Slashdot Mirror
Lawmakers Say CFAA Is Too Hard On Hackers
GovTechGuy writes "A number of lawmakers are using the death of Internet activist Aaron Swartz to speak out against the Justice Department's handling of the case, and application of the Computer Fraud and Abuse Act. The controversy surrounding the Swartz case could finally give activists the momentum they need to halt the steady increase in penalties for even minor computer crimes."
The bourgeoisie is no longer fit to rule.
Workers to power!
America will be better under COMMUNISM!
Laura is the greatest, she made me an awersorme omelette! Happy Valentines day LAURA and go suck donkey balls you Slashdort haters, jingoist, and toadies of CAPITALISM!
UNITE with the Campaign for a Free Internet because today, our future begins with tomorrow!
The main problem is that the law makers still have no clue about computers or technology in general. They hear 'hacker' and think that every kid with a computer in their room can launch a nuclear attack. This is why they try to execute anyone who knows more than them. Their narrow minded fear.
If this were a Chinese-American hacker stealing schematics from Raytheon we'd all be happy to see the harshest threats/penalties applied. The issue here was bullying at the DOJ. You can't fix that with a few tweaks to the law, and if you lower maximum penalties you will find yourself regretting it when someone actually does do something worthy of those maximum penalties. And if you close these holes, aren't they just going to find others? You have issues with behaviors/attitudes at DOJ that need to be fixed, not just a few sentences in a statute. So, sure, maybe they should tweak the laws a bit; but how does that fix the oversight issues? Seems like a nice way to convince everyone they "did something" without actually fixing the issue.
So when will we see charges pressed against Carmen M. Ortiz? There has to be some law which covers harassing someone to the point of suicide.
Considering how often we now hear about those pesky Chinese hackers in the news and how cyber-warfare is becoming a common thing, I think it would look very bad for a politician to appear soft on this issue.
Not that I don't agree that the CFAA is too hard on hackers when you consider punishments ofr other crimes and especially in cases where the hacking isn't even done for any selfish reasons or personal gain (which wouldn't even apply to Swartz' case since he didn't do any hacking, at worst he violated a TOS?)
He violated Terms of Service of JSTOR. And he took responsibility for it (by handing over his HD to JSTOR and admitting what he did). Everything else is overboarding prosecution and trying to boost one's career at the expense of someone vulnerable.
The CFAA would be an afterthought in that case. The amount of export and national security felonies he'd have committed would be enough to probably make the CFAA not make the cut on the (IIRC) 15 count limit of charges the Federal Rules of Criminal Procedure allow to be brought at once.
Right now a hacker can cause billions in damages, and pull potentially millions of dollars in ill-gotten loot, and maybe see 15 years in prison. That is way too soft in my opinion.
On the issue of Swartz, I don't know why the guy is some sort of cause-celeb just because he off-ed himself. He broke the law, plain and simple.
In cases where individuals get unauthorized access, and aren't doing anything with it (not Swartz who was planning to distribute), I think there could be room for more lenient sentencing, especially on first offenses.
If you think that was the easy way out you should try it some time... Jackass.
Do any of the lawmakers who vote for sane penalties stand a chance of reelection with the other side running "soft/weak on crime" attack ads?
They don't even care about the hacker community. They don't even understand what the hacker community is or what it's about. They view all hackers as cyber terrorists and criminals. They view anyone with certain skills are criminal. You can't even get a CEH certification and put it on your resume without getting funny looks and having people think you're a criminal. They view Slashdot as a place where e-terrorists and criminals go to talk about their cyber wizardry.
Seriously, hackers are like warlocks and witches and the only thing the governments want to do is persecute them all. They wont work with hackers, they wont let hackers help them without threatening to ruin their lives or using harsh bullying tactics. Hackers who don't cooperate with them seem to end up charged with rape, child porn, or just a bunch of bullshit charges that prosecutors can find to leverage on them to try to break them.
Why are hackers treated so bad if hackers are so important to the whole cyberwarfare scenario? Hackers no matter how patriotic they are get treated like criminals and terrorists and because of this no patriotic hacker community can try to survive.
This is the current situation, the governments typically claim that there is going to be this great need for talented "Ethical" hackers and that there is a cyberwar coming. Yet when we look at how the government treats even the patriotic hackers, they get treated like trash. Adrian Lamo is supposed the most patriotic hacker in America? Turned in Bradley Manning? And they thank him by basically letting the entire media declare him a snitch, an informant, and make him out to be horrible.
So if that is how they treat hackers they claim to like, and the hackers they hate end up like Bradley Manning or get persecuted into committing suicide like Aaron Swartz, where does this leave the hacker community? It's a sad state of affairs but I think it's because the government has no understanding of certain necessary aspects of the hacker community. The governments basically wants to use and exploit the talents of hackers but not give ANY recognition to hackers even if hackers save the day for them. They claim that the hackers are criminals, terrorists, and deserve 100+ years in prison? They treat hackers as if hackers are terrorists with no rights?
