Slashdot Mirror

← Back to Stories (view on slashdot.org)

Internet Access and Computer Fraud Laws

Posted by michael on from the rated-p-for-parole-in-12-14-years dept.

DrJimbo writes "Groklaw has an explanatory article covering the Computer Fraud and Abuse Act (CFAA) in layman's terms. The article discusses legal precedents that might make it illegal to access much of the internet. The article is a response to a claim by SCO that IBM violated the CFAA by downloading GPL'ed software from SCO's public HTTP and FTP sites."

8 of 171 comments (clear)

  1. A bit of a strech here by The+Cisco+Kid · · Score: 3, Informative
    Here is an example of how a violation might occur:

    1. I access the internet pursuant to my Terms and Service Agreement with my ISP (that I agreed to but given that there are only 48 hours in a weekend, did not read]. This is the contractual instrument that allows my "access" to be "authorized".

    2. Then I violate this instrument's conditions, and my access, is, at the very moment of the violation, "unauthorized".

    3. And since, given that I'm probably staring at the screen, I am therefore "obtaining"... (viewing) "information from a protected computer..."

    4. In theory, we have, a violation of the CFAA.


    I would suggest that you are only violating it if you are not authorized to access the computer you are accessing *by the owner/operator* of that computer, regardless of wether or not you may be authorized by a network provider to use their network.

    That you may not be allowed to use your employers internet connection for personal use may get you fired by your employer, but does not constitute a violation against the websites you might have accessed.
  2. Re:Chinee Illegality outside of the USA? by east+coast · · Score: 2, Informative

    American laws which purport to illegalize behavior on the Internet have a major loophole: most of the Internet is outside of the USA.

    Perhaps, but that doesn't mean that American law can not address the goings on of web surfers here in the US.

    For example; a webiste containing images of 16 year olds engaging in sex may be legal in plenty of places but when you transport those images on to a PC in the US, using US based communications, you are indeed going to be held to the laws in the US.

    Certainly we couldn't enforce the laws of a server and user outside of the US but no one said we're going to try.

    --
    Dedicated Cthulhu Cultist since 4523 BC.
  3. Re:WTF? by MindStalker · · Score: 1, Informative

    Their claim is that IBM violated their websites Terms of Service when they downloded the source code. Problem is noone is quite sure exactly what they mean by this argument as it was downloaded through an anonymous ftp site publically assessable.

  4. Re:Heh by itzfritz · · Score: 3, Informative
    Acc. to TFA:
    "SCO provided its customers who purchased SCO Server 4.O with a password to enter at a log-in screen so that only they could access source code via the internet. Sontag Decl. 17-19. After news of a bug in the website's security system was reported on internet websites, IBM exploited the bug to bypass SCO's security system, hack into SCO's computers, and download the very files IBM has now attached to its motion."
    If this is true, SCO has a legitimate beef. Dammit.
  5. Auto-Summarize by Anonymous Coward · · Score: 2, Informative

    A scraper is basically a robot that goes through one's site and grabs content. Apparently, it was a suped up scraper since it used knowledge from former employees. Like someone at google tm who knows how to decipher the google tm page rank hash code. Quote "The panel held that the use of the scraper tool exceeded the defendants' authorized access to ef's website because (according to the district court's findings for the preliminary injunction) access was facilitated by use of confidential information obtained in violation of the broad confidentiality agreement signed by ef's former employees"

  6. Re:Heh by MattT · · Score: 3, Informative

    The "bug" was that they didn't turn off anonymous FTP, and the "hack" was:

    Userid: anonymous
    Password: Nazgul@ibm.com

    --
    -MattT *** Not speaking for my employer, or any other sentient beings ***
  7. Re:WTF? by silicon+not+in+the+v · · Score: 3, Informative
    The other possibility is that they're going to claim that IBM needed explicit permission to access a resource that was publically posted and anonymously available, which doesn't seem supported by current case law.
    I hope you do not get modded up for this mis-information. This is exactly what Jon Stanley's article on Groklaw is about. The current case law is (unfortunately) in support of the concept that a flimsy usage policy is enough to establish something as being "unauthorised", and therefore subject to the CFAA (Computer Fraud and Abuse Act). Here is how disturbing this could be: If instead of being on an ftp site, it was plain text, linked to from their main website, but they had a notice that "The following link contains information whose access is restricted to our customers." That would be enough to make the viewing subject to the CFAA. Technical protection measures are not necessary. I encourage everyone to read Jon's article on Groklaw. It is very informative (in a disturbing, "How can they get away with this &%*$#@?" kind of way.) about the current legal precedents with respect to this act.
    --
    We may experience some slight turbulence and then...explode. -Capt. Mal Reynolds
  8. Re:Heh by rewt66 · · Score: 2, Informative

    IBM didn't admit to any such thing. They said that they downloaded the source to Linux from SCO's server. They didn't say that they hacked to do it; they said that it was freely, publicly available.

    SCO says that IBM hacked, but provides no evidence (not even a sworn deposition!) that IBM did so.

    Take the SCO claim with several pounds of salt...