Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Politics Your Rights Online

Aaron's Law Is Doomed and the CFAA Is Still Broken 134

I Ate A Candle (3762149) writes Aaron's Law, named after the late internet activist Aaron Swartz, was supposed to fix U.S. hacking laws, which many deem dated and overly harsh. But the bill looks certain to wither in Congress, thanks to corporate lobbying, disagreements in Washington between key lawmakers and a simple lack of interest amongst the general population for changes to the Computer Fraud and Abuse Act. Representative Zoe Lofgren blamed inactivity from the House Judiciary Committee headed up by Representative Bob Goodlatte, which has chosen not to discuss or vote on Aaron's Law. There is still an appetite for CFAA reform, thanks to complaints from the security community that their research efforts have been deemed illegal acts, perversely making the internet a less secure place. But with the likes of Oracle trying to stop it and with Congress unwilling to act, change looks some way away.
This discussion has been archived. No new comments can be posted.

Aaron's Law Is Doomed and the CFAA Is Still Broken

Comments Filter:
  • Well (Score:5, Insightful)

    by Njorthbiatr ( 3776975 ) on Wednesday August 06, 2014 @10:24AM (#47614443)
    What did you expect from an oligarchy?
    • Re:Well (Score:4, Insightful)

      by gstoddart ( 321705 ) on Wednesday August 06, 2014 @10:29AM (#47614489) Homepage

      What did you expect from an oligarchy?

      I think it's worse than that ... it's a nascent authoritarian state which is beholden to an oligarchy.

      Which means whatever the government doesn't control is in the hands of the corporations.

      So, if you're not being screwed in the name of secret national security by agencies which lie cheat and steal ... you're being screwed in the name of corporate profits. Or both.

      As a free society, America has pretty much almost ran it's course.

      Papers please, comrade, and don't forget to keep the economy going by buying stuff from one of our sponsors.

      • Re:Well (Score:5, Insightful)

        by JWW ( 79176 ) on Wednesday August 06, 2014 @10:38AM (#47614571)

        Yep.

        I'm growing tired of counting all the things that supermajorities of the people want that the government will never ever allow us to have.

        There are so many things that could be reformed/improved/eliminated/added in the context of government that the PEOPLE truly want (and want through large majorities) that it boggles the mind.

        However, if any of these things have a negative impact on the power of our politicians, or the power of their lobbyists, or the power of their party leaders, or the power of their special interest groups, then screw us.

        • I'm growing tired of counting all the things that supermajorities of the people want that the government will never ever allow us to have.

          It doesn't matter what you want. It only matters what you vote for. Bob Goodlatte represents Virginia's 6th congressional district, which includes Roanoke, Lynchburg, Harrisonburg and Staunton. If you live in that area, and this issue is important to you, then you should vote for someone else on November 4th. Zoe Lofgren represents San Jose, California, and deserves support on this issue.

  • Face it ... (Score:5, Insightful)

    by Anonymous Coward on Wednesday August 06, 2014 @10:25AM (#47614447)

    The fascists are never going to give up power now that they have it.

    And, at this point, it is fairly obvious that both parties are more than willing to vote in favor of fascism.

    This is all about government control and secrecy, and if anybody is going to hack into anything with permission it's the NSA et al.

    Pathetic, in my lifetime, America has become a joke -- face it, you suck, your government sucks, and you've turned your backs on rights and freedoms.

    America deserves what it gets at this point, and deserves a massive amount of contempt and distrust from the rest of the world.

    You have become the fucking problem.

    • The fascists are never going to give up power now that they have it.

      And, at this point, it is fairly obvious that both parties are more than willing to vote in favor of fascism.

      This is all about government control and secrecy, and if anybody is going to hack into anything with permission it's the NSA et al.

      Pathetic, in my lifetime, America has become a joke -- face it, you suck, your government sucks, and you've turned your backs on rights and freedoms.

      America deserves what it gets at this point, and deserves a massive amount of contempt and distrust from the rest of the world.

      You have become the fucking problem.

      Why is this modded "flamebait"? It is the truth.

      • by mellon ( 7048 )

        No, it's flamebait. If you care about this, get involved in politics. If you don't care enough to get involved, go back to your pizza and your TV.