Is it only a matter of time before the government demands the authority to use lethal force against hackers?
Even since Operation Sundevil, the US has had this COMPLETELY counterproductive policy of hounding talented crackers out of existence, rather than nurturing their talent. Utterly stupid, IMHO, and frankly, the people responsible for creating and enforcing this stupid policy should be ashamed of themselves.
The Chinese have this 'thousand grains of sand' thing they do, where they nurture a huge and thriving computer underground (rather than turning them all in involuntary organ donors as they would). They're sent out to smash and grab everything they can from the West, where anything garnered is processed through a specially designed intelligence gathering system, where useful material is routed to local companies and government decision makers.
Granted, the Chinese Communist Party has no morals, but we are in the world we live in, and we have to do the same to compete. I guarantee that if I had any kind of policy input anywhere, I'd be doing exactly this.
At the end of the day, we have a choice: we can either fight with all the tools in our arsenal and shape the world in the West's image -- a relatively peaceful prosperous and moral place. Or we can let the Chinese Communist Party turn it into a quasi-criminal dictatorial dystopia. It's really our choice. In any case, it's the height of suicidal stupidity to fight our enemies with our hands tied behind our backs.
Every bill that congress writes deliberately has loopholes that widen it's scope. How many times have you heard someone in the news saying that "As worded this law can be used to " and the politicians and law enforcement representatives come on and say "oh, we would NEVER use for that" and then a month after the law goes into effect the first abuses where the law is being used to hits the news.
Even since Operation Sundevil, the US has had this COMPLETELY counterproductive policy of hounding talented crackers out of existence, rather than nurturing their talent. Utterly stupid, IMHO, and frankly, the people responsible for creating and enforcing this stupid policy should be ashamed of themselves.
The Chinese have this 'thousand grains of sand' thing they do, where they nurture a huge and thriving computer underground (rather than turning them all in involuntary organ donors as they would). They're sent out to smash and grab everything they can from the West, where anything garnered is processed through a specially designed intelligence gathering system, where useful material is routed to local companies and government decision makers.
Granted, the Chinese Communist Party has no morals, but we are in the world we live in, and we have to do the same to compete. I guarantee that if I had any kind of policy input anywhere, I'd be doing exactly this.
At the end of the day, we have a choice: we can either fight with all the tools in our arsenal and shape the world in the West's image -- a relatively peaceful prosperous and moral place. Or we can let the Chinese Communist Party turn it into a quasi-criminal dictatorial dystopia. It's really our choice. In any case, it's the height of suicidal stupidity to fight our enemies with our hands tied behind our backs.
Here is the problem. The USA does compete but treats it's hackers and crackers like trash and although I cannot say China is any better, the USA has the tools to do much better than this. The USA still controls the internet itself. The USA could basically get the vast majority and practically all the best hackers and crackers on their side. The USA kinda does this but does it in a way which makes the hacker community hate or fear the US government. Fear can get people to cooperate with you but too much and they hate, the US government likes to use fear, threats, etc.
In the case of Aaron Swartz the US government was willing to use threats to try to scare him into submission. Why not appeal to some of the better emotions? On top of that, if there really is some cyber war and the situation is so desperate and there really aren't people with enough skill then the people who show any sort of talent at all shouldn't be put in prison. In World War 2 the Italian Mafia was recruited by the CIA to fight the fascists. In this example these were criminals but the point is, the US was always the most dirty of dirty at war, it's just the current iteration of the US government is secretly still dirty but in public trying to put on this impression of "tough on crime" and hatred of hackers which makes no logical sense. Ultimately these hackers CAN support the US war operations so demonizing them for what?
There has to be a clear separation between cyber-criminal and hacker. Hackers care about ethics and want to support what they believe is right whether they think it's the USA (patriotism) or social justice. Cybercriminals just want to make money and hack for the sake of hacking.
How quaint, you think morals are at all relevant, or that the US government is markedly different from the Chinese one.
They both want power, and they'll do anything to get it and keep it. Anything more is just PR.
No, he took down JSTOR servers with excess traffic by running an overly aggressive and efficient web crawler against them, and JSTOR was forced to respond by cutting off MIT altogether because Aaron kept sneaking around or past MIT's modest efforts to prevent his abuse. He didn't stop, even after repeatedly knocking down JSTOR servers. He wasn't *going* to stop, because of his demonstrated insistence.
Aaron had access to JSTOR in his office at Harvard. He chose to sneak into MIT's basements to install his own hardware, and obviously illegal and inappropriate practice in direct of MIT's and of *Harvard's* standards on academic computing, and he was cutting thousands of people off from a critical, non-profit, academic resource. Aaron deserved a serious sentence, ideally a felony, because he *kept insisting on doing this*.
