Slashdot Mirror
Lawmakers Say CFAA Is Too Hard On Hackers
GovTechGuy writes "A number of lawmakers are using the death of Internet activist Aaron Swartz to speak out against the Justice Department's handling of the case, and application of the Computer Fraud and Abuse Act. The controversy surrounding the Swartz case could finally give activists the momentum they need to halt the steady increase in penalties for even minor computer crimes."
The main problem is that the law makers still have no clue about computers or technology in general. They hear 'hacker' and think that every kid with a computer in their room can launch a nuclear attack. This is why they try to execute anyone who knows more than them. Their narrow minded fear.
If this were a Chinese-American hacker stealing schematics from Raytheon we'd all be happy to see the harshest threats/penalties applied. The issue here was bullying at the DOJ. You can't fix that with a few tweaks to the law, and if you lower maximum penalties you will find yourself regretting it when someone actually does do something worthy of those maximum penalties. And if you close these holes, aren't they just going to find others? You have issues with behaviors/attitudes at DOJ that need to be fixed, not just a few sentences in a statute. So, sure, maybe they should tweak the laws a bit; but how does that fix the oversight issues? Seems like a nice way to convince everyone they "did something" without actually fixing the issue.
So when will we see charges pressed against Carmen M. Ortiz? There has to be some law which covers harassing someone to the point of suicide.
He violated Terms of Service of JSTOR. And he took responsibility for it (by handing over his HD to JSTOR and admitting what he did). Everything else is overboarding prosecution and trying to boost one's career at the expense of someone vulnerable.
The CFAA would be an afterthought in that case. The amount of export and national security felonies he'd have committed would be enough to probably make the CFAA not make the cut on the (IIRC) 15 count limit of charges the Federal Rules of Criminal Procedure allow to be brought at once.
Then he should be prosecuted for what he actually did. You seem to conflate the means to commit a crime with the crime itself. If you stab a person in the back, you get persecuted for murdering a person, not for wielding a knife.
Do any of the lawmakers who vote for sane penalties stand a chance of reelection with the other side running "soft/weak on crime" attack ads?
They don't even care about the hacker community. They don't even understand what the hacker community is or what it's about. They view all hackers as cyber terrorists and criminals. They view anyone with certain skills are criminal. You can't even get a CEH certification and put it on your resume without getting funny looks and having people think you're a criminal. They view Slashdot as a place where e-terrorists and criminals go to talk about their cyber wizardry.
Seriously, hackers are like warlocks and witches and the only thing the governments want to do is persecute them all. They wont work with hackers, they wont let hackers help them without threatening to ruin their lives or using harsh bullying tactics. Hackers who don't cooperate with them seem to end up charged with rape, child porn, or just a bunch of bullshit charges that prosecutors can find to leverage on them to try to break them.
Why are hackers treated so bad if hackers are so important to the whole cyberwarfare scenario? Hackers no matter how patriotic they are get treated like criminals and terrorists and because of this no patriotic hacker community can try to survive.
Even since Operation Sundevil, the US has had this COMPLETELY counterproductive policy of hounding talented crackers out of existence, rather than nurturing their talent. Utterly stupid, IMHO, and frankly, the people responsible for creating and enforcing this stupid policy should be ashamed of themselves.
The Chinese have this 'thousand grains of sand' thing they do, where they nurture a huge and thriving computer underground (rather than turning them all in involuntary organ donors as they would). They're sent out to smash and grab everything they can from the West, where anything garnered is processed through a specially designed intelligence gathering system, where useful material is routed to local companies and government decision makers.
Granted, the Chinese Communist Party has no morals, but we are in the world we live in, and we have to do the same to compete. I guarantee that if I had any kind of policy input anywhere, I'd be doing exactly this.
At the end of the day, we have a choice: we can either fight with all the tools in our arsenal and shape the world in the West's image -- a relatively peaceful prosperous and moral place. Or we can let the Chinese Communist Party turn it into a quasi-criminal dictatorial dystopia. It's really our choice. In any case, it's the height of suicidal stupidity to fight our enemies with our hands tied behind our backs.
Right now a hacker can cause billions in damages, and pull potentially millions of dollars in ill-gotten loot, and maybe see 15 years in prison. That is way too soft in my opinion.
