Rather Than Fix The CFAA, House Judiciary Committee Planning To Make It Worse... Way Worse
from the are-they-just-fucking-with-us? dept
So, you know all that talk about things like Aaron's Law and how Congress needs to fix the CFAA? Apparently, the House Judiciary Committee has decided to raise a giant middle finger to folks who are concerned about abuses of the CFAA. Over the weekend, they began circulating a "draft" of a "cyber-security" bill that is so bad that it almost feels like the Judiciary Committee is doing it on purpose as a dig at online activists who have fought back against things like SOPA, CISPA and the CFAA. Rather than fix the CFAA, it expands it. Rather than rein in the worst parts of the bill, it makes them worse. And, from what we've heard, the goal is to try to push this through quickly, with a big effort underway for a "cyberweek" in the middle of April that will force through a bunch of related bills. You can see the draft of the bill here (or embedded below. Let's go through some of the pieces.Adds computer crimes as a form of racketeering
The bill adds to the current definition of "racketeering activity" so that it would now link back to the CFAA, such that if you are found to violate the CFAA as part of an activity that involves a variety of other crimes, you can now also be charged with racketeering. More specifically, if you look at that long list of related statutes in the definition to 18 USC 1961 (1), it will also include: "‘section 1030 (relating to fraud and related activity in connection with computers)." Basically, this just gives the DOJ yet another tool to use against "computer criminals" when they want to bring the hammer down on someone they don't like. Not only could you be charged with computer fraud, but now racketeering as well. Because, you know, all you hackers are just like the Mob.
Expanding the ways in which you could be guilty of the CFAA -- including making you just as guilty if you plan to "violate" the CFAA than if you actually did so
Section 103 of the proposed bill makes a bunch of "changes" to the CFAA, almost all of which expand the CFAA, rather than limit it. For example, they make a small change to subsection (b) in 18 USC 1030 (the CFAA) such that it will now read:
Whoever conspires to commit or attempts to commit an offense under subsection (a) of this section shall be punished as provided for the completed offense in subsection (c) of this section.All they did was add the "for the completed offense," to that sentence. That may seem like a minor change at first, but it would now mean that they can claim that anyone who talked about doing something ("conspires to commit") that violates the CFAA shall now be punished the same as if they had "completed" the offense. And, considering just how broad the CFAA is, think about how ridiculous that might become. Now if you talk with others about the possibility of violating a terms of service -- say, talking to your 12 year old child about helping them sign up for Facebook even though the site requires you to be 13 -- you may have already committed a felony that can get you years in jail. That seems fair, right?
Ratchets up many of the punishments
They change around a bunch of the "penalties" that you can get for various CFAA infractions, shaking up a variety of things and basically raising the maximum sentences available for certain infractions.
A very, very minor adjustment to limit "exceeding authorized access."
While it's good to see them ever so slightly roll back the issue of "exceeding authorized access," it still seems broad enough that all sorts of activities that shouldn't be seen as criminal would easily get lumped in here by aggressive prosecutors.
Update: On second look, it turns out that this initial analysis was wrong. This part is worse too! More details here, but basically all those "and" statements are actually "or" which actually push back on how the courts have interpreted the CFAA... and make it worse
And... at the same time, they do something else to make "exceeding unauthorized access" worse. Which brings us to:
Expanding the definition of "exceeding authorized access" in a very dangerous way
That's because the new bill says that you can exceed authorized access: "even if the accesser may be entitled to obtain or alter the same information in the computer for other purposes." Yes, read that again. Even if you are allowed to obtain info via your authorization on your computer, they're now saying that if you use that information in a way that runs afoul of the info above, you can be found to have exceeded authorized access.
Make it easier for the federal government to seize and forfeit anything
We've seen how federal seizure and forfeiture laws are frequently abused to seize goods, which the government claims are used in the commission of a crime (even if they never charge anyone for the crime). And we've seen, with cases like the Dajaz1 case, how the government will use such tools to take and censor websites on no actual basis. And now the CFAA will make it even easier for the government to do such things. It amends the existing sections to basically expand what can be forfeited, because it's not like the government hasn't abused that one before...