Being "sensitive"is not a "get out of jail free" card.
The U.S. Gov't believes that the only way to enlist the help of skilled computer people is to charge them with a gazillion crimes then arrive at a plea deal that involves the hackers "future cooperation". That' why we are seeing so many of these cases where the DOJ threatens years and years of prison for relatively minor infractions.
Sadly, the Gov't may be right - this may be their only way of enlisting the talent they desire. I mean, would you volunteer to do the things they might be asking the hackers to do? Of course not! You've got morals and ethics.
"The ferrets, they're every where I tell you!"
You don't get to say I'm sorry and give everything back and not get punished for the crime. Did he deserve the go to jail for years? I don't think so. I also don't think it was likely? I know all the media was hyping the 30 - 50 years angle, but apparently he turned down a plea deal of 6 months, and rumor has it that his lawyers were working on a deal that included no prison time. Swartz had already made a name for himself, and was well respected, I think it unlikely that a felony record would have burdened him all that much. So taking responsibility is as much about accepting the punishment as it is about fessing up.
it won't happen because:
1. cybercrime is linked to terrorism because any crime is fast becoming linked as a terrorist act. dont believe me? just kook at the press and how they descibed the rogue cop in the news this week. because of that terrorism must be fought and eradicated so we don't have another 9/11. trust me the hicks out there believe this and so do their congressmen.
2. congress is reluctant to abolish bad laws. why? it sets a precident whereby future congressional acts would invalidate current actions and it takes a 2/3 majority just to do it. That's not happening in the current congress.
3. the police state is now upon us. the white house can kill anybody at any time because their lawyer said so. every minor offense now is considered a felony. don't believe me? we have the highest rate of prison population to overall population in the free world. yes there are other factors drugs poverty etc. but thats what the government should be focused on, not getting public paid for data by violating the use terms of some website.
Harrison's Postulate - "For every action there is an equal and opposite criticism"
The punishment must fit the crime, and every judge has an obligation to follow that. If not letter of the law, then in spirit of the law.
No, he took down JSTOR servers with excess traffic by running an overly aggressive and efficient web crawler against them,
If JSTOR's servers can be brought down by a single laptop, those servers are crap.
I don't care how fast the connection is between them, a single laptop should not have the processing power to bring down a server.
"City hall" in German is "Rathaus" Kinda explains a few things......
Suicide gets results!
But seriously, lawmakers talking of laws being too harsh? Judges releasing people convicted under three-strikes in California? For America with its chart-topping prison population numbers, that's revolutionary enough.
Indeed; I think that the problem isn't "the steady increase in penalties for even minor computer crimes," but the gradual increase in penalties for all crimes.
Rather than working on solving more crimes, the justice system seems to be trending toward making penalties harsher for the criminals that they do catch. This is a vicious circle; the harsher the penalties are, the more money we're spending on keeping people incarcerated.
I also find perturbing the technique used by prosecutors of charging people with a vast array of charges with huge possible penalties, so that they will have incentive to plea-bargain down to avoid the worst-case scenario that will be extremely harsh. This may indeed succeed for the prosecutors in getting guilty pleas, and succeed to some extent in saving the expense of trials-- but if some accused people actually are innocent (or even are guilty of minor crimes but not of everything in the book that they've been charged with), it is a failure of justice.
http://www.geoffreylandis.com
Ah, the old "only [criminals|rebels|rulebreakers] have skills" argument.
"I may disagree with what you say, but I will defend unto the death your right to say it." -- Voltaire
If you punch someone in the face and put them in the hospital, you don't get to say,"Oh, one punch to the face put you in the hospital? You really need to toughen up!" and get out of it. You still get arrested and go to jail.
You first
If you punch someone in the face and put them in the hospital, you don't get to say,"Oh, one punch to the face put you in the hospital? You really need to toughen up!" and get out of it. You still get arrested and go to jail.
And yet this is neither a face, nor is a hospital involved. This kind of retarded logic is similar to what corporations use to assign themselves rights that belong to people and not companies. Aaron may have been bringing those servers to a crawl, but he did so by using the websites, not a denial of service attack. By your logic, slashdot readers would be at fault for bringing down websites by simply trying to view their contents. Would you like to be in court for your part in "Slashdot Effect"?
It has been suggested by some that there should be a retaliation on JSTOR since the government would not have even known about it unless they reported it first. The fact that JSTOR is going along with government on issues like that makes them an accessory to this crime. Many feel that would provide incentive to other companies, to not go along with that. Some have indicated they feel they have just as much right to threaten, rule and impose results on JSTOR and government, since government does that to them.
And yet this is neither a face, nor is a hospital involved. This kind of retarded logic...
It's called an analogy . Attacking the hypothetical part of someone''s analogy is what Scott Adams likes to call a "win by knockout."
