Draft Computer Fraud and Abuse Act Update Expands Powers and Penalties

Despite calls to limit the Computer Fraud and Abuse Act, it looks like Congress is planning to drastically expand the law and penalties. walterbyrd writes with a few of the major changes listed in the draft bill (22 pages): "Adds computer crimes as a form of racketeering. Expands the ways in which you could be guilty of the CFAA — including making you just as guilty if you plan to 'violate' the CFAA than if you actually did so. Ratchets up many of the punishments. Makes a very, very minor adjustment to limit 'exceeding authorized access.' Expands the definition of 'exceeding authorized access' in a very dangerous way. Makes it easier for the federal government to seize and forfeit anything." TechCrunch also reports rumors that the plan is to push the bill through quickly for approval with a number of other "cybersecurity" bills in mid-April.

Fascist America

[danbuter]

One step closer to fascism. Big business controls the government, and the government will control every single aspect of your life.

Re:Fascist America

[khallow]

Big business controls the government, and the government will control every single aspect of your life.

Who really thinks big business will hold the leash in this relationship? They simply aren't that powerful, don't have the resources or the guns, and they aren't sufficiently unified compared to a large national government, especial one as vast as the US federal government.

Now, if it were say a half a dozen or less massive businesses (something like the Japanese zaibatsu of old) who controlled virtually all private activity, then you'd be speaking of players who would have power sufficient to deal with the federal government as near equals.

We have to keep in mind that the federal government spends above 20% of GDP and is likely to stay that high for a while. The largest private enterprises, Exxon-Mobile and Walmart are about a tenth the size and have a profit margin to maintain.

OTOH, the US federal government spends somewhere under a dollar to acquire $100 according to the IRS (so I understand, though I getting the data from a secondary source, see page 24).

It also maintains a large military and law enforcement, which in part maintains the societal infrastructure that generates the tax revenue present and future that the US government depends on (either directly through taxes or indirectly through borrowing). I don't think such necessary expenses would be higher than about 10%. That means the rest of it is money waiting to be doled out to constituents, special interests, and building up federal bureaucracies. Now, some fraction of that remainder is going to have to go to entitlements and other gifts to voters in order to preserve the overall revenue stream, but I bet they have a margin that a private company would be willing to kill for.

Re:Fascist America

[Fluffeh]

Actually I think it shows that they are getting more and more scared - which can only be because the people are getting more and more agitated. These folks act in reaction to perceived threats to them and their jobs. If they are cracking down by trying to pass these over-reaching laws it can only mean that they are losing a large amount of control and power on this front. On one hand it is good, I believe in power to the people - though within reason, but on the other hand it brings us one step closer to an Orwellian state which is scary.

Re:Fascist America

[Required+Snark]

The original post has it right, you have it wrong: mega-business has co-opted the government. Every real world example shows this pattern.

The bank bailout of 2008. Even though the banks failed the most basic rules of capitalism, there was no meaningful penalty for institutions or individuals. All the whining about Dodd-Frank regulation is crocodile tears. The big Wall Street firms have not changed in any way. They still engage in appallingly bad behavior because of unbridled greed. JPMorgan just got caught effectively breaking the new regulations and lost $6 billion as a result. There were still casino gambling, but they called it something else. The fallout: nothing. No legal or regulatory action. Dead silence after one day of hearings. Jamie Dimon just got a big vote of confidence from his board, and retains the titles of both CEO and Chairman. He was personally aware of what went on. Yes, at some point an underling will be thrown under the bus and go to jail, but the big crooks are untouched.

DCMA in general and this legislation in particular. It criminalizes the most innocuous actions so that business can crush anyone at any time. This is the government doing the bidding of mega corps.

Fracking. Ever increasing areas of the country are having their water supplies poisoned forever so that Big Oil can make more money. It's worse then Chernobyl or Fukushima, because radioactivity has a half life. Fracking is a irreversible change to geologic structure. It will take geologic time to recover. These are the same companies that were the most profitable businesses in the history of the world in the 2000 decade. They still get obscene tax brakes that go back to 1926.