On the issue of Swartz, I don't know why the guy is some sort of cause-celeb just because he off-ed himself. He broke the law, plain and simple.
In cases where individuals get unauthorized access, and aren't doing anything with it (not Swartz who was planning to distribute), I think there could be room for more lenient sentencing, especially on first offenses.
Prison wont deter hackers. Also the US government WANTS hackers but HATES hackers. It's a very confusing situation where on one hand you hear about the US government talking about this great cyber war in which all the US cyber assets will be made to go up against the cyber warriors and assets of China or Russia.
But then you see the same US government dishing out long sentences. If it's a so called cyber war then prison will actually make the situation worse. You send a patriotic hacker to prison for 10 years, and in prison he gets recruited into something and when he gets out he's got an intense hatred for the US government and even more skill.
Even since Operation Sundevil, the US has had this COMPLETELY counterproductive policy of hounding talented crackers out of existence, rather than nurturing their talent. Utterly stupid, IMHO, and frankly, the people responsible for creating and enforcing this stupid policy should be ashamed of themselves.
The Chinese have this 'thousand grains of sand' thing they do, where they nurture a huge and thriving computer underground (rather than turning them all in involuntary organ donors as they would). They're sent out to smash and grab everything they can from the West, where anything garnered is processed through a specially designed intelligence gathering system, where useful material is routed to local companies and government decision makers.
Granted, the Chinese Communist Party has no morals, but we are in the world we live in, and we have to do the same to compete. I guarantee that if I had any kind of policy input anywhere, I'd be doing exactly this.
At the end of the day, we have a choice: we can either fight with all the tools in our arsenal and shape the world in the West's image -- a relatively peaceful prosperous and moral place. Or we can let the Chinese Communist Party turn it into a quasi-criminal dictatorial dystopia. It's really our choice. In any case, it's the height of suicidal stupidity to fight our enemies with our hands tied behind our backs.
Here is the problem. The USA does compete but treats it's hackers and crackers like trash and although I cannot say China is any better, the USA has the tools to do much better than this. The USA still controls the internet itself. The USA could basically get the vast majority and practically all the best hackers and crackers on their side. The USA kinda does this but does it in a way which makes the hacker community hate or fear the US government. Fear can get people to cooperate with you but too much and they hate, the US government likes to use fear, threats, etc.
In the case of Aaron Swartz the US government was willing to use threats to try to scare him into submission. Why not appeal to some of the better emotions? On top of that, if there really is some cyber war and the situation is so desperate and there really aren't people with enough skill then the people who show any sort of talent at all shouldn't be put in prison. In World War 2 the Italian Mafia was recruited by the CIA to fight the fascists. In this example these were criminals but the point is, the US was always the most dirty of dirty at war, it's just the current iteration of the US government is secretly still dirty but in public trying to put on this impression of "tough on crime" and hatred of hackers which makes no logical sense. Ultimately these hackers CAN support the US war operations so demonizing them for what?
There has to be a clear separation between cyber-criminal and hacker. Hackers care about ethics and want to support what they believe is right whether they think it's the USA (patriotism) or social justice. Cybercriminals just want to make money and hack for the sake of hacking.
Then he should be prosecuted for what he actually did. You seem to conflate the means to commit a crime with the crime itself. If you stab a person in the back, you get persecuted for murdering a person, not for wielding a knife.
No. You get prosecuted for murder, attempted murder, conspiracy to commit a murder, wielding a knife, trespassing, aggravated assault, unlicensed practice of surgery, jaywalking, wearing blue jeans on Sunday and 25 other remotely applicable transgressions and ridiculous ancient county laws.
it won't happen because:
1. cybercrime is linked to terrorism because any crime is fast becoming linked as a terrorist act. dont believe me? just kook at the press and how they descibed the rogue cop in the news this week. because of that terrorism must be fought and eradicated so we don't have another 9/11. trust me the hicks out there believe this and so do their congressmen.
2. congress is reluctant to abolish bad laws. why? it sets a precident whereby future congressional acts would invalidate current actions and it takes a 2/3 majority just to do it. That's not happening in the current congress.