You missed the point.
The point here, is that apart from the French, the West generally only goes after government and military targets. The Chinese target civilians.
What I'm saying is that to complete with the Red Chinese, we need to fight dirty like them, instead of rolling over like pussies.
speaking as a non-american, I would rather welcome chinese overlords than your supposedly 'moral' completely corrupt 'western' image.
the best thing that can happen to the world right now is if the US implodes and leaves the rest of us alone.
Perhaps it's time the hacker community pass the "Government Fraud and Abuse Act" and if government officials are found guilty by forum, then their punishment will be decided by the same, and with equal level of punishment.
Yeah - whatever. I'm no bleeding heart, and I'm not crying myself to sleep at night because Swartz committed suicide.
At the same time, there WERE a bunch of cunts in DOJ who were using him to promote their own careers. He WAS being railroaded. There was nothing right about DOJ's handling of the case.
Whatever else you might say or think about Swartz, on his way out, he handed the hacker community a golden opportunity, and a weapon, to use against the DOJ. Why not use it?
I already mentioned cunts? Maybe you've noticed that cunts in Washington use other people's pain, suffering, and death routinely to further their own ends. Those kids murdered in Connecticut a few weeks ago are being used like rented mules to further the gun control agenda. Turn it around on Washington, for once. Use Swartz to force them to see what despicable cunts they really are!
"Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
The CFAA has immense penalties for two reasons:
1. Lawmakers look for any excuse to be "tough on crime".
2. Hackers are a small minority group that scare most people.
Combine these two things and one can see that hackers are an "acceptable target" for both the lawmakers and their constituencies, especially with the recent Chinese red scare going on.
Hackers need a PR firm.
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
While it's always nice to see people move a step toward thinking, it's still not nearly as satisfying as thinking.
Go ahead and revise penalties for crimes, but that should be totally secondary to making wise decisions about what is a crime and what is not. When something as innocent as taking a breath of air is a crime, and you make a light penalty of $0.001 per breath, it's still a serious problem, since my BreathBot can perform 60 Gigabreaths per second.
Lawmakers, why should something like CFAA have been applicable to Swartz's situation at all? You need to amend that law so that it doesn't cover the situation that happened.
It's too broad, "hardness" issues aside.
"Believe me!" -- Donald Trump
He physically broke into a private computer network; that's the primary charge. And it's justifiably a pretty serious one.
Indeed, a better analogy would be Julian Assange's Condom-Gate.
-He had a ToS aggreement for sex with a condom and was allowed to get his dick wet.
-Instead of slapping a girls cervix a couple times, he jack hammered and ball slapped a DoS-fuck that beat the pussy up until it broke the condom ToS.
Therefore:
If Julian Assange = Rapist, then Aaron Swartz = Computer Hacker.
OK, but in this case the US isn't even doing the "do anything to keep power" thing right.
Liberty - Security - Laziness - Pick any two.
And what was done by Aaron was nothing worse than impolite. Definitely not criminal.
And yet this is neither a face, nor is a hospital involved. This kind of retarded logic...
It's called an analogy . Attacking the hypothetical part of someone''s analogy is what Scott Adams likes to call a "win by knockout."
Sorry, this is Slashdot. All analogies must be in the form of cars, and must agree with groupthink. Else it's not even an analogy and potentially dangerous to the community.
and he is now allegedly dead .
New Economic Perspectives
I'm a scientist at MIT who regularly uses JSTOR's services. It's not a big deal if their servers go down. You just try again in a few days to get the paper you want to read. It's pretty much going to be a really small edge case where there is a time-sensitive need to get a paper from them that is not available somewhere else.
Do they really control the internet? Maybe the connectivity between states, but I'm willing to bet, that if they cut off China, it will be back online in 24 hours and entirely independent of the USA.
There's no cyberwar between China and USA. There are minor clashes in a very stupid game that does nothing but put money in the pockets of third parties and make sensational headlines.
The economic situation will prevent true conflict from becoming reality, because right now, the USA and China both have their hands in eachother's pockets, if one goes down, they both do.
And yet this is neither a face, nor is a hospital involved. This kind of retarded logic...
It's called an analogy . Attacking the hypothetical part of someone''s analogy is what Scott Adams likes to call a "win by knockout."
I disagreed with the analogy, as he was comparing people to things in an attempt to elicit a stronger emotional response. Comparing a physical assault on a human being to bringing down a website through over-use isn't an analogy, it's a failed attempt at one. I also presented a more comparable situation, an analogy if you will, in referencing the slashdot effect. It would seem you can only recognize the first analogy you see in a paragraph, maybe you should work on that...
And yet this is neither a face, nor is a hospital involved. This kind of retarded logic...
It's called an analogy . Attacking the hypothetical part of someone''s analogy is what Scott Adams likes to call a "win by knockout."
