Aaron's Law Finally Introduced: Reform The CFAA
from the it's-about-time dept
Today, Zoe Lofgren and Jim Sensenbrenner in the House and Ron Wyden in the Senate introduced "Aaron's Law," an attempt to reform the widely abused CFAA, so that it no longer sweeps up innocent activity.Vagueness is the core flaw of the CFAA. As written, the CFAA makes it a federal crime to access a computer without authorization or in a way that exceeds authorization. Confused by that? You're not alone. Congress never clearly described what this really means. As a result, prosecutors can take the view that a person who violates a website's terms of service or employer agreement should face jail time.The proposal tries to focus the law back to where it was intended when initially put in place:
So lying about one's age on Facebook, or checking personal email on a work computer, could violate this felony statute. This flaw in the CFAA allows the government to imprison Americans for a violation of a non-negotiable, private agreement that is dictated by a corporation. Millions of Americans — whether they are of a digitally native or dial-up generation — routinely submit to legal terms and agreements every day when they use the Internet. Few have the time or the ability to read and completely understand lengthy legal agreements.
It establishes a clear line that's needed for the law to distinguish the difference between common online activities and harmful attacks.Among those specific lines, it notes that a "mere breach of terms of service, employment agreements, or contracts are not automatic violations of the CFAA." It also makes the penalties more reasonable, so people aren't facing many years in jail for doing something minor. It's well past due that the CFAA get fixed. Hopefully this is a start down that path.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: aaron swartz, aaron's law, cfaa, cfaa reform, jim sensenbrenner, ron wyden, zoe lofgren
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
"a digitally native or dial-up generation"???
"As a result, prosecutors can take the view that a person who violates a website's terms of service or employer agreement should face jail time." -- Maybe, but they don't. The Swartz case was not only one of the rare ones brought forward, but far better based than that.
I've already given my view that Aaron Swartz is no hero by sneaking into a closet to download files just on a whim to "liberate" data. But there's obviously a contingent who think he is. -- Even Alex Jones!
[ link to this | view in chronology ]
Re: "a digitally native or dial-up generation"???
[ link to this | view in chronology ]
Re: Re: "a digitally native or dial-up generation"???
[ link to this | view in chronology ]
Re: "a digitally native or dial-up generation"???
[ link to this | view in chronology ]
Re: "a digitally native or dial-up generation"???
Except Aaron Swartz did face jail time. He committed suicide because he faced an inordinate amount of jail time that in no way reflected the seriousness of his crime (or lack thereof).
He faced that jail time because an overzealous prosecutor used the CFAA to hang the threat of decades of jail time over Swartz's head.
The rarity of such cases doesn’t matter. The innocence or guilt of Swartz doesn’t matter. A equitable judicial process that protects the innocent and hands out appropriate and fair punishments to the guilty matters.
The CFAA as it stands today allows prosecutors to threaten people with decades behind bars for something as simple as sharing a Facebook password. Any legislature worth a damn would (and should) see this law as ripe for potential abuse and do whatever it could to correct it.
Or would you prefer to spend twenty years behind bars because you accidentally logged into to someone’s Facebook account after they left it ‘open’ on your computer?
[ link to this | view in chronology ]
Re: Re: "a digitally native or dial-up generation"???
[ link to this | view in chronology ]
Re: Re: Re: "a digitally native or dial-up generation"???
Fixing the CFAA to make it harder (if not near-impossible) for prosecutors to bring charges against people for something as innocuous as a couple sharing each other’s passwords would make for a good starting point, though.
[ link to this | view in chronology ]
Re: Re: Re: Re: "a digitally native or dial-up generation"???
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: "a digitally native or dial-up generation"???
[ link to this | view in chronology ]
Re: "a digitally native or dial-up generation"???
But he wasn't a criminal either. You normally go after people with the full force of the law because they aren't heros?
[ link to this | view in chronology ]
Coincidence?
[ link to this | view in chronology ]
Does this fix the TOS violation issue?
This text seems to be the same sort of thing as before. I thought Zoe had something better in mind.
[ link to this | view in chronology ]
Re: Does this fix the TOS violation issue?