The rest of the bill deals with two other things: first a section on "cybersecurity" which includes punishment for those damaging "critical infrastructure" computers, another section that tells the courts to figure out how secure their computers are, and finally a part that creates a "National Cyber Investigative Joint Task Force," to be led by the FBI, because they're an unbiased party.
The final part of the bill relates to "breach notifications." A number of states already have various laws in place that require companies and websites that have data breaches to inform impacted users. This creates a federal law that supersedes those state laws. You can read the details, but basically companies will have to let people (and other companies) know of such breaches within a short period of time -- unless there are law enforcement or national security reasons to delay such notification. It also requires companies to tell the FBI or Secret Service of certain kinds of breaches. If companies don't do this, they can be fined between $500,000 and $1 million -- but only by the DOJ (i.e., individuals or companies can't go after organizations for screwing this up).
Those last two sections are really somewhat unrelated to the rest of the CFAA parts. But the CFAA parts are troubling. Rather than fixing the law, they're expanding it so that computer "crimes" can be hit with racketeering charges, and expanding the general language and punishments for part of the bill. This is not a good thing. The fact that this is being passed around by the House Judiciary Committee suggests that it's likely to be backed by HJC chair Bob Goodlatte, which is unfortunate. You would have hoped that Goodlatte and others on the HJC would recognize that now is the time to fix the CFAA, not to make it worse.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: bob goodlatte, cfaa, cybersecurity, data breach, house judiciary committee, punishment, racketeering
Reader Comments
Subscribe: RSS
View by: Time | Thread
In any case, do we need any more evidence that the US is no different from any dictatorship out there? In fact it's worse because it disguises its true intentions as some fake democracy and 'freedom fighter'.
It's really sad.
[ link to this | view in chronology ]
Thoughtcrime?
[ link to this | view in chronology ]
Re: Thoughtcrime?
Whoever conspires to commit or attempts to commit an offense under subsection (a) of this section shall be punished as provided for the completed offense in subsection (c) of this section.
So if I read this right, if I sit around with my friends and we talk about robbing a physical bank location (for example), we haven't committed a crime UNTIL we try to rob the bank. On the other hand if we talk about robbing a bank via its website, we have already committed a crime just by talking?
[ link to this | view in chronology ]
Re: Re: Thoughtcrime?
[ link to this | view in chronology ]
Re: Re: Thoughtcrime?
Now let's apply the "Might as well be hanged for a sheep as a lamb" principle. If you happen to have an idle conversation about robbing a bank via its website and you are already held liable for robbing said bank, there is very little reason to not go ahead and actually commit it.
[ link to this | view in chronology ]
Re: Re: Re: Thoughtcrime?
[ link to this | view in chronology ]
Re: Re: Re: Re: Thoughtcrime?
[ link to this | view in chronology ]
Re: Re: Re: Thoughtcrime?
[ link to this | view in chronology ]
Re: Re: Thoughtcrime?
The goal of raqueteering laws is to be able to punish people who help plan and organize crimes without actively committing them directly. The lack of such laws made it effectively impossible to take down the organized crime families because all the really important people never did anything illegal themselves and there were always more desperate mooks to handle the dangerous work regardless of how many were arrested.
[ link to this | view in chronology ]
Re: Re: Thoughtcrime?
[ link to this | view in chronology ]
Re: Re: Thoughtcrime?
What we will do to combat "TERRORISM!!" :rolleyes:
[ link to this | view in chronology ]
Re: Re: Thoughtcrime?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
The young and the old have quarreled since the stone age, its nothing new.
However, since the invention of the computer, and the meteoric rise of technology in such a short time, this gap has been greatly widened.
Perhaps at no time in human history has there been a greater divide between young and old. The old legacy players and the politicians are downright terrified of technology, terrified because they do not understand it.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Generation gap - what a load of rot
This is fully about who your paymaster is.
These turkeys are paid to do whatsoever their paymasters want and in this case it is all about control and power.
I live in a country that was built on convicts and as far as most of our governmental structures are concerned the majority of the population still is. Your nation is only just catching up.
You stopped being the land of the free decades ago, you are only just seeing the obvious results of that process now. If you think this is bad now, just wait for what is coming.
This is the obvious reaction to the little tantrum raised over the SOPA et al bills. You are quite bluntly being told to be good little children, be quiet and go to your rooms, they don't want to hear anymore from you naughty little brats. Those who are in control think they know better than anyone else. Everyone else is considered ignorant and are children in their eyes.
[ link to this | view in chronology ]
Re: Generation gap - what a load of rot
Sure politicians, follow their paymasters, but who do the paymasters follow? They follow power, and the fear of losing that power to that which they do not understand.
Its already well known that those running the organizations at the top tend to be: older, out of touch, ignorant of technology, and unwilling to admit their mistakes (looking at you Chris Dodd). Of course this is hardly universal, but is more common than it should be.
Despite being "The old man in the sea" you seem to be a rather enlightened individual, and what you say is true, the generation gap is not the whole story, but its a good chunk of it.
[ link to this | view in chronology ]
Re: Re: Generation gap - what a load of rot
[ link to this | view in chronology ]
Re: Re: Re: Generation gap - what a load of rot
[ link to this | view in chronology ]
Re: Generation gap - what a load of rot
It's not too late for us to take back and right the ship. I do fear though that this may come to a second civil war.
I love the rhetoric of the people claiming about "facist Germany". Those are generally the people that voted for the idiots that are running and doing this. Left or Right, we need to clean house.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
Mabye I'm full of sh#t, actually, I hope I am, because its staggering to me just how much control they have.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
wrong term, right concept
[ link to this | view in chronology ]
Re: Re:
To sum up; To be old or young, by itself, does not give you a worldview for or against technology.
[ link to this | view in chronology ]
Re: Re: Re:
Maybe, its more about how technology is perceived by those not in the know. Certainly Hollywood has had a hand in this, real hackers for instance are usually not anything like their counterparts in the movies and TV-shows. However things like that help to spread the notion that computers are scary, and hackers are going to take over the world.
Furthermore, people who are proficient at IT tend not to choose to become lawyers or politicians. So we end up with people in charge of technology, who do not understand it and have a distorted view of it.
In the end, its a trade off: If we had a congress of nothing but programmers, we would never have a problem with IT or copyright. However, congress's handling of other issues would be a mess. So we have a government of people in the middle of the road, without too much specialized knowledge in one area.
The problem is that its difficult to comprehend rapidly-changing technology without specialized knowledge.
[ link to this | view in chronology ]
Re: Re:
Baby Boomers and Rock and Roll....
[ link to this | view in chronology ]
Re: Re:
But enough with war stories. Not ALL old people are technophobic. I keep up with computers really well, though I admit my smart phone is smarter than I am at times. I love technology, and what it allows us to do - as do many other old progressives.
Please don't drive more wedges. There are enough already. It is going to take all of us - old, young, black, white, brown, male, female, straight and LGBT - to try to turn the ship around, and it isn't gonna be easy.
It isn't, I think, that the old white boy club is technophobic themselves, but rather, that they see a weapon in the hands of the rest of us. Could the Arab Spring have happened without cell phones and social networking? They want to preempt that power, and it has more to do with being a 1%er than being old, I think.
My 2 cents worth from an old lady, LOL.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: CFAA
[ link to this | view in chronology ]
Re: Why Don't The Ones Who Elected...
The fact of the matter is that the ones who elected are not the ones with the power, in the sense of pulling electoral levers, etc. It is moneyed interest that made these ones elected visible and electable, the ones who voted for them were just given a choice between several sold out to big money options. They do not serve you, and the reason why they are doing this is that those with the moneyed interest expect them to "protect" their interest.
Second, all of this CFAA fervor is the result of some pulling back the curtain on the "wizard." They fear for their positions and powers, because their positions and powers have always relied on screwing the American Public behind "closed doors" so to speak - but recently their dirty underwear has been displayed for everyone to see. What is the dirty underwear? What I have been writing about, how they do not serve you - the pipe dream is over, even the very pretense of serving the people is dead. Game over - no more ability to solely serve that moneyed interest in darkness (or shade), the sunlight has been turned on and the vampires are self-destructing. But they want to keep the game going, even if it means the total destruction of anything that ever resembled the United States (because a lot of it was BS). They have to criminalize to make their attack on the American people look like they are fighting a "crime wave," and not destroying the peoples displeasure and dissent - because that is what exposing them was all about. Now you can either wake up, you know, like Neo in the Matrix or opt for blissful enslaved ignorance -
http://www.youtube.com/watch?v=B1T8xgHdMEM
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
They're becoming everything they're declaring war on (not to mention what their ancestors killed): Iran, North Korea, Syria, etc. When I wake up every morning, I always wonder if I'm still in the USA and not any of these countries. It's telling when yesterday's human rights violation became today's standard procedure.
Their empire is sinking, and their attempts at disarming the populace (if this gun ban doesn't work, then this ammo shortage will) and the desire to turn everyone into criminals overnight (did you pay with cash? you might be a terrorist) are obvious signs.
And the worst part: they want you to take you with them.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
First we have a bad bill that they want to pass but critics reject, so they present an even worse bill so the critics can feel better about the lesser bad bill passing.
http://youtu.be/wbjlGKLaMFo?t=1m4s
[ link to this | view in chronology ]
?????????
[ link to this | view in chronology ]
Re: ?????????
Off topic: I just watched Firefox (1982), and the inspection at the airport and subway just looked similar to a TSA inspection ^^.
[ link to this | view in chronology ]
Re: Re: ?????????
(Drifting further off-topic): I've been using Firefox all morning and I haven't noticed anything weird of that nature.
What extensions are you using?
[ link to this | view in chronology ]
Re: Re: Re: ?????????
[ link to this | view in chronology ]
Re: Re: Re: Re: ?????????
[ link to this | view in chronology ]
Re: Re: Re: ?????????
[ link to this | view in chronology ]
This bill is perfect!
Bang. Problem solved.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
:-P
[ link to this | view in chronology ]
Please explain why computer crime should be exempt from charges of racketeering.
[ link to this | view in chronology ]
Re:
If a case involves computers it's being made easy to add the charge of racketeering.
See the difference?
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
1) I use Google doc to keep a list of all the people who've paid protection money to me and my crew.
This is a regular protection racket it just happens to use a computer, it is already covered by law and needs no additional protection. (the crime would be no different if I logged it all with a pen and paper instead of the internet)
2) I use a password that should have been revoked when I left my previous employer to access records.
Oooops I violated a badly worded IT security bill, I have not been collecting protection money this time but due to the vaguely worded bill a prosecutor may go after me for hacking crimes + a racketeering charge.
[ link to this | view in chronology ]
Re: Re: Re: Re:
Can anyone offer up something other than FUD?
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
Besides, burden of proof is on you. Explain why racketeering laws should be applied to crimes that used a computer irrespective of their relation to what was previously regarded as racketeering. Use examples based in reality, please.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
Hmm, I can't imagine who you people would be trying to protect here. Let me think really hard...
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re:
Or in today's parlance: occupiers, activists, young people, immigrants, ethnic minorities...and everyone else who isn't wielding a government hammer.
[ link to this | view in chronology ]
Re: Re: Re:
2. Other racketeers are also racketeering. They use computers. They can be still charged with racketeering.
3. People who aren't racketeers are not racketeering. They use computers. They cannot be charged with racketeering.
This is the current state of affairs. The CFAA would replace the word "cannot" in example #3 with the word "can".
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
I'm all for fixes but they need to be applied intelligently.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re:
And adding racketeering to the CFAA will fix that?
Here's a news flash for you. The virus scams are already committing fraud. The FTC goes after them already for that, and occasionally can track them down well enough to prosecute. Many still exist not because we lack laws to go after them for violating, but because there are so many and can be so difficult to track down.
[ link to this | view in chronology ]
Re: Re: Re:
Section 106 of this draft was inserted by the Attorney General's office and the outrage that I think that should be focused. The DOJ is asking for jurisdiction over the internet....and wants their own task force outside the NSA and the US Secret Service. They want their own power in it and that alone is what concerns me.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
They are scared
That proposal is yet another on a long string of laws trying to stem back the tide. The more extreme the proposal, the more scared it shows them to be.
[ link to this | view in chronology ]
Re: They are scared
[ link to this | view in chronology ]
Re: Re: They are scared
[ link to this | view in chronology ]
Re: They are scared
I can't wrap my head around the way these politicians' minds work. They know everyone hates them for what they're doing, but they keep doing it. They'd rather wallow in paranoia than give up control.
What's the point of having absolute power if you can't get a good night's sleep?
[ link to this | view in chronology ]
Too late
http://dept.kent.edu/sociology/lewis/lewihen.htm
THE MAY 4 SHOOTINGS AT KENT STATE UNIVERSITY: THE SEARCH
FOR HISTORICAL ACCURACY
BY
JERRY M. LEWIS and THOMAS R. HENSLEY
I remember walking around DC looking at all the tanks and half-tracks and soldiers on every traffic circle.
I stopped by Kent State this last summer on my way back from my son's graduation. There is a bullet hole in a sculpture on the campus from a round fired by the National Guard. What I never realized before is that the hole is in an I-beam that is approximately one quarter inch thick. It was a .30 caliber magnum round. It was used against US citizens who were also students, and some of whom were not yet adults. I think the legal age then was 21, so most of them were minors.
Those who do not fight for freedom will lose it.
[ link to this | view in chronology ]
Re: Too late
[ link to this | view in chronology ]
Re: Re: Too late
The National Guard troops at Kent State were using M1 Garand rifles, which were chambered for .30-06 Springfield. This is the type of round embedded in the statue artp mentioned.
[ link to this | view in chronology ]
Re: Re: Re: Too late
[ link to this | view in chronology ]
Re: Re: Re: Too late
Is this your first visit to Wally World?
[ link to this | view in chronology ]
Re: Re: Re: Re: Too late
[ link to this | view in chronology ]
Re: Re: Re: Re: Too late
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Too late
Wally World is from an old movie.
There is a 30, a rimless 30-30, but it isn't magnum nor a handgun or even made anymore.
[ link to this | view in chronology ]
Take for example Aaron Swartz it would be impossible to build a RICO case against him for actions over a 10 year period.
That aside I don't think that the feds need any more laws to go after people than they already have.
Further I think that many of the laws should be rescinded if they are not used except sporadically to inflict prosecutorial scorched earth actions.
[ link to this | view in chronology ]
Re:
-Tacitus
[ link to this | view in chronology ]
Re: Re:
great quote, and all too true...
art guerrilla
aka ann archy
eof
[ link to this | view in chronology ]
It makes it tougher on anyone trying to scam another person but the way it is written....it seemingly also makes this new bit open to abuse.
Racketeering, by definition, is making money from crimes committed while operating a legitimate business and using said business as a front for said criminal activities.
Just for an example, assuming abuse of power doesn't happen, WiseGeek has a pretty good explanation:
Many criminal acts can be included in this category, including theft and fraud against businesses or individuals. Governments can be victimized by racketeering by groups that counterfeit money and trade in untaxed alcohol. Providing illegal services, such as prostitution or drug trafficking, are also a form of racket. Racketeering also takes place among legitimate businesses or labor unions, where it is sometimes referred to as white-collar crime, and can include acts such as extortion and money laundering.
http://www.wisegeek.org/what-is-racketeering.htm
So any program run by Cyberdefender like MyCleanPC or DoubleMySpeed are affected. That is only an example.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
It's a scare tactic but we should sound the horn none the less to remind them that we won't take this lying down.
[ link to this | view in chronology ]
Now if you talk with others about the possibility of violating a terms of service -- say, talking to your 12 year old child about helping them sign up for Facebook even though the site requires you to be 13 -- you may have already committed a felony that can get you years in jail. That seems fair, right?
Is contradicted by this:
The new bill keeps the basic terms of accessing a computer without authorization the same and just ever so slightly trims back the "crime" of exceeding authorized access. Now, to violate the law by "exceeding" authorized access, you'd have to get access to "information from any protected computer" (or financial institution or US gov't agency) and the "value" of that info would need to be over $5,000 (who determines that?) and the access had to have been "committed for purposes of obtaining sensitive or non-public information of an entity or another individual (including such information in possession of a third party), including medical records, wills, diaries, private correspondence, financial records, photographs of a sensitive or private nature, trade secrets, or sensitive or non-public commercial business information" and was committed "in furtherance of any criminal act."
By the way, you forgot to shriek: "This will break the internet". Otherwise, it's a FUD masterpiece.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
accessing "information from any protected computer" (or financial institution or US gov't agency) and the "value" of that info would need to be over $5,000 (who determines that?) and the access had to have been "committed for purposes of obtaining sensitive or non-public information of an entity or another individual (including such information in possession of a third party), including medical records, wills, diaries, private correspondence, financial records, photographs of a sensitive or private nature, trade secrets, or sensitive or non-public commercial business information" and was committed "in furtherance of any criminal act.
Maybe you can explain how it is; Masnick has failed miserably.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
access had to have been "committed for purposes of obtaining sensitive or non-public information of an entity or another individual (including such information in possession of a third party), including medical records, wills, diaries, private correspondence, financial records, photographs of a sensitive or private nature, trade secrets, or sensitive or non-public commercial business information" and was committed "in furtherance of any criminal act.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
Best way to explain it:
You are a tad wrong about the article because Mike Mansick wasn't concerned with the entirety of the drafted bill, but was concerned with the inserts clearly added in by the DOJ into the draft.
[ link to this | view in chronology ]
Re:
You'd have to get access to "information from any protected computer" OR the "value" of that info would need to be over $5000 OR the access had to have been "committed for purposes of obtaining sensitive or non-public information of an entity or another individual..." OR was committed "in furtherance of any criminal act."
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Abominable
[ link to this | view in chronology ]
They left the sponsor field blank?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Page 10 Line 14 through Page 11 Line 10 makes DDOS attacks illegal when they disrupt critical systems pertaining to various businesses.
Page 11 Line 8 onwards involve disruption in communications on government computers.
These suggestions are clearly started and pertains to nothing thus far that Aaron Swartz actually did. This is the same Judiciary oversight committee who grilled attorney General Eric Eric Holder. Their job is to look at the rights of businesses and individuals on all sides when new laws are being drafted.
Page 12 protects the rights of individuals who have been convicted of other unrelated crimes in the past....even if you are on probation for other crimes, this sentencing process will only pertain to violations of the CFAA. You cannot get punished double time. However, if you are on probation concerning a violation of the CFAA, it is treated as a normal probationary hearing where you make your case to the judge as to the necessity of violating your probation. This brings the CFAA to modern law.
Those are all fine...however....Section 106 of this draft (Page 13 Line 20) is in fact the evil bit written in by the attorney general's office. The FBI is the current task force and are far more reliable and reasonable than the DOJ. The Judiciary Oversight Committee is getting Eric Holder's middle finger here.
The issue I have with Title II Subsection 201 (Page 14 line 3) is that it is a mess in diagnosis. It is clearly needed because neither Apple nor Google (does this make me a Microsoft fanboy because I criticized both my "beloved" Apple and Google at the same time??) have been entirely good at reporting security flaws to their customers when they are discovered. While the demand for transparency is generally good, it is also terribly bad because 14 days is sometimes not enough to thoroughly check out a problem. Android's various security flaws (if any) are usually found and fixed by users of Android and what compounds the problem is that these security holes in Android, at times, have been on the manufacturer's instruction set (the Samsung Galaxy S3's Xenos Processor was a notable issue). Apple's issue was complacency and was a major problem until the Flashback virus appeared, but they still don't understand these issues as well.
This all seems just fine until Title 1 section 106 onward...that is the only thing I have major issues with that I have had the energy to look through so far. Section 106 gives the Attorney General too much power, and Title II makes proper security disclosure impossible (14 days to report??? Seriously???).
[ link to this | view in chronology ]
I know how to stop this!
Stay w/ me...