I also failed to mention the third analogy, the one where I compared the original analogy to the logic that corporations use. For someone who can't recognize an analogy, I sure do use alot of them =D
So you're basically saying is to use the Swartz?
The man handed you a gift. You gonna use it? A simple suicide is pointless. Martyrdom is a whole new ballgame. Look at what the Moslems and the Christian Churches have done with martyrs, down through the centuries.
"Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
If you're going to throw the book at someone for a computer 'crime'*, then maybe it should be an e-book instead of a book that is in in dead tree format.
*Especially when it is a 'crime' instead of real crime. You know, real crime, like the kind that involves violence, or the real crimes that occur in boardrooms, wall street and congress.
I'll see your senator, and I'll raise you two judges.
He did not believe in the Second Amendment. His manifesto actually advocated strong gun control for us civilians.
However, the case does serve to destroy the theory that the people can't fight the government using firearms. One armed man put the government into panic mode, made the cops so scared that they started shooting at innocent people, forced them to stop doing motorcycle patrols, etc. Not to mention the fact that the bill for this effort is easily in the millions if not tens of millions. All for one armed guy.
"breaking into" is a physical analogy which doesn't work in this case. He didn't have to physically break into anything. No locks were picked or forced and even if there were forced entry it would just be a B&E charge which, as we all know, gets a slap on the wrist for a first offense. Probably just probation and no jail time. At worst a few months in a minimum security jail. One could argue trespassing, but it's questionable and obviously in that case the penalties are even lighter than a first offense for B&E.
Quite an experience to live in fear, isn't it? That's what it is to be a slave.
So you admit that you are scared then? Killing yourself takes a great deal of courage. Cowards are incapable of it.
Quite an experience to live in fear, isn't it? That's what it is to be a slave.
If you punch someone in the face and put them in the hospital, you don't get to say,"Oh, one punch to the face put you in the hospital? You really need to toughen up!" and get out of it. You still get arrested and go to jail.
Unless you are a cop. Or a prosecutor. So you are trying to say that Swartz was a violent guy. A menace to society who needed to be locked away before he physically hurt more people. I'm sorry, but I cannot agree with that based on what I have read about him.
Quite an experience to live in fear, isn't it? That's what it is to be a slave.
And they thank him by basically letting the entire media declare him a snitch, an informant, and make him out to be horrible.
In the US, the "media" operates under the first amendment, and it would be hard for the government to prevent the media from declaring him to be whatever they wanted to declare him to be. Would you want the government to be able to silence the media upon request, or to demand that they publish only happy, positive thoughts about certain people?
...where does this leave the hacker community? It's a sad state of affairs but I think it's because the government has no understanding of certain necessary aspects of the hacker community.
Is it necessary to break the law for there to be "a hacker community"? Is there no legal means of learning/practicing cybersecurity skills? Does every hacker need to send figurative boxes of "secret" materials to be published on a website in order to detect and report security flaws? Does every hacker need to DDoS large commercial operations in order to learn how to defend against such attacks?
Is it only a matter of time before the government demands the authority to use lethal force against hackers?
I don't know. Will the term "hacker" continue to be applied to every person who uses a computer in the commission of a crime? Will the cry be "he was executed for being a hacker" when someone reprograms a certain brand of insulin pump so that the users all receive fatal doses, and the legal system catches and punishes him?
On one hand, we have many people who argue that computers and the internet are so pervasive, ubiquitous, and critical to modern life as to consider access a basic human right. On the other hand, we have people who argue that crimes against those systems are "just hacking" and don't deserve much of a penalty, if any. People must have the right to access the Internet because that is becoming the main way of doing things like paying bills and managing bank accounts, but people who attempt to shut down bank and commercial uses of the internet should be lauded as heroes and not punished.
If no one is hurt physically then the punishment shouldn't be physical either. If money is taken then a fine would be appropriate. If inconvenience was caused as in this case then imposing a larger inconvenience would be appropriate. For instance losing his drivers license or getting his computer confiscated for a few months.
Life in prison for causing a minor inconvenience gives sadists a great big hard-on, but the punishment does not fit the incredibly trivial crime. Injustice is what is being served. For the benefit of a bunch of sick people who love to watch other people suffer or die.
I'd say one of the biggest problems in our country is that sadists seem to be in charge. Torture? Hell, yes! Life in prison, preferably one where getting raped and being infected with HIV is nearly certain? Hell, yes. It's the American way! Spending much of our resources building more and more prisons to hold everyone who can no longer be physically crammed together in small cages? Yes, damnit! Torture, suffering, death is what this country is all about. Why do you think we like war so much? Hurting the citizens of other countries is just as enjoyable as hurting our own.
Quite an experience to live in fear, isn't it? That's what it is to be a slave.
The CFAA makes it a crime to violate the Terms of Service of a web site. A ToS is a form of contract between the site and the user, and should fall squarly into civil law. A person who violates the ToS of a website or provider should be held accountable (in civil court) if their actions caused some sort of damage. Criminal charges and incarceration should only ever be on the table when such damage was caused with the intention of causing damage.
One of the issues here is the lack of mens rea in the CFAA. While Aaron admittedly breached JSTOR's ToS, he did not do so in a manner intended to cause damage to anybody. JSTOR's servers buckled under the load, but that shouldn't make this criminal as it wasn't Aaron's intention to overload them. Imagine if you were arrested on Federal felony charges because a water main broke while you were filling your swimming pool.
What Aaron did by utilizing the premises of MIT without consent is definitely tresspassing (at the least), but there is no reason his actions should have carried the possibility of so much prison time.
may get modded funny but I'm actually serious - this is right up his alley!
not just about Aaron but abuse of prosecutorial discretion:
Aaron Swartz? STEALING IS STEALING!!!
Jon Corzine? well, nobody actually committed any crimes...
S&P? “Put simply, this alleged conduct is egregious, and it goes to the very heart of the recent financial crisis.”
Moody's? well nobody actually committed any crimes...
guess which one downgraded treasuries in case you'd forgotten?
Yeah, that's what they did in South America for 60 years. I wonder if China, Cuba, Iran, Vietnam and 80's Afghanistan also benefited by the West's image of them?
In 2003, people started talking about the USA driving "international goodwill". A lot of people, doubtless, saw the disconnect between invading a country on obviously faked evidence and building goodwill. It takes time to realize the USA provides goodwill to obedient countries only. Now that US goodwill includes their 'war on terror' and assault on IP pirates, ordinary people are feeling oppressed not "relatively peaceful prosperous".
TL;DR: The USA has always fought dirty. Everyone else looked the other way.
If no one is hurt physically then the punishment shouldn't be physical either. If money is taken then a fine would be appropriate.
So, I steal five million dollars from you and blow it on a gambling spree in Las Vegas. Sorry, I have no money to pay the fine, you don't get anything. In the meantime, you've not been able to pay your mortgage or car loan so your home and car have been repossessed. All I took was money, all I owe you is a fine. So, where is the punishment, and more important, where is the prevention?
It's nice to say "an eye for an eye", but what do you do if a blind man pokes your eyes out?
If inconvenience was caused as in this case then imposing a larger inconvenience would be appropriate. For instance losing his drivers license or getting his computer confiscated for a few months.
Your "inconvenience" has turned into physical punishment.
Life in prison for causing a minor inconvenience gives sadists a great big hard-on,
I think my point was, calling something "hacking" doesn't mean it is just a minor inconvenience. If "hacking" a computer system is a minor inconvenience, then it is hard to claim that access to computer systems should be a basic human right.
I'd say one of the biggest problems in our country is that sadists seem to be in charge. Torture? Hell, yes!
Hell, no. What you've missed is that the entire debate hinges on just how you define "torture", not whether actual torture is good or bad. Everyone can agree that "torture" is bad, n'kay? We pretty much all do. What we don't all agree on is what constitutes torture. An argument like "you think waterboarding is ok, I say that waterboarding is torture, so YOU think torture is ok" is quite dishonest.
Torture, suffering, death is what this country is all about.
It is this sort of hyperbole that makes discussing anything here so pleasant and productive.
Why do you think we like war so much?
"We" don't. Some of us understand that war is sometimes necessary, and others don't. Those that don't understand accuse the others of loving war, when that isn't the truth at all.
Hurting the citizens of other countries is just as enjoyable as hurting our own.
That's certainly not true, but there is nothing I can say that will correct this misconception, so I'll stop.
As far as the 5 million dollar theft scenario the owner could probably get it back from the casino once it was shown to be stolen money. I don't think you are allowed to profit from stolen money. But obviously that misses your point. Maybe the thief hid the money somewhere, maybe buried it in some remote location. In that case I still wouldn't see the point of throwing the guy in jail. I think garnishing his wages so for the rest of his life he has to live at some minimum poverty level no matter how much money he makes in the future should be a decent deterrent. Or if society truly feels that putting the guy in a cage for a while will stop him from stealing in the future (a highly questionable assumption) then put the guy in jail, but make it a reasonable amount of time. For a nonviolent crime that should certainly be no more than a year.
It's nice to say "an eye for an eye", but what do you do if a blind man pokes your eyes out?
I never said "an eye for an eye". I talked of reasonable and fair punishments. Punishments appropriate to the crime. I believe prison should be mostly reserved for violent people. The way it is now the jails are filled with completely non-violent people. Well, non-violent until they've been through the US prison system at least.
I think my point was, calling something "hacking" doesn't mean it is just a minor inconvenience. If "hacking" a computer system is a minor inconvenience, then it is hard to claim that access to computer systems should be a basic human right.