Monsanto and GM crops. First they said the the manipulated genes would not get into non-GM crops. Then when it happened the courts ruled that the non-GM planing farmers could be sued for stealing their IP. So if GM crops are used in an area, either you plant a different crop, or are forced to use the GM seeds to avoid being sued. The Mafia is envious.

In addition: Big Pharma and Oxycontin. HDMI cables. EULA. "Clean Coal". Mandatory ethanol from corn. Increasing the number of 1-HB visas.

The constant feature is that big business can buy damn near any legislation they want. The government is the enforcement arm of corporations. In the real world the law goes to the highest bidder, and all the money and power resides in corporations. When you blame the government your corporate owners are delighted. They can keep right on going because their disinformation campaign is working perfectly. Any fix requires understanding who is in charge, and you have it completely wrong.

Re:Fascist America

[khallow]

That is the textbook definition of fascism - where big business is run solely for the purpose of advancing government

Fixed it for you. Perhaps you should look at textbook cases of fascism in Europe and elsewhere. Was business or government in charge in Nazi Germany under Hitler? Fascist Italy under Mussolini? Argentina under Peron? Chile under Pinochet? Or modern cases such as Singapore or possibly mainland China? Government has always been in charge.

I think this distinction is important because it matters how we try to solve things. If we assume business was the power here, then stripping them of power (say via regulation) would fix the problem.

But if it's just a case of government selling its monopoly services at an exorbitant premium, then you just handled even more power to the real problem. I think that is what is happening here. There's nothing keeping government from continuing to sell its services. They'll just be able to charge even higher prices than they currently do.

For example, someone cited the bank bailouts as evidence of big business power. So how did the banks, desperate for capital, manage to force governments all over the world to release vast amounts of public funds? They didn't. It was another opportunity for government officials to profitably play winners and losers, while simultaneously appearing to "do something" about a huge financial crisis. Well, we're still suffering from the fallout of that banking crisis and the subsequent "solutions", but at least the politicians are doing fine.

OTOH, if big businesses really were too powerful, then cutting government spending means that they lose a vast gravy train which helps fund their power.

So needless to say, I'm in favor of cutting government spending whether or not government is the more overly strong party or not.

Re:Fascist America

[some+old+guy]

Our multinational capitalist oligarchs do not have to hold the reigns of power. They own the horse.

The government is bought and paid for via graft and 1st Amendment-protected campaign contributions.

Not to accept the obvious is hopelessly naive.

Re:Fascist America

[ebno-10db]

... You don't want to be stuck with a foreclosure ...

'Securitisation chain' means the bank sold that debt to the capital market. The bank could give money to everybody and the 'share holders' would take all the risk.

... basic rules of capitalism changed by social policy-makers ...

Yes, the movie 'Inside job' details how those changes allowed those banks to count money that didn't exist. Just like Enron did.

... "unbridled greed" that means they can stay in business ...

No. making a profit means they can stay in business. Unbridled greed is not mentioned in the 'Causes of the wealth of nations', the definitive study of the free market.

I'm in the business of acquiring cars. Please arrive home late on Thursday night so I can shoot you and take your car. THAT is 'unbridled greed' and punishable under another law.

... Nobody sane runs a business to run it into the ground ...

As the movie 'Inside job' reveals, Goldman-Sachs created loans they knew would go bad then insured those multiple times. That insurance scam is what ruined the AIG corporation.

Hear, hear! Quoting the parent because I lack mod points, and people should see it. The only "basic rule of capitalism" is to make money, and if fraud isn't prevented, then scams will prevail.

this just in

[girlintraining]

Extra! Extra! Read all about it! Laws too dense for average citizens to understand, too vague to prevent massive abuse! Please. You're all felons. You haven't been prosecuted because you haven't pissed anyone off enough to become one, but all I need to do is record you going about your daily business for a week, and I'll find enough dirt to keep you locked up for a long time. Every. Last. One of you. Except perhaps the person who can't read this, because they're in a coma, in a hospital bed. And that poor, poor bastard is only avoiding his fate for as long as his bank account continues to pay off his mortgages and student loans. Once the money runs out, yeah... he's gonna be a felon too.

