms of service isn’t criminal hacking

    Enlarge (credit: Jamie Grill / Getty)

    A federal court in Washington, DC, has ruled that violating a website's terms of service isn't a crime under the Computer Fraud and Abuse Act, America's primary anti-hacking law. The lawsuit was initiated by a group of academics and journalists with the support of the American Civil Liberties Union.

    The plaintiffs wanted to investigate possible racial discrimination in online job markets by creating accounts for fake employers and job seekers. Leading job sites have terms of service prohibiting users from supplying fake information, and the researchers worried that their research could expose them to criminal liability under the CFAA, which makes it a crime to "access a computer without authorization or exceed authorized access."

    So in 2016 they sued the federal government, seeking a declaration that this part of the CFAA violated the First Amendment.

    Read 12 remaining paragraphs | Comments

    index?i=YgM41yZz3KE:y2q13CtXRgA:V_sGLiPBpWUindex?i=YgM41yZz3KE:y2q13CtXRgA:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA