Slashdot Mirror
Aaron's Law: Violating a Site's ToS Should Not Land You in Jail
Freddybear writes "Congresswoman Zoe Lofgren proposes a change to the Computer Fraud and Abuse Act (CFAA) which would remove the felony criminal penalty for violating the terms of service of a website and return it to the realm of contract law where it belongs. This would eliminate the potential for prosecutors to abuse the CFAA in pursuit of criminal convictions for simple violations of a website's terms of service."
If the violation of ToS is due to an illegal action like posting things that are illegal both for the location of the site and the poster it should still land into the legal system, but the large volume of ToS violations should at most render the offender a permanent banning from that site or in milder cases a temporary ban.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
It should be illegal to fill the prosecutor's chair with an asshole. That would solve the problem.
I have a document in my backpack; my personal ToS. It states that everyone who shakes my hand must give me $20. By shaking, they agree.
While I think this is a good idea, I think that it's really too superficial. It very narrowly addresses a very specific problem with the law.
There are two really great little tidbits I found online that talk about what the actual problems with the law are:
The first link is actually a really great series that provides a very nice explanation for a lot of things about how criminal law works.
Need a Python, C++, Unix, Linux develop
It is high time we rollback the number of crimes that result in felony convictions. The "Get Tough On Crime" era only resulted in overstretched state budgets and the creation of an entire underclass of citizens who are barred from certain employments, voting, etc. just because politicians sought to score political points in order to get re-elected. There is a very stark contrast to what the term "felon" implies with regards to the seriousness or violence of the crime, and the rather lackadaisical manner in which it is applied in the legal context.
This is a politically expedient feel good law that would not have prevented Aaron's situation. Please read the discussion over at Reddit or HN for details. In short, Aaron would have still been facing charges for unauthorized access for changing his IP and MAC addresses to avoid bans, and unauthorized access for using an ethernet port that he trespassed to access. These things seem stupid to techies, but that is exactly why we need *real* reform of overbroad laws!
Fantastic fucking idea. You know what would have made it better? If it never was a felony to begin with.
Don't mod this up. Common sense doesn't need moderation points. I'm venting.
Support the EFF and Creative Commons. The war is coming, and they're supporting you...
CFAA needs to be repealed for being too broad.
ToS violations were already ruled legal in U.S. vs Drew
That's all you got a bithzcez? I did n't read this at all but fuck you faggto nerds.
Aren't violations of contracts (like ToS) subject to civil law instead of criminal law?
Vision with execution is hallucination.
Ever notice how technical problems HAVE to be fixed? or else? How sportsmen are banned for life? This never happens to people who commit fraud in finance (or create financial instruments that simply suck money from us) or those who frame laws that are faulty! The real world is ruled by the powerful and logic does not apply.
Leave the damn guy alone.
This might be a good law, but don't reward suicide by naming it Aaron's law. Troubled fools will be offing themselves left and right for their favorite causes.
I'd probably draw a distinction between when money changes hands relating to TOS-violations, and otherwise. There need to be tools to fight botters, for example.
For every problem, there is at least one solution that is simple, neat, and wrong.
You can get more time for breaking a ToS than for...
- Manslaughter
- Robbing a bank
- Child porn with intent to distribute
among other things. Pathetic.
http://thinkprogress.org/justice/2013/01/14/1441211/killers-slavers-and-bank-robbers-all-face-less-severe-prison-terms-than-aaron-swartz-did/
1) Your navigation to this website is considered agreement to the following terms
2) You shall not view, consider or think about this website
3) Breach of these conditions will result in all your base belong to us.
Not insightful and does not understand the subject.
Think that if you violate a TOS you should land in jail it only makes sense.
--
Note: by reading this comment you agree to pay me a fee of $1,000,000 if the fee is refused I reserve the right to throw you in jail.
Yes, the law is supposed to distinguish between a non-criminal civil dispute between two private parties (Aaron and JSTOR) and a crime which is "an act so horrendous it is against society" - I am paraphrasing a law professor. Aaron's acts don't come close to that. Yet there he was looking at prison.
ArsTechnica has a good article on this case, which quotes Columbia law professor Tim Wu on the appalling behavior of federal prosecutor Carmen Ortiz:
In our age, armed with laws passed in the nineteen-eighties and meant for serious criminals, the federal prosecutor Carmen Ortiz approved a felony indictment that originally demanded up to thirty-five years in prison. Worse still, her legal authority to take down Swartz was shaky. Just last year, the Ninth Circuit Court of Appeals threw out a similar prosecution. Chief Judge Alex Kozinski, a prominent conservative, refused to read the law in a way that would make a criminal of “everyone who uses a computer in violation of computer use restrictions—which may well include everyone who uses a computer.” Ortiz and her lawyers relied on that reading to target one of our best and brightest... The prosecutors forgot that, as public officials, their job isn’t to try and win at all costs but to use the awesome power of criminal law to protect the public from actual harm... Today, prosecutors feel they have license to treat leakers of information like crime lords or terrorists. In an age when our frontiers are digital, the criminal system threatens something intangible but incredibly valuable. It threatens youthful vigor, difference in outlook, the freedom to break some rules and not be condemned or ruined for the rest of your life.
http://arstechnica.com/tech-policy/2013/01/opening-arguments-in-the-trial-of-public-opinion-after-aaron-swartz-death
http://www.newyorker.com/online/blogs/newsdesk/2013/01/everyone-interesting-is-a-felon.html
http://www.guardian.co.uk/commentisfree/cifamerica/2009/nov/17/silverglate-three-felonies-book
Academic publishers have been price gauging universities and students for a long time, but to their credit at least JSTOR had the brains to tell the feds to back off. Oritz should have listened to them. Their behavior is merely greedy. Hers is unforgivable: there is no place in government for public officials who abuse their power and harm the public for their own personal advantage.
http://www.guardian.co.uk/science/2012/apr/24/harvard-university-journal-publishers-prices
http://enculturation.gmu.edu/knowledge-cartels
http://boingboing.net/2010/01/03/prescription-for-con.html
http://academhack.outsidethetext.com/home/2012/ending-knowledge-cartels/
Making laws that affect millions of people need on ONE sensationalist case is how you end up with really bad law. Sometimes, breaking into a computer system and stealing stuff, and crashing the system, SHOULD be crime. That's true even if the breaking in could be called a violation of a TOS.
The case that inspired this is mostly fictional, too. It didn't go down the way the activists like to pretend. Aaron didn't just violate a TOS. He physically entered a network closet he shouldn't have been in and hid computer equipment in there that crashed the network, so other people couldn't use it. The activists like to point out that he worked for "the university". Yeah, he worked at HARVARD and illegally went into MIT's building and tapped into their network with surreptitious equipment hidden in their network closet.
Also keep in mind, he was never convicted of anything. This "victim of the legal system" never spent one day in jail. He could have presented his case to a jury, but apparently he thought that all 12 members of a jury would unanimously agree that his conduct deserved a felony conviction after they heard the facts. The fact that he didn't expect that at least one of the twelve would side with him shows he had a guilty conscience. The prosecutor was asking for six months minimum security. His lawyer woulda have said probation or suspended sentence and he would have gotten off with some probation or a fine. New laws based on this case just aren't needed. He showed that he knew he was guilty, so the probation he would have received was deserved.
All the more reason to never allow infringement of your right to bear arms.
I agree that there are way too many "laws".
It's just unfortunate that in this case this particular "law" cost the life of a very promising young guy.
The damn system did him in.
Muchas Gracias, Señor Edward Snowden !
The Terms of Service are a contract. For breach of a contract you are entitled to economic damages*. You are not entitled to throw the other party in jail. Only the government can imprison people and only when the breach is criminal. See post below.
*JSTOR could have sued him for lost earnings or copyright, but chose not to.
And this slashdot post is the start of it! Go! Go! Go!
If the violation amounts to large scale theft, it must be treated as a serious criminal matter.
Yes. But the illegality of that action is completely independent from the site's ToS. ToS just do not belong in criminal law. In fact they are there almost nowhere else in the world.
Oh, the beautiful gloss of greality!
It is a crime right now?
Seriously?
AFK - I need to add "you agree to only use this site while standing on your head naked at the center of a busy intersection" to my ToS. Burried somewhere in the middle. And then send out anonymous invitations to everyone I dislike...
Assorted stuff I do sometimes: Lemuria.org
No law shall be enacted which makes civil offences criminal ones.
THAT would solve a lot of problems with your present justice system.
Prosecutors abuse overbroad laws?!? When did this start happening?
I was assured, ASSURED that they have the best interest of the public at heart.
The dude downloaded a few files. He should have been locked up forever!!! This is serious stuff. It's not like he KILLED MICHAEL JACKSON or something... then I could see being a bit more lenient... like 4 years in jail or something.
I'd agree we should repeal the CFAA entirely, ditto PATRIOT Act, etc.