The law has ceased to have any relevance of any kind whatsoever for principled and ethical people. You cannot follow all the laws, you don't even know all of them, and you're not supposed to, and even if you did manage this collossal feat that even our own government can't accomplish with all of its resources... interpreting the law is also a crime. Ha ha. And telling someone else what you've learned? Practicing law without a license... another crime.

We're all criminals. We just haven't been caught.

Re:this just in

[Man+On+Pink+Corner]

Exactly. It's not about being able to arrest everybody. They can't arrest everybody, and they don't want to arrest everybody.

It's about being able to arrest anybody.

Re:this just in

[Lothsahn]

Sociology study after study shows that there is significant racial bias in the police force against blacks. Minorities are more likely to get charged with crimes, arrested, and pulled over for committing the same traffic infraction as compared to whites.[1] This bias exists and is real. This is a significant portion of the story.

The other significant portion of the story is that blacks are far more impoverished than whites, on average. " In 2010, 27.4 percent of blacks and 26.6 percent of Hispanics were poor, compared to 9.9 percent of non-Hispanic whites and 12.1 percent of Asians." [2] Poverty has a strong correlation to violent crime and drug use. "Nonviolent drug offenders now account for about one-fourth of all inmates in the United States, up from less than 10 percent in 1980. " [3] This figure does not include crimes which are committed to support a drug addiction.

Interestingly, violent crime rates are similar in impoverished black and white neighborhoods. "The violent crime rate in highly disadvantaged Black areas was 22 per 1,000 residents, not much different from the 20 per 1,000 rate in similar white communities." [4] This means that despite the proven police bias, for violent crimes, only 2 per 1000 more blacks are convicted of violent crimes as compared to whites in impoverished neighborhoods.

In summary... 50 years after Martin Luther King, Jr., we still have significant racial bias in American Culture. However, we have come a long way as compared to even 25 years ago. As we continue to improve as a nation, and treat others not based on their racial makeup, I believe the poverty inequality will begin to equalize in this nation. We still have a big problem with racism in the US. The racism issue is slowly improving, but there are practical and non-racist reasons why the incarceration rates differ so dramatically between whites and blacks. You don't enslave a population of people for hundreds of years and then turn around, snap your fingers, and suddenly have racial, economic, financial, and social equality. Repairing the damage that was done takes time. Now if our prison system could be more interested in healing instead of retribution...



Interesting Note: There is growing evidence that Lead is the cause of the majority of the violent crime. [5] If this is true, this may explain why the violent crime rates are similar--impoverished people are more likely to be exposed to lead, but impoverished blacks are just as likely to be exposed as whites.

[1] http://chicago.cbslocal.com/2012/08/09/blacks-hispanics-still-more-likely-to-get-traffic-tickets-in-illinois/ [2] http://www.npc.umich.edu/poverty/
[3] http://www.nationalreview.com/corner/269208/prison-math-and-war-drugs-veronique-de-rugy
[4] http://researchnews.osu.edu/archive/badcomm.htm
[5] http://www.motherjones.com/environment/2013/01/lead-crime-link-gasoline

Write to your representatives!

[intellitech]

I’m a constituent calling on you to reform the Computer Fraud and Abuse Act (CFAA), 18 U.S.C. 1030. This law contains vague language that broadly criminalizes accessing a computer "without authorization," carries heavy-handed penalties, and shows no regard for whether an act was done to further the public good. We saw how these laws could be abused in the case of Aaron Swartz, a recently-deceased 26-year-old coder and social activist who was hounded by the Justice Department in a relentless and unjust felony prosecution.