        • by Anonymous Coward
          I would, but since I'm not rich, I can't afford to.
          • by mellon ( 7048 )

            No, I don't mean buy politics. I mean get involved.. The whole point of votes is that everybody gets the same number. When change occurs in government, it occurs because people get involved.

    • And what, as American Citizens, would you have us do? Rise up in arms? Overthrow our government? I participate in the civil process, I encourage others to do so, I write my politicians when I'm concerned about specific issues. What else is there?

      I agree the country is going to hell in a hand basket but fuck that "you get what you deserve" bullshit. Not everyone in this country lives on the fringe of political opinion; the majority do not. Yes, fuck our government for ignoring the will of the people but fuck

      • by mellon ( 7048 )

        Vote. In. The. Primary. If you are in a gerrymandered district, register for the party that owns the district. Participate in the campaign if you have time. Run for office if you have more time. Even if you don't win, if you get attention you can move the Overton window in your direction.

        • Re:Face it ... (Score:5, Interesting)

          by usuallylost ( 2468686 ) on Wednesday August 06, 2014 @01:46PM (#47616059)

          That is good advice. A huge number of Americans do not understand that we have a two election system. The primaries for the various parties and then the general election. The party's policy positions are frequently fought out in the primary process. Since such a small percentage of the population participates in those the will of the party elite tends to hold sway. If you want to change what happens a primary challenge is a much smaller undertaking and has the potential for greater impact than any other method of directly challenging the current system. Absent a primary upset odds are that the person on the ballot for both parties is an entrenched establishment player. Mostly because they are the only ones who come out for primaries.

          The Virginia seventh district is a prime example of how a comparatively small and not well funded group of upset voters can change the entire dynamic of a race. An unknown comparative outsider came into the race and spent ~$250,000, which is chump change in congressional elections, and took down Eric Cantor. Because the voter pools are so much smaller it is much easier for a group to impact policy at that level. In the general election you frequently add a zero to the number of voters involved and to the amount of money you have to spend to get your message out. The key is upset local people changed the power structure in the house by particpating in the primary.

      • I agree the country is going to hell in a hand basket

        Note that this has been a common belief for the last 50 years or so.

        Arguably, it's been a common belief for the last century....

      • And what, as American Citizens, would you have us do? Rise up in arms? Overthrow our government?

        First, contact elected officials, both your own and those in a position over the bill's progress. I wrote to six of them today when I read the story. I also contacted several of the committee members including Bob Goodlatte who is the committee chairman [house.gov]. Yes, one person is unlikely to get much change, but enough people contacting his office can induce change.

        Second, encourage those around you contact their representitives, and encourage them to directly contact those in the committee who can get things ch

    • The fascists are never going to give up power now that they have it.

      Pathetic.

      Translating geek speak into English:

      " I don't know how to communicate effectively with voters and make my issues and my candidates a driving force in any political campaign.

      When I lose I'll take refuge in Godwinism and talk of bribery, further alienating the voters whose advise and support I need the most."

  • More and more IT security companies and conferences are moving abroad to evade insane politicians.

    Remember when Black Hat Las Vegas was the ITSEC Mecca? People started praying in a different direction a while ago.

  • by guises ( 2423402 ) on Wednesday August 06, 2014 @10:34AM (#47614525)
    Apparently Oracle has sunk $1.36 mil into lobbying against this because they are using the CFAA to "protect trade secrets." Presumably they're holding the threat of ridiculous prison sentences over their employees' heads to keep them from leaking any of Oracle's precious bodily fluids, but someone must have some idea of what it is that Oracle is trying to hide, even if you all don't know the particulars. Spill.

    Is it some special sauce for tricking state governments into contracting with Oracle when they could be working with a different, competent company? Or into buying ten times as many licenses as they actually need? Doubtless there's some reason why Oracle is as rich as it is...
    • by gstoddart ( 321705 ) on Wednesday August 06, 2014 @10:43AM (#47614601) Homepage

      You know what, this is precisely what happens when you decide corporations are people, and that money equals speech ... your democratic process becomes subverted by the will of corporations and ceases to be about representing the people.

      It's pretty much all downhill from here.

      • Well, maybe if people stopped deciding who to vote for based on television commercials and put some actual thought into it we would get a more responsible government.
      • by PPH ( 736903 )

        corporations are people, and that money equals speech

        Its worse than that. You and I can speak. But corporations can issue the equivalent of royal* edicts. If we have a disagreement, we have to take it up in court as a civil matter. A corporation can create law and define some activity as illegal, making it a criminal offense. And they can expect the administration and courts to do their bidding based on that.

        Our Constitution places limits on what Congress, the courts, the Administration and the people can and cannot do. So how is it that they were empowered

    • ... and Oracle was afraid they would do something. They wasted their money.

    • by mwvdlee ( 775178 )

      Apparently Oracle has sunk $1.36 mil into lobbying against this because they are using the CFAA to "protect trade secrets."

      Sounds like an insane argument. Defending a law because you're using it for something it wasn't intended to be used for.

      • Sounds like an insane argument. Defending a law because you're using it for something it wasn't intended to be used for.

        In fairness, the government does it all the time ... so it's no more screwed up when corporations do it.

        News flash, badly written laws get misused.

        The problem comes when the people passing laws have no idea of what they say, the laws are written by corporate lobbyists, and the law makers ignore people pointing out the flaws in the law before it's passed.

        When your elected representatives ow

        • News flash, badly written laws get misused.

          Every tool is a weapon in the hands of someone with violent intent.

          Business is a battlefield. Weapons are damn useful in a battlefield.

          Business is ultimately responsible for the weaponization of the law. How could anyone argue that the CFAA is intended for anything else? If no one is digging holes, the only use left for a shovel is bashing your adversaries. The only question left, and it's purely an academic one, is whether this (mis-)use of the CFAA is an accide

  • CFAA & Aaronsw (Score:4, Insightful)

    by Anonymous Coward on Wednesday August 06, 2014 @10:34AM (#47614531)

    CFAA may be broken but what Aaron did was still wrong and I don't think the law should be changed to make his behavior legal, which is the impression I get when the bill is named after him. I'm sure many others feel the same way. Sure, Swartz will be missed and many people are blaming themselves for not recognizing the signs of mental illness and helping him before he killed himself. However, I'd do the same thing MIT did if I discovered some creep walking in off the street and causing all the researchers to lose access to a major database, kept evading blocks over a period of months, and broke into a wiring closet to hook up his own equipment. Likewise, if some creep was trying to "keepgrabbing" my entire database, creating more traffic than all of my other customers combined, and jeopardizing my relationship with one of my biggest customers, you bet your ass I'd call the cops. Somehow, however, Swartz apologists keep trying to hitch this wagon up to the "I didn't read a web sites ToS and now I have a felony conviction" cause.

    • Re:CFAA & Aaronsw (Score:5, Insightful)

      by king neckbeard ( 1801738 ) on Wednesday August 06, 2014 @10:58AM (#47614703)
      I don't think that people are wanting his actions to be totally legal so much as just having reasonable punishment. I think naming it Aaron's law is to demonstrate that it is a means of preventing the abuse of the CFAA in the way it was used against Aaron.
      • I don't think that people are wanting his actions to be totally legal so much as just having reasonable punishment.

        Six months sounds more than reasonable - however Swartz and his lawyers decided that was unreasonable and decided to enage in a high stakes game of chicken with Swartz's freedom on the line because Swartz wanted to be The Hero and Fight Back Against The Man. He and lawyers forgot two important things however, first - don't bet what you can't afford to lose, second - don't bluff unless you're

        • For the actions committed, I would see reasonable as a fine not exceeding $1000 and/or 40 hours or less of community service.
          • In other words, essentially no punishment at all. That's not reasonable in any sense of the words.

            • My terms are somewhere along the lines of a serious traffic ticket or a bout of drunken stupidity. I would hold his actions to be about there on the scale of severity, doubly so because it is very much in line with the kind of mischief that MIT's hacker culture has.
    • by Anonymous Coward

      CFAA may be broken but what Aaron did was still wrong and I don't think the law should be changed to make his behavior legal, which is the impression I get when the bill is named after him.

      As much as I agree fundamentally with the point that what Aaron did was wrong, the simple truth is that what JSTOR does is also wrong. The whole point of the creation of JSTOR was to have a collaborative database of journals between universities to collective pool the costs of archiving, access, etc. Yet no part of it w

    • CFAA may be broken but what Aaron did was still wrong

      What Aaron did was not wrong (in a moral sense). What Aaron might have done could have been wrong, but no one knows what his intent was in downloading all those papers. Was he going to publish them all? Was he going to just run some analysis on them?

      What is clearly wrong is the level of punishment that he could have been subject to for doing something that had hurt no one and caused no significant losses to anyone.

      You are condemning him based on as

      • What Aaron did was to go to a university he was unaffiliated with, and use covert means to do a denial of service attack on a service that served that university. That service cut that university off so they could continue serving their other clients, including the university Aaron was affiliated with. Without getting into the reasons behind the DoS, he did hurt people and caused significant loss of service. The covert means suggest that he knew he shouldn't be doing what he was doing. Had he downloade

  • by Lumpy ( 12016 ) on Wednesday August 06, 2014 @10:39AM (#47614573) Homepage

    When your lawmakers are low IQ low education level types that put more weight in the opinions of the lobbyists that stuff their pockets full of money... You will NEVER get fair and balanced laws.

    DMCA and PATRIOT are two prime examples of how the people on capitol hill work. most of those idiots do not even READ the laws they are voting on.

    The proper answer still remains, if you want to be a white hat, you MUST remain anonymous when you release any information. DO NOT ever let someone know who you are because good deed will be punished harshly by the scared and uneducated lawmakers.

    And the laws are only going toget worse as big business buy even more legislation to shore up out of date business practices.

  • by Anonymous Coward

    You can't blame the Republicans for the Senate Committee on the Judiciary, chaired by Sen. Leahy (D-VT). Its a senate bill too.

  • by jellomizer ( 103300 ) on Wednesday August 06, 2014 @10:46AM (#47614627)

    Lets say someone had little security, akin to not locking the door, and someone gets into the system and seals data. That is the same as if someone just walked in and made photocopies of all the data and left the building.

    If they needed to break in, where the computers are in a more compromised state then it is breaking and entering.

  • Aaron Scwartz deliberately installed his own equipment, deliberately hidden under a cardboard box, in a place he had no right to be in.

    The fact he had a JSTOR account is irrelevant. He put his equipment on someone else's network in an attempt to bypass the normal JSTOR requirements.

    Stop making him out to be a hero. If you think what he did was fine, I'll be sure to do the same thing to the company you work for.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      Fine, no. But worth 30 years in prison when even all the wronged parties did not want to continue the prosecution. FUCK NO.

      • Re:He didn't hack (Score:4, Insightful)

        by Rockoon ( 1252108 ) on Wednesday August 06, 2014 @11:52AM (#47615033)

        Fine, no. But worth 30 years in prison when even all the wronged parties did not want to continue the prosecution. FUCK NO.

        Lets be completely honest about this.

        He was neither convected nor sentenced. The claim that he faced 35 years jail time is highly disingenuous since he had been offered a plea bargain that carried only 6 months in a low security prison, but he turned it down.

        The story after his suicide was one disingenuous load of crap after another. If the guy killed himself because of the jail time he faced, then even 6 months was too much for him.

        I dont see how 6 months is out of line for the crimes that he admitted to committing.

        • Re: (Score:3, Insightful)

          by PPH ( 736903 )

          I dont see how 6 months is out of line for the crimes that he admitted to committing.

          What crimes? He violated the system's terms of service. Purely a civil matter.

        • he had been offered a plea bargain that carried only 6 months in a low security prison, but he turned it down.

          I dont see how 6 months is out of line for the crimes that he admitted to committing.

          Not crimes, civil charges that were entirely disputable. Considering that he was a fairly attractive young gay man, he might also have had significant qualms about the old and generally inaccurate meme of prison rape.

          • Not crimes, civil charges that were entirely disputable.

            His 2 counts of wire fraud were not 'civil charges' -- nor were his 11 criminal violations of the computer fraud and abuse act.