It's irrelevant what it's called, how you label it. In this case it was nothing more than a minor inconvenience that Swartz caused. Nevertheless even when unauthorized computer access causes a major inconvenience I still don't believe it deserves any jail time. It's simply not an appropriate punishment. At worst it could be compared to trespassing or breaking and entering. Under no circumstances should unauthorized computer access have any greater punishment than physically breaking into someone's home. Not ever. That is clearly a much greater violation than accessing an electronic device.
A computer is not an extension of a person. It is merely an electronic device, like any other electronic device. If you are sitting next to someone in a class and they reach over and hit the clear button on your calculator or if you are listening to a radio and someone changes the station you wouldn't advocate life in prison or anything even remotely close to it. Well maybe you would, but that certainly wouldn't seem justified to me.
As for computer "access" being a right, that is just silly. There is no such thing as a right that someone else must provide for you. Human rights are negatives not positives. They are limits on what other people can do to you. When someone says something like that I immediately know that they don't believe in human rights. To posit positive rights is to negate negative ones, but it's the negative ones that prevent the knock on the door at 3 AM that puts you in a dark prison cell or a work camp for the rest of your life because of some comment you made about a government minister.
Hell, no. What you've missed is that the entire debate hinges on just how you define "torture", not whether actual torture is good or bad. Everyone can agree that "torture" is bad, n'kay? We pretty much all do. What we don't all agree on is what constitutes torture. An argument like "you think waterboarding is ok, I say that waterboarding is torture, so YOU think torture is ok" is quite dishonest.
Well I don't think that is the entire debate, but it is certainly part of it. Obviously causing any sort of physical pain in order to get a suspect to talk or confess is torture. Doing various things with water to make a victim think he might drown is more questionable, but I think it is better to err on the side of not using interrogation techniques that even might be 'mistaken' for torture. It is sad and emb
Quite an experience to live in fear, isn't it? That's what it is to be a slave.
These harsh penalties are also reducing the number of hackers that could potentially become future cyberwarriors. Would you hire a cyber soldier or cyber spy with a federal conviction and 10 years in a federal pentitentiary? But that same person could be fined and sentenced to community service for their relatively minor CFAA violation, and instead of 10 years in the pen, they could become cyberwarriors for their country.
The harsh penalties and the threat of harsh penalties are a major reason why China is currently winning in the cyberwars. It doesn't just dissuade people from doing stuff, that is essential to a hacker's learning experience, but it convinces many young hackers that they are indeed criminals and therefore they choose a life of crime, leave the country and end up working with foreign cybercriminal gangs.
The government didnt set the record straight. No censorship required. No public official defended Lamo but they all bashed Manning. What does that show? Disdain and disgust toward all hackers?
Make enough rules, and that becomes true. We're well above that point now.
Do they really control the internet? Maybe the connectivity between states, but I'm willing to bet, that if they cut off China, it will be back online in 24 hours and entirely independent of the USA.
There's no cyberwar between China and USA. There are minor clashes in a very stupid game that does nothing but put money in the pockets of third parties and make sensational headlines.
The economic situation will prevent true conflict from becoming reality, because right now, the USA and China both have their hands in eachother's pockets, if one goes down, they both do.
Right now yes the USA controls the internet at the backbone level. Yes they could create a new internet if the USA wasn't involved but the vast majority of sites are still on the US internet.
If you punch someone in the face and put them in the hospital, you don't get to say,"Oh, one punch to the face put you in the hospital? You really need to toughen up!" and get out of it. You still get arrested and go to jail.
Actually, you get booked, then released on a very small bail, and then you end up paying a fine.
Punching somebody in the face is a misdemeanor, unless a dangerous weapon is involved (we're talking a knife/gun too - not even a baseball bat unless you really go to town on somebody).
If Aaron assaulted a security guard on the way into the building he'd get far less time for that then hooking up the computer. That's why computer crimes are out of whack.
As far as the 5 million dollar theft scenario the owner could probably get it back from the casino once it was shown to be stolen money.
You're clueless. What makes you think the casino is liable for the $5 million of your money that I lose at one of their poker tables? They didn't get the money (except for whatever rake they have). Why do they owe you all the money back? Do you not realize how easily they could be taken for millions by someone who drops a bundle, and then has a friend come claim "that's stolen money, give it back to me"?
Here's an example perfectly on point. A local startup hi-tech company got a large investment from an east coast investor. Several million dollars, as I recall. Not long after, the investor was convicted of stealing that money from one of his other clients. I.e., he stole the money that he gave to the hi-tech startup firm. The COURT ruled that the hi-tech startup could keep the money. The person the money was stolen from? SOL. Too bad, so sad, you may get restitution from the investor if he every gets any more money of his own and you can win a civil suit to recoup the loss. But do the simple, honest thing and take the money back from the startup firm and give it back to the rightful owner? Nope. Not possible.