The CFAA needs three critical fixes: first, terms of service violations must not be considered crimes. Second, if a user is allowed to access information, it should not be a crime to access that data in a new or innovative way -- which means commonplace computing techniques that protect privacy or help test security cannot be illegal. And finally, penalties must be made proportionate to offenses: minor violations should be met with minor penalties.

While it is too late to intervene on behalf of Aaron, it’s not too late to ensure that this harm is not done to future social justice activists and security researchers. Please hold a Congressional hearing to examine the ongoing abuses of the Computer Fraud and Abuse Act and similar laws, and champion reform so that the potential punishments fit the crimes.

You can write to them easily here: https://www.eff.org/aarons-law

Take the time to add a note to the end of the boilerplate about how you WILL NOT vote for them if they don't act.

Senators and Representatives, even somebody like me who doesn't follow all things politics-related can still see how you vote and how well you represent my interests via http://www.opencongress.org/ , at the very least. Just remember, we are watching.

Re:Write to your representatives!

And they can just as easily reply with a form letter

A former staffer once told me the key to getting an actual human being to craft a response. It's possible that in the years since they've clued into this technique, but I doubt it. The key, as he told it, was never to write about a single issue. They had form letters for basically any issue you might care about. If, instead, you wrote about two issues with absolutely no connection, it forced a staffer to craft a response (often from multiple form letters.) If your second issue was really obscure, it might even force them to write portions of the respose.

So write about this law and also express concern for the moose population of southern Alaska and your correspondence will receive a few seconds of their attention instead of the zero that it would otherwise get.

Needs a new title

[russotto]

Maybe they could change the title to this bill to the "Piss on Aaron Swartz's Grave Act of 2013"?

Seriously, what did you expect. The noose always gets tighter.

Re:Needs a new title

[girlintraining]

Well, yeah. They're naming it after him because his death dropped the pants on these asshats. So naturally, they adjusted the law to prevent further de-pantsing events rather than admit that their crappy, over-vague, law which criminalizes basically any use of a computer indirectly led to the death of a talented young man who's crime was basically annoying authorities in the 3rd degree.

Re:Needs a new title

[rtb61]

Those changes are even worse than that. They basically allow the government to seize your home solely upon the basis of a claim of conspiracy of an already arrested person awaiting trial and a reduced sentence. Basically these laws have been written to silence political activist who use computers for any political activity.

Most people use their computers in their homes, their homes provide the facility for using that computer hence, under the law can be confiscated regardless of the lack of any losses or gains, just upon the claims of conspiracy. As conspiracy does not require the evidence of any crimes being committed purely the testimony of an individual seeking a reduced sentence ie. the loss of their homes and many years in prison, you can see how this can be readily abused to target any individual disliked by the current political authority.

Breach of contract is a civil matter but under this Law if the contract is basically on a computer it is a criminal offence. To access the contract you must adhere to the conditions of contract, if you breach the conditions of contract, your access to the contract is now a criminal act. Even more insanely it sets no limits on the 'Terms of Service' of access to computer network. This enables the wordings of "Term of Service' to ensure all users breach the "Terms of Service" in normal use, thus allowing the entity responsible for the "Terms of Service" the power of prosecution over all of it's users.

Straight up this is a political attack targeted at computer geeks and nerds, basically the majority of slashdot users and at silencing them because of their greater political influence in the internet age.

Massive Overreach, Then Seeming To Relent

They propose something completely over the top, so that when they appear to reconsider and listen to the public, we are all mollified to let them get precisely what they wanted in the first place.

Join the ACLU and EFF, your NRA for the 21st century.

Re:Conservative reaction to shooting foot

[jfengel]

Since it's just a draft, I'm not actually certain who wrote it. It doesn't have a tracking number yet. This being the House, we can infer that the chairman is OK with it, and he's a Republican, but he's not necessarily the author.

