Announcement

Collapse
No announcement yet.

How computer hacking laws make you a criminal

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • How computer hacking laws make you a criminal


    In 1970, a 14-year-old boy dialed into a nationwide computer network, uploaded a virus he had written and caused the entire network to crash.

    That boy was Bill Gates. Five years later, he founded Microsoft.

    A few years later, two young men went around college dorms in California selling boxes of wires that let students bypass telephone-company restrictions and make long-distance calls for free.

    Those young men were Steve Jobs and Steve Wozniak, and a later venture they started, Apple, is now the most valuable company in the world.

    In 2010, another young man, who had already founded a multimillion-dollar company, broke into a utility closet at the Massachusetts Institute of Technology.

    Advertise | AdChoices

    He hooked up a laptop to the campus network and downloaded 4 million academic journal articles, most of them in the public domain, from a paid archive to which he had a subscription.

    He was arrested, indicted twice on multiple counts of fraud and, at a trial that was to have begun in April, could have faced 50 years in federal prison and a $1 million fine.

    His name was Aaron Swartz, and last week he took his own life.

    More computers, more prosecutions
    The difference between the fates of Gates, Jobs and Wozniak on the one hand, and of Swartz on the other, originates with the Computer Fraud and Abuse Act.

    The CFAA is a 1986 law, section 1030 of the federal criminal code, which makes any unauthorized access into a protected network or computer a federal crime and permits harsh penalties for those convicted.

    But 1986 was a long time ago. Today, any Web server can be defined as a protected computer, and almost anything can be defined as unauthorized access.

    Use your roommate's Netflix account to watch movies on your iPad? You're violating the CFAA.

    Trim the URLs of articles on the New York Times website so you can read them for free? You're breaking federal law.

    Check your Facebook page at work, even if your employer forbids it? Better call your lawyer.

    If that sounds ridiculous, here's a fact: Andrew "Weev" Auernheimer, a well-known "gray hat" hacker, was convicted in November of fraud and conspiracy for harvesting data from a publicly accessible server. He's facing up to 10 years in prison at his sentencing next month.

    There weren't any passwords protecting the data Auernheimer and his friend, who later testified against him, downloaded. All they did was change numbers in URLs and press "return." But according to the CFAA, they were breaking the law

    "The punishments for these crimes are hugely disproportionate to the offenses listed," said Adam Goldstein, an attorney advocate at the Student Press Law Center in Arlington, Va. "We wrote these laws based on the 1980s view of the worst-case scenario of hacking in a networked world."

    To Robert Graham, chief executive officer of Errata Security in Atlanta, the CFAA is "hopelessly out of date, and can be used to prosecute anybody for almost anything."

    Advertise | AdChoices

    "The issue is 'authorization,'" Graham said. "Back in 1986, everyone had to be explicitly authorized to use a computer with an assigned username and password.

    "But today, with the Web, we access computers with reckless abandon without knowing whether we are authorized or not," he added. "When you click on a URL, you are technically in violation of the law as it was designed."

    Swartz was facing more prison time than he would have if he'd committed a serious physical crime, such as assault, burglary, grand theft larceny or involuntary manslaughter.

    "Why the penalties are stiffer for e-crime does not make sense," said Chester Wisniewski, an American who works as a senior security analyst in the Vancouver, British Columbia, office of the British security firm Sophos. "These penalties are more in line with murder than theft."

    "There is a serious problem in federal criminal law where the use of a computer ratchets up a criminal sentence dramatically out of proportion from the harm caused," said Hanni Fakhoury, a staff attorney at the Electronic Frontier Foundation in San Francisco.

    "We wrote laws designed to punish the worst monsters of William Gibson's nightmares," Goldstein said. "We're wielding them against people who download journal articles and steal naked pictures from Scarlett Johansson."
    How computer hacking laws make you a criminal - Technology on NBCNews.com
    In the realm of spirit, seek clarity; in the material world, seek utility.

    Leibniz

  • #2
    a sick and saddening story - journal articles:confu: - and mr virus is a billionaire - funding other virus writers (giving multimillion dollar "research" contracts to several notorious virus writers) while squashing Linux with cash to certified MS engineers (a 500$ credit for agreeing to not install or support Linux)...

    Is there a crueler way to kill someone than to drive them to kill themself?

    It reminds of a satirical Family Guy episode - BG is flying along with his cronies (they can fly w/o mechanicial assistance in the spoof) and they look down at the people "they look like ants" says Ted Turner - "They are ants" says BG...

    I don't think it was really that stretched from what these people actually believe about "commoners"... Our laws and justice system seem to support their elitism.
    Last edited by USSWisconsin; 18 Jan 13,, 20:13.
    sigpic"If your plan is for one year, plant rice. If your plan is for ten years, plant trees.
    If your plan is for one hundred years, educate children."