3. the police state is now upon us. the white house can kill anybody at any time because their lawyer said so. every minor offense now is considered a felony. don't believe me? we have the highest rate of prison population to overall population in the free world. yes there are other factors drugs poverty etc. but thats what the government should be focused on, not getting public paid for data by violating the use terms of some website.
Harrison's Postulate - "For every action there is an equal and opposite criticism"
Oh, I missed the memo. Is the revolution here? Is it time to line 'em up against the wall?
But seriously, lawmakers talking of laws being too harsh? Judges releasing people convicted under three-strikes in California? For America with its chart-topping prison population numbers, that's revolutionary enough.
But seriously, lawmakers talking of laws being too harsh? Judges releasing people convicted under three-strikes in California? For America with its chart-topping prison population numbers, that's revolutionary enough.
Indeed; I think that the problem isn't "the steady increase in penalties for even minor computer crimes," but the gradual increase in penalties for all crimes.
Rather than working on solving more crimes, the justice system seems to be trending toward making penalties harsher for the criminals that they do catch. This is a vicious circle; the harsher the penalties are, the more money we're spending on keeping people incarcerated.
I also find perturbing the technique used by prosecutors of charging people with a vast array of charges with huge possible penalties, so that they will have incentive to plea-bargain down to avoid the worst-case scenario that will be extremely harsh. This may indeed succeed for the prosecutors in getting guilty pleas, and succeed to some extent in saving the expense of trials-- but if some accused people actually are innocent (or even are guilty of minor crimes but not of everything in the book that they've been charged with), it is a failure of justice.
http://www.geoffreylandis.com
If you punch someone in the face and put them in the hospital, you don't get to say,"Oh, one punch to the face put you in the hospital? You really need to toughen up!" and get out of it. You still get arrested and go to jail.
If you punch someone in the face and put them in the hospital, you don't get to say,"Oh, one punch to the face put you in the hospital? You really need to toughen up!" and get out of it. You still get arrested and go to jail.
And yet this is neither a face, nor is a hospital involved. This kind of retarded logic is similar to what corporations use to assign themselves rights that belong to people and not companies. Aaron may have been bringing those servers to a crawl, but he did so by using the websites, not a denial of service attack. By your logic, slashdot readers would be at fault for bringing down websites by simply trying to view their contents. Would you like to be in court for your part in "Slashdot Effect"?
Yeah - whatever. I'm no bleeding heart, and I'm not crying myself to sleep at night because Swartz committed suicide.
At the same time, there WERE a bunch of cunts in DOJ who were using him to promote their own careers. He WAS being railroaded. There was nothing right about DOJ's handling of the case.
Whatever else you might say or think about Swartz, on his way out, he handed the hacker community a golden opportunity, and a weapon, to use against the DOJ. Why not use it?
I already mentioned cunts? Maybe you've noticed that cunts in Washington use other people's pain, suffering, and death routinely to further their own ends. Those kids murdered in Connecticut a few weeks ago are being used like rented mules to further the gun control agenda. Turn it around on Washington, for once. Use Swartz to force them to see what despicable cunts they really are!
"Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
The CFAA has immense penalties for two reasons:
1. Lawmakers look for any excuse to be "tough on crime".
2. Hackers are a small minority group that scare most people.
Combine these two things and one can see that hackers are an "acceptable target" for both the lawmakers and their constituencies, especially with the recent Chinese red scare going on.
Hackers need a PR firm.
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
And yet this is neither a face, nor is a hospital involved. This kind of retarded logic...
It's called an analogy . Attacking the hypothetical part of someone''s analogy is what Scott Adams likes to call a "win by knockout."
I disagreed with the analogy, as he was comparing people to things in an attempt to elicit a stronger emotional response. Comparing a physical assault on a human being to bringing down a website through over-use isn't an analogy, it's a failed attempt at one. I also presented a more comparable situation, an analogy if you will, in referencing the slashdot effect. It would seem you can only recognize the first analogy you see in a paragraph, maybe you should work on that...
If you're going to throw the book at someone for a computer 'crime'*, then maybe it should be an e-book instead of a book that is in in dead tree format.
*Especially when it is a 'crime' instead of real crime. You know, real crime, like the kind that involves violence, or the real crimes that occur in boardrooms, wall street and congress.
I'll see your senator, and I'll raise you two judges.