The only clue I can find is in a file name included in the document:

C:\DOCUME~1\HRBRAZ~1\APPLIC~1\SOFTQUAD\XMETAL\5.5\GEN\C\SR_005.XML

but I don't see anybody on the committee whose name fits "HRBRAZ~1" (and it's probable that it's somebody's secretary or legislative assistant; it might even be the staffer who's responsible for maintaining the XML [via Softquad, on an elderly Windows installation]).

nt

[shentino]

Dear americans:

Fuck you

Sincerely, the feds.

Re:4th Branch of Government

[hsmith]

Uh, no. SCOTUS wasn't intended to validate laws. That is a power it took upon itself.

Re:Conservative reaction to shooting foot

[Lawrence_Bird]

Well it is most certainly not a congress critter as they are way to stupid to think and write anything 'legal' themselves. So the bigger question is, who has lobbied for the terms in the proposed law?

Orin Kerr on draft of new CFAA

[Freddybear]

Orin Kerr from the Volokh Conspiracy has this to say about the "new" draft CFAA:

http://www.volokh.com/2013/03/25/house-judiciary-committee-new-draft-bill-on-cybersecurity-is-mostly-dojs-proposed-language-from-2011/

"Stop taking DOJ’s language from back in 2011 and packaging it as something new. Based on a quick read, it seems that the amendments for 1030 in the new draft are mostly copied from a bill that Senator Leahy offered (with substantial input from DOJ, as I understand it) back in November 2011. I criticized that language here. The new circulating draft also adopts the sentencing enhancements (minus mandatories) and the proposed 1030a that DOJ advocated in May 2011. I criticized that initial DOJ language here. (There’s also a breach notification provision in the new language, but I haven’t followed that issue closely; I don’t know if that proposal is also based on old language.)

In some ways, the new circulating language is even more severe and harsh than DOJ wanted even in the Lori Drew case. For example, the proposed language would make it a felony crime to violate Terms of Service if the TOS violation:

        (I) involves information that exceeds $5,000 in value;
        (II) was committed for purposes of obtaining sensitive or non-public information of an entity or another individual (including such information in the possession of a third party), including medical records, wills, diaries, private correspondence, financial records, photographs of a sensitive or private nature, trade secrets, or sensitive or non-public commercial business information;
        (III) was committed in furtherance of any criminal act in violation United States or of any State, unless such state violation would be based solely on the obtaining of information without authorization or in excess of authorization; or
        (IV) involves information obtained from a computer used by or for a government entity;

This language is really, really broad. If I read it correctly, the language would make it a felony to lie about your age on an online dating profile if you intended to contact someone online and ask them personal questions. It would make it a felony crime for anyone to violate the TOS on a government website. It would also make it a federal felony crime to violate TOS in the course of committing a very minor state misdemeanor. If there is a genuine argument for federal felony liability in these circumstances, I hope readers will enlighten me: I cannot understand what they are.

In short, this is a step backward, not a step forward. This is a proposal to give DOJ what it wants, not to amend the CFAA in a way that would narrow it. "

you should not get less time for robbing 7-11

[Joe_Dragon]

you should not get less time for robbing 7-11 or some other store.

Let make a car analogy

Let say that you find a gas pump that does not force you to pre pay and is wide open for any one to just start pumping gas is about the same thing as longing into a system with no security.

But you can get less time for the Gasoline theft and you did steal something vs even just logging in / copying or looking at data that is still there. Unlike gas that is now missing from the station tank.

Mike Masnik

[the+eric+conspiracy]

This story originates from a TechDirt posting by Mike Masnik.

Mike is generally a pretty perceptive reporter, however he occasionally jumps the gun when posting commentary about preliminary documentation such as draft bills or revisions to such bills. I lost a lot of credibility with my Congressman in reacting to a story of his related to a revision being made to the ECPA.

From that experience I learned to not pay attention to his reports on draft bills and similar preliminary documents because it's too early in the legislative process to determine if they have any weight or chance of becoming embedded in actual legislation.

SO this may be worth following, but I don't think it's worth writing to a Congressman about yet.