    Comment


    • #3
      This article, like many others, makes it sound as if he was facing a 50 year sentence and $1 million in fines. He wasn't. The truth is he was offered a plea bargain of 6 months in a minimum security facility before he killed himself.

      Since I'm not planning on breaking and entering anyone's property and hacking their system to steal data, or have heard any incidents of people being charged for checking facebook from work, I'm not too worried about being convicted under the CFAA.

      Comment


      • #4
        JSTOR is a digital repository that archives content from journal articles, manuscripts, GIS systems, and scanned plant specimens and disseminates it online.[60] Swartz was a research fellow at Harvard University, which provided him with a JSTOR account. Additionally, visitors to MIT’s “open campus” were authorized to access JSTOR through its network.
        According to state and federal authorities, over the course of a few weeks in late 2010 and early 2011 Swartz downloaded a large number of academic journal articles from JSTOR through MIT’s computer network. The authorities say Swartz downloaded the documents through a laptop connected to a networking switch in a controlled-access wiring closet.
        According to press reports, the door to the closet was kept unlocked.

        Aaron Swartz - Wikipedia, the free encyclopedia

        He didn't break in anywhere.
        Last edited by Parihaka; 27 Mar 13,, 16:36.
        In the realm of spirit, seek clarity; in the material world, seek utility.

        Leibniz

        Comment


        • #5
          Originally posted by Wooglin View Post
          This article, like many others, makes it sound as if he was facing a 50 year sentence and $1 million in fines. He wasn't. The truth is he was offered a plea bargain of 6 months in a minimum security facility before he killed himself.

          Since I'm not planning on breaking and entering anyone's property and hacking their system to steal data, or have heard any incidents of people being charged for checking facebook from work, I'm not too worried about being convicted under the CFAA.
          And if he didn't except that plea bargain was he facing 50yrs and $1million fine?

          Comment


          • #6
            Originally posted by dave lukins View Post
            And if he didn't except that plea bargain was he facing 50yrs and $1million fine?
            Nope

            Comment


            • #7
              Originally posted by Parihaka View Post
              JSTOR is a digital repository that archives content from journal articles, manuscripts, GIS systems, and scanned plant specimens and disseminates it online.[60] Swartz was a research fellow at Harvard University, which provided him with a JSTOR account. Additionally, visitors to MIT’s “open campus” were authorized to access JSTOR through its network.
              According to state and federal authorities, over the course of a few weeks in late 2010 and early 2011 Swartz downloaded a large number of academic journal articles from JSTOR through MIT’s computer network. The authorities say Swartz downloaded the documents through a laptop connected to a networking switch in a controlled-access wiring closet.
              According to press reports, the door to the closet was kept unlocked.

              Aaron Swartz - Wikipedia, the free encyclopedia

              He didn't break in anywhere.
              Oh please. The closet was there for visitors to connect to the network from a spoofed address? Were they all required to hide their faces when entering, or was that just him?

              Comment


              • #8
                Originally posted by Wooglin View Post
                Oh please. The closet was there for visitors to connect to the network from a spoofed address? Were they all required to hide their faces when entering, or was that just him?
                So why wasn't he charged for breaking and entering by the local police? Why instead was he charged with multiple federal crimes? I really don't see where your going with this.
                In the realm of spirit, seek clarity; in the material world, seek utility.

                Leibniz

                Comment


                • #9
                  Originally posted by Parihaka View Post
                  So why wasn't he charged for breaking and entering by the local police? Why instead was he charged with multiple federal crimes? I really don't see where your going with this.

                  breaking and entering

                  n. 1) the criminal act of entering a residence or other enclosed property through the slightest amount of force (even pushing open a door), without authorization. If there is intent to commit a crime, this is burglary. If there is no such intent, the breaking and entering alone is probably at least illegal trespass, which is a misdemeanor crime. 2) the criminal charge for the above.
                  See also: burglary trespass
                  He WAS arrested on state breaking and entering charges. The charges were dismissed after the Feds indicted him and worked up their own case. It's in your own link.

                  I just find the article misleading and overly dramatic. I'm not worried about potential CFAA charges for the reasons I stated above. I just don't see breaking and entering and hiding a laptop with a spoofed address to steal data the same as logging into facebook from work, as the article is trying to suggest. It's a stupid argument.

                  Comment


                  • #10
                    IMO, any prison time for what he did, as a first offence, was unwarrented. Perhaps probabtion, loss of access, a fine, or community service. Who was harmed? What damage was done? What would this have cost them if they hadn't found out about it?