            How exactly do you think? Is it that if you know that you dont know anything about a subject that you will act like an expert anyways because you really feel that you are THAT fucking special as to not actually need to know anything at. fucking. all?

    • Re: (Score:3, Informative)

      by meta-monkey ( 321000 )

      But he had every right to attach his computer to that network. MIT has (or had?) a free and open network. It was open to everyone, not just students, faculty and guests. So there was no problem with him connecting to their network, or stashing his computer there.

      JSTOR's contract with MIT allowed access to their papers to anyone on MIT's network. Not limited to students and faculty. Just anyone coming from their network. So there was nothing illegal about him downloading papers from JSTOR.

      However, JSTOR's te

      • But he had every right to attach his computer to that network. MIT has (or had?) a free and open network.

        No he, nor anyone, does not. This was a specific network closet which he entered at night, in dark clothes and then attempted to hide the laptop under a box. That is not something anyone who has rights to a network would do. Ever.

        Aaron, however, wrote a script that would download all 4 million in rapid succession.

        So then you're admitting he deliberately violated the terms of agreement he
        • He didn't sign a thing, retard. There's nowhere on a website's TOS to sign, nor is there anywhere to dispute or modify a clause, nor is there any prevention against one party (specifically, the one whose agreement with the terms is not required) later modifying the terms. It's not a contract. It's not even a half-decent mockup of one.

          Of course, even if it were a contract, civil contract violations are a matter for lawsuits not criminal charges. So he *DID NOT* break the law. A website's TOS is not law, shou

  • Larger request (Score:5, Insightful)

    by Jim Sadler ( 3430529 ) on Wednesday August 06, 2014 @11:07AM (#47614765)
    Apparently the young man committed suicide due to the threat of severe charges and punishments. The real challenge is the way the legal system works. The common tactic is to charge a defendant with a stack of really off the wall charges and force a plea bargain for much more accurate charges. A person who really would face a year or two in prison is faced with a prosecutor threatening 60 years or more. Many personalities will fold and make a deal. Addicts are particularly vulnerable as they have urgent desires to get out and get loaded as soon as possible. There is also a public display element in that convictions and sentences make great newspaper fodder but inmates appeal and bargains are struck to avoid a retrial in many cases. Think about it. A bad person breaks into a home with people sleeping at night. The charge could be burglary which usually gets one probation for the first offense. Or the exact same crime can be called home invasion and the person may be in prison for 75 years. The prosecutor says plead to burglary and we won't charge you with home invasion. The bad actor doesn't want to die in prison so even if innocent will tend to plead guilty. So the only real cure is to require all charges to be filed before anyone interviews the bad actor. Then disallow any changing of the charges. Or we could dump the entire idea of allowing plea bargains.
    • Re:Larger request (Score:5, Informative)

      by Jason Levine ( 196982 ) on Wednesday August 06, 2014 @11:26AM (#47614889) Homepage

      The same thing happens with civil lawsuits also. If the RIAA thinks they've caught you uploading a thousand songs, they'll sue you for $150 million (the maximum penalty the law allows). Then, they will offer to settle for "only" $3,000 and a signed statement that they give you which basically admits your guilt and forces your silence on the matter. Your options are a) pay for a lawyer and spend time and money fighting the case knowing that you might lose and, even if you win, might not get back lawyer fees or b) settle and cut your losses.

      Most people understandably choose option b. It's nice to say you'll defend your innocence in theory but in reality a fight like this would be too much for some people when they need to juggle work, bills, and other aspects of real life. The RIAA counts on this and abuses the legal system to ensure as high a "number of pirates caught" number as possible regardless of whether those "pirates" are really guilty or not.

    • Re:Larger request (Score:5, Informative)

      by Rockoon ( 1252108 ) on Wednesday August 06, 2014 @11:54AM (#47615047)

      Apparently the young man committed suicide due to the threat of severe charges and punishments.

      He was offered a 6-month sentence in a low security prison. Turned it down.

      • Re:Larger request (Score:5, Insightful)

        by Trailer Trash ( 60756 ) on Wednesday August 06, 2014 @12:20PM (#47615217) Homepage

        Apparently the young man committed suicide due to the threat of severe charges and punishments.

        He was offered a 6-month sentence in a low security prison. Turned it down.