I never said "an eye for an eye".
You said if the loss was monetary, then a fine would be appropriate. That is a real-world example of the "an eye for an eye" principle. You didn't use the word "eye", you used money instead. Same concept. Same issue. What can you do when a blind man pokes both your eyes out? Nothing. What can you do when a poor person steals money from you and loses it gambling? Some wishful thinking that the casino will make you whole because you say so. Sure.
In this case it was nothing more than a minor inconvenience that Swartz caused.
And in other cases hackers have shut down commercial operations and caused much more than "minor inconvenience" to a lot of people. "It was just hacking" covers a lot of activities, more than just the one case you want to limit it to.
If you are sitting next to someone in a class and they reach over and hit the clear button on your calculator or if you are listening to a radio and someone changes the station you wouldn't advocate life in prison or anything even remotely close to it. Well maybe you would, but that certainly wouldn't seem justified to me.
And if that person is sitting in a room full of people who are attending a seminar on how to live life better by using their newly implanted insulin pumps, and he knows and makes use of a security flaw to force everyone's pumps to push a massive bolus of insulin, and half a dozen people die from the resulting confusion and diabetic comas that take place, he's just causing a minor inconvenience and doesn't deserve to be punished at all, right? He's just hacking, after all, and computers aren't people and pushing the "reset" button on someone else's computer is just a harmless prank, right?
The question I responded to initially was along the lines of "would you execute a hacker?", and in the insulin example I'd be very tempted to say "of course." I'm pointing out that "just a hacker" isn't an honest way of referring to every crime committed using a computer.
As for computer "access" being a right, that is just silly. There is no such thing as a right that someone else must provide for you.
Wow, you really don't get out much, do you, nor do you read /. on a regular basis. Such a right is exactly what people are arguing should exist, and it doesn't matter if someone else has to pay for it. Another example of a right that someone must provide for you? Universal health care. It's a basic human right, according to some, even though it is paid for by everyone else so you can have it.
The point stands. If "it's just hacking" is a defense against punish
I'm not making a physical analogy. If you don't know what the informal term "break into a computer network" means, just look at the indictment and the CFAA. Swartz met the conditions of that act.
And, in fact, Swartz was facing nothing worse. He could have avoided trial by pleading guilty and gotten six months in minimum security jail, or he could have gone through with the trial and probably received a lower sentence or even just probation.
I disagreed with the analogy
Perhaps that is what you meant to do. But that is not what you did. You stated "And yet this is neither a face, nor is a hospital involved." which attacks the hypothetical part of the analogy instead of the point that the analogy made. The fact that you thought the poster was looking for an emotional response confirms that you didn't get the point beamdriver was making.
What I believe beamdriver was saying through the analogy is something like "The fragility of the component is not relevant in determining if the act was or was not a crime." He conveyed this by changing the servers to a face and the downloads to a punch. One should not punch a face regardless of how tough the person is. By analogy, one should not mass download data from a server regardless of how powerful the server is.
Do not misunderstand: I'm not saying I agree with the point he/she is trying to make.
By your logic, slashdot readers would be at fault for bringing down websites by simply trying to view their contents. Would you like to be in court for your part in "Slashdot Effect"?
That is a fair analogy based on the original one, and makes your point well.
Also, regarding your follow-up:
For someone who can't recognize an analogy, I sure do use alot of them =D
Irrelevant. How often one uses analogies is not indicative of their ability to critique one.
My point is this: If you wish to disagree with an analogy, do not point out that the items in the hypothetical part of the analogy were not involved. Of course they weren't involved. If they were, it would not be an analogy. Just move on to the meat of the argument. In my case, here is how I read your reply:
Let me explain to you what motivated me to make this point: Imagine someone reading your post for the first time. I saw "And yet this is neither a face, nor is a hospital involved. This kind of retarded logic..." I almost stopped reading here because it sounded like a fool attacking the analogy instead of making a point. But then, I actually read on and saw "...similar to what corporations use to assign themselves rights..." which looks like an offtopic rant about corporations. I stopped reading there.
Now that you replied, I see you might be an intelligent person who actually had a point, it was just hidden behind your emotional response to the works "punch" and "face."
So lastly, I ask myself if the Slashdot effect truly is comparable to this situation. I say it is not, because Slashdot is merely pointing to articles that are intended to be read by the mass public. Those servers should appreciate the readership and traffic volume. Whereas j-stor was not intended for mass downloads. But beamdriver's analogy is still revevant
Where did I say he should get out of it because their servers aren't tough enough?
The most extreme thing that could be implied from my statement is that JSTOR shouldn't be able to claim server overload simply because they're using 486 based servers. That, even though I didn't explicitly state it, I agree with, however, that is completely independent of Aaron's innocence or guilt.
"City hall" in German is "Rathaus" Kinda explains a few things......