Ideally, one should halt plea bargains entirely as well though, civilized countries forbid that barbaric practice. It's plea bargains that create the need for these insane laws with which prosecutors beat defendants into guilty pleas.
I doubt we'll correct these systemic problems though because the prison-industrial-prosecutorial complex has far too effective a lobby.
I suspect me must demonstrate the capacity to derail the profesional lives of overzealous prosecutors and law enforcement before they'll back off enough for us to fix the underlying laws.
You should sign the petition to fire both Stephen Heymann and Carmen Ortiz of course, especially the one for Heymann who previously drove another accused hacker to suicide.
We must take this well beyond simply firing these two abusive prosecutors though. We should obviously prevent them from ever winning any primary elections or being appointed for other political posts, especially judgeships.
If they lose their jobs, we should then target any private sector law firms that hire them for corporate law. You should not harass said law firms directly of course, but attempting to raise a stink with their clients might work.
If these two powerful prosecutors wind up as lowly defense attorneys, even highly paid ones, then we'll basically have sent a clear message that abusing the CFAA isn't necessarily such an effective way to make a political career for yourself.
There are numerous other people deserving of the same treatment as well, but at present we've no method of organizing it.
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
Very true. Once you are charged or sued no matter how bogus your life is ruined. Courts can make mistakes and if the federal prosecutor gets a sympathetic judge you can find yourself in jail with no one to listen. She threatened this guy with 35 years jail. How would that make any college kid feel? Even if he won, that is years off his life, the stigma of being charged, jailed and a crushing debt.
Here are some very nasty stories of federal employees like Oritz who made people's lives a misery "because they could": SAN FRANCISCO — A year after this bizarre charge — that she lied about the interaction with the humpback that produced no charges — more than a dozen federal agents, led by one from NOAA, raided her home. They removed her scientific photos, business files and computers. Call this a fishing expedition. This pursuit of Black seems to have become a matter of institutional momentum, an agent-driven case. Six years ago, NOAA agents, who evidently consider the First Amendment a dispensable nuisance, told Black's scientific colleagues not to talk to her and to inform them if they were contacted by her or her lawyers. Since then she has not spoken with one of her best friends.To finance her defense she has cashed out her life's savings, which otherwise might have purchased a bigger boat. The government probably has spent millions. It delivered an administrative subpoena to her accountant, although no charge against her has anything to do with finances. http://www.japantimes.co.jp/text/eo20120803gw.html .
Due diligence exists because the alternative is allowing ignorance of the law to be a defense. And that does NOT WORK. Proof? Patents. IBM advises its people NOT to research patents to see if they might already have been filed or if prior art exists because in patent law, ignorance IS a defense. And it SUCKS!
If you allow ignorance of the law to be a defense, anyone can simply claim of anything at all that they didn't know and get of free. Your turtle soup maker could import turtles from anywhere at all, endangered as hell and simply say "I didn't know" and get away with it. Your idea is totally unworkable UNLESS you are one of those libertarians who think there should be no law in which case I will just book a one way ticket on your credit card to Somalia.
No doubt you think killing of endangered species for soup is all perfectly fine. Of course if I set foot at night on your lawn to ask directions, you are free to gun me down. Laws only are right when they protect you, when they stop you from harming others, they are wrong. Right?
Ignorance of the law is no excuse.
Oh and it would help if your really bad artist friend actually linked to some real cases, with the FULL story. Not like people talking about the 3 strikes rule and then ONLY mention the last light crime, NOT how the cookie thief was out for one hour after serving 20 years for eating babies before being thrown back in jail to rot.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
A larger problem however is the expectation of non-legal laymen to read and agree to what are ostensibly binding TOS contracts.
I have seen TOS contracts that (in non-digital format) would be dozens of pages long. Users simply click "Ok" with the assumption that "There's probably nothing bad in there". But this assumption is clearly false in a large number of cases when one considers privacy and security clauses.
I have seen "Digital trespassing" (which are protected by the DMCA) buried in the TOS carrying agreed monetary damage amounts.
Consider that a TOS could expressly forbid users to use AdBlock and consider all users of AdBlock to be digital trespassers. You say "Bollocks" (as would I, for the record) but that doesn't change the fact that a TOS can say whatever it wants and the law has already decided that online consent to contracts can be binding. (Not to confuse the greater issue with the legality of this one example of course.)
The issue ultimately comes down to:
1) The expectations of lay-people to understand and agree to complex, binding agreements, the vast majority of which are never read.
2) The binding nature of a click-to-sign agreement.
------ The best brain training is now totally free : )
Created a website, breaking the TOS was coming to it, and the penalty was jail for life.
any trespassing cases based on odd store rules out there??