Section 1030(e)(6) of title 18, United States Code, is amended by striking ''alter;'' and inserting the following: ''alter, but does not include access in violation of an agreement or contractual obligation, such as an acceptable use policy or terms of service agreement, with an Internet service provider, Internet website, or employer, if such violation constitutes the sole basis for determining that access to a protected computer is unauthorized;''
[ link to this | view in chronology ]
Re: Re: Does this fix the TOS violation issue?
(However the company that had such a lousy system should be liable for failing to protect customer private data).
[ link to this | view in chronology ]
Re: Re: Re: Does this fix the TOS violation issue?
[ link to this | view in chronology ]
Digital rights reforms are far more urgent since the public has been almost entirely convinced that they don't own what they buy. Even if it isn't written that way legally, DRM gives companies the power to achieve it in practice, and what is widely practiced tends to become the law. In other words, if people stop acting like they own things, for example allowing secondary markets for software and music to dry up, it will be easier for judges and legislatures to forget that these personal property rights ever existed.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
It makes no difference anyway
Whatever it is... I'm against it!
No matter what it is or who commenced it
I'm against it!
Your proposition may be good
But let's have one thing understood
Whatever it is... I'm against it!
And even when you've changed it or condensed it
I'm against it!
I'm opposed to it
On general principle, I'm opposed to it.
He's opposed to it
In fact, indeed, that he's opposed to it!
For months before my son was born
I used to yell from night to morn
Whatever it is... I'm against it!
And I've kept yelling since I first commenced it
I'm against it!
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
What's the point of pretending like you can keep me off of TD when you make a living out of ridiculing others who pretend like they can block people from doing what they want on the internet?
Seriously. I know you see the irony. But what's the point? I post whatever I want, whenever I want. Your attempts to censor me are completely, 100% laughable and stupid.
Let me ask you this… Why do you, a man who pretends like he loves anonymity and freedom on the internet, make a point to block TOR IP addresses whenever they are used to criticize you?
Seriously. Are you so ashamed and insecure that you have to block TOR, the tool of freedom fighters who rage against dictators, to stop me from criticizing you?
Are you so scared of criticism that you think it’s worth it to block TOR exit nodes rather than receive any criticism whatsoever?
You’re just like China. And you fucking know it.
You are doing whatever you can to censor those who challenge you. Just like China. And you fucking know it.
Toodles!
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
If you were an honest person, your posts of "whatever I want, whenever I want" would be posts that add to the discussion, not taunts and cowardly accusations.
Blocking juvenile, immature morons who lie, slander and harrass without legitimate reason is NOT censorship.
You're in the wrong. And you fucking know it.
[ link to this | view in chronology ]
That's right. Mr. Mike "Internet Freedom and Anonymity" Masnick is so scared of personal criticism that he'd rather block a TOR exit node--the tool of dissidents who criticize their oppressors--rather than leave the TOR IP address open to those who may want to criticize him or others on Techdirt.
Protector of freedom on the internet? You decide. His actions are just like those of an insecure dictator, and he knows it. Mike is just like China, feverishly oppressing those who dare to speak out against him.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
> to censor it
Wow. You are seriously exhibiting signs and symptoms of an Axis II personality disorder.
[ link to this | view in chronology ]
Re: Re:
Meanwhile, on the original topic: if you ask me, violating the CFAA should require fraudulently obtaining and using, or fraudulently bypassing the check for, an access credential such as a password. Merely accessing a service's public interface shouldn't qualify. Gaining privilege on the server by exploiting a bug, or running a dictionary attack on password hashes to log in as someone else, those are the things the law is supposed to be about.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Not really a change
The current law is pretty straight - if you aren't suppose to access it, don't access it.
Reducing the penalties and giving hackers more outs to work with is NOT a good change to the law. It would appear that this is mostly the usual grandstanding political types using Aaron's death for political advantage and points. That is sad.
[ link to this | view in chronology ]
CFAA + NSA surveillance = bad news
Th CFAA says things such as checking personal email at work, or presumably reading non-work related websites at work (as I'm doing just now - but shhhhh) could mean jail time.
Never mind the size of your lobsters, ever made a personal phonecall from work?
Still think you have nothing to hide?
[ link to this | view in chronology ]
Congress need to sit back a bit and think what they have been doing, think about what they are going to do and how they are going to do it before enacting. they have made a lot of mistakes, some intentionally, but it isn't them that suffer. it needs to stop now!!
[ link to this | view in chronology ]