Since just thinking about violating the CFAA would be a crime, wouldn't this affect writers? (they have to think like the bad guys for TV & movies -- this would probably affect the next Oceans or Bond movie) Let's point that out to the MPAA, that plots would be covered, & let them take care of this for us?
Hollywood has to be good for something, even if we have to engineer that something.
[ link to this | view in chronology ]
Re: I know how to stop this!
[ link to this | view in chronology ]
Democrats running for the house got over a million more votes then republicans running for the house, even if you exclude all races where a candidate ran unopposed because the district was so badly gerrymandered. Yet republicans have around a 20 seat majority, just what the people wanted right?
It's only fitting that such a house would decide "screw the American people and what they want" on CFAA.
[ link to this | view in chronology ]
ThoughtCrime
[ link to this | view in chronology ]
Re: ThoughtCrime
[ link to this | view in chronology ]
Re: ThoughtCrime
[ link to this | view in chronology ]
Re: ThoughtCrime
[ link to this | view in chronology ]
Re: ThoughtCrime
[ link to this | view in chronology ]
[ link to this | view in chronology ]
There are some corporate network admins that have not only wanted to criminalise bypassing the corporate firewall and/or looking at banned websites, but also want to crminalise VPN or proxy providers who services just happen to be used to conceal internet activity from the boss. Basically, there those who do not want CDA 230 and/or DMCA 512 to apply, if a service is used by someone at work. I used to lock horns with the denizens of comp.security.firewalls over this.
And this would also apply to VPN and proxy providers outside the US, if some of the netowrk admins that used to inhabit comp.security.firewalls had their why.
This would be something nearly impossible for VPN and proxy providers to police, particularly if the content being accessed is otherwise lawful.
They would also, if they had their way, outlaw web sites blocking, at the firewall level, filtering vendors from accessing and categorising sites for blocking lists. I do that now with my online radio station, so that it is not blocked in most workplaces. Might we see something like that in the new CFAA?
So don't be surprised if some of this ends up in the new CFAA.
[ link to this | view in chronology ]
Re:
I would not be surprised if the the new CFAA were to make me a felon just for merely providing the service.
[ link to this | view in chronology ]
Re: Re:
Sysadmins wouldn't mind it so much if they'd run on a port that could conveniently be deprioritized but the current setup means they're competing for bandidth with all of your actual business traffic.
At a bit over 64kb/s each, just 2 people on pandora can cripple a T1 line costing >$200/mo for 1.44mb/s.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Government is Evil!!!! Government is Evil!!!
Is techdirt owned by CNN, MSNBC, ABC, FOX, or NBC? Because you've followed precisely in their footsteps of providing all the information except what matters: WHO IS RESPONSIBLE. This can always be tied to name(s), but no one seems to give a shit about accountability in this country anymore.
. . . .but let jus a keep on a blamin' the guvment
[ link to this | view in chronology ]
Re:
It doesn't matter who it is, the next batch of politicians would have done the same thing also.
Why?
Because there is a system in place that perpetuates the "old ways", there is a system in place that more often than not leads to this kinds of actions.
So no, you can change the politicians all you want, if you didn't change the support they count on it to make those decisions you changed nothing at all.
Politicians are sacrificial tokens, what you want is to find the ones behind it.
[ link to this | view in chronology ]
Anti Whistle-Blower
[ link to this | view in chronology ]
Re: Anti Whistle-Blower
[ link to this | view in chronology ]
Re: Re: Anti Whistle-Blower
[ link to this | view in chronology ]
The Final Warning
http://www.youtube.com/watch?v=ox-shlDXKO4
[ link to this | view in chronology ]
Small government at work
[ link to this | view in chronology ]
"Spviet AmurrriKKKa" has such a nice ring to it...
[ link to this | view in chronology ]
CyberWeek?
[ link to this | view in chronology ]
Good Luck...
He'll be able to use this to go after political opponents, which is why you can expect it to pass both chambers and be signed into law as-is.
The one thing both parties agree upon is that there should be no limit to the power of almighty government and politicians who think they're God.
[ link to this | view in chronology ]
[ link to this | view in chronology ]