                    On the other hand, someone nearly kills dozens of people and destroys a billion dollar SSN and they get 17 years. This guy was facing 50 years a million dollar fine and had to accept 6 months in federal prison in a "plea bargin"? For downloading journals? The closet wasn't locked - so he was granted access. Perhaps he should have been expelled or suspended from using these facilities - but federal prison for 6 months?

                    Perhaps the starting sentance should have been a year in prison and should have been reduced to a year of probation and community service, with his access priveleges revoked for a longer period.
                    sigpic"If your plan is for one year, plant rice. If your plan is for ten years, plant trees.
                    If your plan is for one hundred years, educate children."

                    Comment


                    • #11
                      Originally posted by USSWisconsin View Post
                      IMO, any prison time for what he did, as a first offence, was unwarrented. Perhaps probabtion, loss of access, a fine, or community service. Who was harmed? What damage was done? What would this have cost them if they hadn't found out about it?

                      On the other hand, someone nearly kills dozens of people and destroys a billion dollar SSN and they get 17 years. This guy was facing 50 years a million dollar fine and had to accept 6 months in federal prison in a "plea bargin"? For downloading journals? The closet wasn't locked - so he was granted access. Perhaps he should have been expelled or suspended from using these facilities - but federal prison for 6 months?

                      Perhaps the starting sentance should have been a year in prison and should have been reduced to a year of probation and community service, with his access priveleges revoked for a longer period.
                      I'm really a bit surprised this keeps coming up... why do you people think you're entitled to enter and do anything you want if a door isn't locked? If he was entering someone's unlocked dorm room on this same "open campus" and stealing their stuff it would be ok because the door wasn't locked? WTF?

                      No, he wasn't granted access. He snuck into a network room in the basement, connected his laptop to a network switch and then hid the laptop, and snuck in again later to retrieve it. This room is not a public network access point, and he knew that.

                      Comment


                      • #12
                        Originally posted by Wooglin View Post
                        I'm really a bit surprised this keeps coming up... why do you people think you're entitled to enter and do anything you want if a door isn't locked? If he was entering someone's unlocked dorm room on this same "open campus" and stealing their stuff it would be ok because the door wasn't locked? WTF?
                        Because 50 years is way too much for entering unlocked room compared to some other sentences.

                        No, he wasn't granted access. He snuck into a network room in the basement, connected his laptop to a network switch and then hid the laptop, and snuck in again later to retrieve it. This room is not a public network access point, and he knew that.
                        Even if so, the penalty he alegedly faced is way too high. Why you can't understand this point?
                        No such thing as a good tax - Churchill

                        To make mistakes is human. To blame someone else for your mistake, is strategic.

                        Comment


                        • #13
                          Wooglin, Doktor answered for me, so I won't repeat those points, I suggested a punishment that fits the crime. Of course it was wrong, but not as wrong as the penalty applied.


                          Perhaps he should have been expelled or suspended from using these facilities - but federal prison for 6 months?

                          Perhaps the starting sentance should have been a year in prison and should have been reduced to a year of probation and community service, with his access priveleges revoked for a longer period.
                          If we really appiled this level of inforcement to everyone, we would go broke paying for prisons in a year or two.
                          Last edited by USSWisconsin; 27 Mar 13,, 22:07.
                          sigpic"If your plan is for one year, plant rice. If your plan is for ten years, plant trees.
                          If your plan is for one hundred years, educate children."

                          Comment


                          • #14
                            Originally posted by Doktor View Post
                            Because 50 years is way too much for entering unlocked room compared to some other sentences.
                            Who was giving him 50 years for entering an unlocked room? He was charged with 13 counts that didn't even include the illegal entry afaik, so I'm not sure what you're even talking about. Regardless, the sentence wasn't what I was discussing. It was the suggestions that he did nothing wrong because a door was unlocked. It's totally absurd.

                            Even if so, the penalty he alegedly faced is way too high. Why you can't understand this point?
                            I understand that point. However, that wasn't the point I was arguing.

                            Comment


                            • #15
                              JSTOR is a digital repository that archives content from journal articles, manuscripts, GIS systems, and scanned plant specimens and disseminates it online.[60] Swartz was a research fellow at Harvard University, which provided him with a JSTOR account. Additionally, visitors to MIT’s “open campus” were authorized to access JSTOR through its network.[61]
                              Wikipedia

                              If he had access to this data, how was it stealing? It was misuse of his access, and most likely was a violation of the terms and conditions.


                              It was the suggestions that he did nothing wrong because a door was unlocked. It's totally absurd.
                              Where did someone say he did nothing wrong?
                              sigpic"If your plan is for one year, plant rice. If your plan is for ten years, plant trees.
                              If your plan is for one hundred years, educate children."

                              Comment

                              Working...
                              X