And let's say there is some whites only rule at one (let just say it's old but is still on the books or say on a sign that may be still up even if it's just for show or history) that can still be used as a part of a Throw the Book at someone in court.
changing a IP so rebooting a modem can = lockup?
and MAC addresses most routers can clone macs from any system hooked to them and that dates back to the days of cable systems try to change per IP just like they have that BS outlet fee for each TV.
That is why the laws need to change.
First 30 posts, and nobody has actually realised what the problem is. This law is intended to make it illegal to hack into a computer. Which is fine. Of course I should be allowed to access a computer if I'm authorized. Which also makes sense. Now let's say Apple has their music and the customer accounts on the same computer. I'm authorized to access that computer (to download music), but if I somehow manage to put $100 into my account, that would be hacking which we want to be illegal. Even though I'm allowed to access the computer. So how do we put this into a law? They called it "exceeding my authorisation" and made it illegal.
But now people have been claiming that doing something that is against the TOS is "exceeding my authorisation" and therefore illegal hacking. So if Slashdot's TOS said "you must not swear in any posts", then this post would be a bloody violation of these TOS and equivalent to computer hacking.
A similar situation is this: Some employee has access to a customer list stored on the company's computer. It's part of his job (for example to send spam to customers). He sells the customer list to a competitor. Clearly a bad thing, and clearly in some way illegal. But now it is claimed that accessing the customer list on the computer exceeded his authorisation, so he is a computer hacker. No, he isn't.
Prophetic.
From scarped cliff or quarried stone she cries "A thousand types are gone, I care for nothing, no not one."
It seemed to be VERY easy to lose you.
Why do you think that is?
Frankly I'd get rid of all contracts of adhesion.
Yes. I would also like a pony.
1 having the first N pages be a set of boilerplate definitions (this causes you to go into a MEGO mode before any rules are stated)
Fix: move those to the END of the doc
2 stuff that hacks earlier clauses
Fix: forbid later clauses from changing the nature of earlier clauses UNLESS there is a link/reference
3 Use of nonstandard definitions of things like Week/Month/Year/Unlimited
Fix: Webster overrides anything not "In the Context of the Normal Practice of the Business"
4 EULA/TOS being way to long to read
Fix you get 2 QRcodes (not counting the definitions part) with an allowed extra code for Business Corp and Personal rules
5 Choose Your Own Adventure writing
Fix: require these to be in separate blocks with the Personal (or smallest business) version being the template
Any person using FTFY or editing my postings agrees to a US$50.00 charge
I knew someone would say this. He changed his MAC for purposes of evading IT, that is the crime. Its like being at the mall and being told to leave so you put on a disguise and go back. If you are unmasked, you are getting arrested and charged with trespass.
Good-bye
I'm curious what role or relationship Aaron had with MIT, if any. I've seen no indication of any authorization for Aaron to be in that network closet. This is a serious breach of network security in its own right. Universities deal with some quite sensitive infomation and quite a bit falling under various regulatory schema (PCI, FERPA, HIPAA, &c). The integrity of the network starts with good physical controls. He had a key to the IDF for f's sake. I'm quite suprised MIT did not appear to take this as a serious matter.
I'm also having a bit of trouble lionizing this guy; if your going to take on the 'man' you have to have the balls to do it. This is not a battle for the sensitive.
https://petitions.whitehouse.gov/petition/reform-computer-fraud-and-abuse-act-reflect-realities-computing-and-networks-2013/qMvdwVNw And it's under the 25k rule for review by the White House. Yes.. they don't lead on legislation, but it's a great place to short support for her bill. Thanks,
Do I think the AUSA in the Distruct of New York was too aggressive. Yes. Facing 30 years in prison, is no joke. Aaron Swartz did more than just violate a TOS. Aaron Swartz allegedly broke into a closet at MIT and tapped into JSTOR.
There has to be a balance between what damage was done, whether the principal, not the agent, wants to push for prosecution and what are the damages. Intellectual property is a very serious business.
I disagree with Zoe Lofgren about 99% of the time, but she's on the right track with this. I would recommend a tiered action, based upon damages. Someone copying and distributing CD's or DVD's illegally should get the 30 years, with a felony conviction. Someone doing illegal downloads? Depending on the quantity of material found, fine the person $10 a song, plus court costs or 30 days of incarceration, for each song or album, up to 100. At 99 cents a download from Amazon, or super cheap CD's and DVD's from EBay, there's no excuse to rip off music or movies.