        What's the point? If I'm innocent then 6 months in any prison is wrong.

        The grandparent has a lot of good points. Another much-needed reform is to force prosecutors to tell the jury the details of all plea bargains that were offered. When someone's facing 70 years in prison and the prosecutor has to sheepishly say to the jury "yeah, we thought 6 months was a reasonable sentence" then the jury's going to step back and say "okay, then what's up with all these charges?"

        The other reform mentioned by the grandparent is to simply disallow adding charges after the initial charges. If they uncover other criminal activity then make it a separate trial or something - it needs to be more expensive in terms of time and money for the prosecution to bring more charges.

        • What's the point? If I'm innocent then 6 months in any prison is wrong.

          The point? The great grandparent is wrong in his version of events and misleading in his statements of how the system works, probably deliberately so. The grandparent corrects him as to the facts of the situation.

          And he wasn't innocent. (Something many people forget, or rather deliberately ignore.) He committed a crime and was offered a modest punishment - but he turned it down to engage in a high stakes game of chicken with

      • He thought he was being 'the hero' would would face The Man down. But the deal worked out differently. And in the end he's ended up getting more attention by his death.

        People his age think in terms of Absolute because righteous Adventurism is highly rewarding, and they really don't have big stakes in anything that matters.

  • by clovis ( 4684 ) on Wednesday August 06, 2014 @11:29AM (#47614907)

    Associating the act with Aaron Swartz such as calling it Aaron's Law is a huge mistake because any congressman that votes for it will have to consider how his opponents would use that against him in the next election. Keep in mind that the people who fund election campaigns are the kind that would look upon Aaron as a simple thief and menace.

    The CFAA certainly needs to be fixed, but a better way would be to not mention Aaron Swartz and rather call it something like "CFAA Modernization Act"

    • by PPH ( 736903 )

      Yes. Its a shame that a small child didn't go on line, steal some copyrighted material and then was driven to suicide by the shame brought down upon the family for harboring such a terrorist.

      Then we could have named it the "Just think of the children law" and it would have passed easily.

      • by clovis ( 4684 )

        Yes. Its a shame that a small child didn't go on line, steal some copyrighted material and then was driven to suicide by the shame brought down upon the family for harboring such a terrorist.

        Then we could have named it the "Just think of the children law" and it would have passed easily.

        Sadly, I have to agree with you, but am adding the stipulation that the child be from an upper middle class white family. Optimally, it would be a blonde girl who also fell into a well, but that may be asking too much.

  • No conspiracy required. A bill that very few people know about and far fewer would actually have affect their vote pattern or donations has very little chance of going anywhere. Every bill is an opportunity for riders and house-senate conference shenanigans, so I am pretty sure things are working correctly when this goes nowhere.

  • lack of interest (Score:4, Insightful)

    by Vintermann ( 400722 ) on Wednesday August 06, 2014 @12:04PM (#47615125) Homepage

    There are a thousand laws where "lack of interest amongst the general population" was no obstacle to getting them passed.

    • There are a thousand laws where "lack of interest amongst the general population" was no obstacle to getting them passed.

      Not when there are buckets of lobbyist cash propelling them...

  • by Anonymous Coward

    Anytime there is a bill with a nice sounding name, you can bet it's not in the interest of the American people.

    Aaron's parrents should sue the government for misrepresenting the name of his sone. The name tricks people into thinking it is something he supported, but that could not be further from the truth.

  • US elections are rigged. But Canada knows how to fix them [vox.com].

    "When Americans voted for the House of Representatives in 2012, Democratic candidates won 1.4 million more votes than Republicans. Yet after the dust settled, the GOP ended up with a 234-201 majority in the chamber. And several recently-gerrymandered states had particularly odd results — for instance, in Pennsylvania, Republicans won 49 percent of the votes, but 69 percent of the seats."
  • Call your Rep if they're on the Judiciary Committee. Google the committee to find out who's on it. My Rep's staffer was unfamiliar with the bill. At least bring it to their attention. I've usually sent email. It hasn't gotten the attention that a voice phone call has. Be polite and firm and be ready to explain what the bill is.

You are always doing something marginal when the boss drops by your desk.

Working...