Slashdot Mirror

← Back to Stories (view on slashdot.org)

Aaron's Law Is Doomed and the CFAA Is Still Broken

Posted by Unknown on from the reading-slashdot-is-a-felony dept.

I Ate A Candle (3762149) writes Aaron's Law, named after the late internet activist Aaron Swartz, was supposed to fix U.S. hacking laws, which many deem dated and overly harsh. But the bill looks certain to wither in Congress, thanks to corporate lobbying, disagreements in Washington between key lawmakers and a simple lack of interest amongst the general population for changes to the Computer Fraud and Abuse Act. Representative Zoe Lofgren blamed inactivity from the House Judiciary Committee headed up by Representative Bob Goodlatte, which has chosen not to discuss or vote on Aaron's Law. There is still an appetite for CFAA reform, thanks to complaints from the security community that their research efforts have been deemed illegal acts, perversely making the internet a less secure place. But with the likes of Oracle trying to stop it and with Congress unwilling to act, change looks some way away.

30 of 134 comments (clear)

  1. Well by Njorthbiatr · · Score: 5, Insightful

    What did you expect from an oligarchy?

    1. Re:Well by gstoddart · · Score: 4, Insightful

      What did you expect from an oligarchy?

      I think it's worse than that ... it's a nascent authoritarian state which is beholden to an oligarchy.

      Which means whatever the government doesn't control is in the hands of the corporations.

      So, if you're not being screwed in the name of secret national security by agencies which lie cheat and steal ... you're being screwed in the name of corporate profits. Or both.

      As a free society, America has pretty much almost ran it's course.

      Papers please, comrade, and don't forget to keep the economy going by buying stuff from one of our sponsors.

      --
      Lost at C:>. Found at C.
    2. Re:Well by JWW · · Score: 4, Insightful

      Yep.

      I'm growing tired of counting all the things that supermajorities of the people want that the government will never ever allow us to have.

      There are so many things that could be reformed/improved/eliminated/added in the context of government that the PEOPLE truly want (and want through large majorities) that it boggles the mind.

      However, if any of these things have a negative impact on the power of our politicians, or the power of their lobbyists, or the power of their party leaders, or the power of their special interest groups, then screw us.

  2. Face it ... by Anonymous Coward · · Score: 5, Insightful

    The fascists are never going to give up power now that they have it.

    And, at this point, it is fairly obvious that both parties are more than willing to vote in favor of fascism.

    This is all about government control and secrecy, and if anybody is going to hack into anything with permission it's the NSA et al.

    Pathetic, in my lifetime, America has become a joke -- face it, you suck, your government sucks, and you've turned your backs on rights and freedoms.

    America deserves what it gets at this point, and deserves a massive amount of contempt and distrust from the rest of the world.

    You have become the fucking problem.

    1. Re:Face it ... by mellon · · Score: 2

      Vote. In. The. Primary. If you are in a gerrymandered district, register for the party that owns the district. Participate in the campaign if you have time. Run for office if you have more time. Even if you don't win, if you get attention you can move the Overton window in your direction.

    2. Re:Face it ... by usuallylost · · Score: 4, Interesting

      That is good advice. A huge number of Americans do not understand that we have a two election system. The primaries for the various parties and then the general election. The party's policy positions are frequently fought out in the primary process. Since such a small percentage of the population participates in those the will of the party elite tends to hold sway. If you want to change what happens a primary challenge is a much smaller undertaking and has the potential for greater impact than any other method of directly challenging the current system. Absent a primary upset odds are that the person on the ballot for both parties is an entrenched establishment player. Mostly because they are the only ones who come out for primaries.

      The Virginia seventh district is a prime example of how a comparatively small and not well funded group of upset voters can change the entire dynamic of a race. An unknown comparative outsider came into the race and spent ~$250,000, which is chump change in congressional elections, and took down Eric Cantor. Because the voter pools are so much smaller it is much easier for a group to impact policy at that level. In the general election you frequently add a zero to the number of voters involved and to the amount of money you have to spend to get your message out. The key is upset local people changed the power structure in the house by particpating in the primary.

    3. Re:Face it ... by Frobnicator · · Score: 2

      And what, as American Citizens, would you have us do? Rise up in arms? Overthrow our government?

      First, contact elected officials, both your own and those in a position over the bill's progress. I wrote to six of them today when I read the story. I also contacted several of the committee members including Bob Goodlatte who is the committee chairman. Yes, one person is unlikely to get much change, but enough people contacting his office can induce change.

      Second, encourage those around you contact their representitives, and encourage them to directly contact those in the committee who can get things changed. Just like I did up there in that first paragraph. Post the links on facebook and other social media (also already done this today). Encourage people to send a message, ANY MESSAGE, that references the bill to their legislator's office.

      One or two messages won't do it. When it gets to be enough messages that the staffers notice, or even better enough that it overwhelms their office staff.

      What would I have you do? Make a noise. Any noise you can. This reply is the first one that would be considered "preaching to the crowd", but is about my 15th communication about it today. That is what you can do. Make it clear to the legislators that it is important to you, raise the layperson's awareness of the issue, and help encourage others to contact the right offices. Even if it is nothing more than writing your own messages and then calling on the Internet Trolls that you know to send them messages, that is still something. Do what you can to get your voice heard, since it needs to be heard over the corporate money.

      --
      //TODO: Think of witty sig statement
  3. Oracle trying to protect trade secrets by guises · · Score: 4, Interesting

    Apparently Oracle has sunk $1.36 mil into lobbying against this because they are using the CFAA to "protect trade secrets." Presumably they're holding the threat of ridiculous prison sentences over their employees' heads to keep them from leaking any of Oracle's precious bodily fluids, but someone must have some idea of what it is that Oracle is trying to hide, even if you all don't know the particulars. Spill.

    Is it some special sauce for tricking state governments into contracting with Oracle when they could be working with a different, competent company? Or into buying ten times as many licenses as they actually need? Doubtless there's some reason why Oracle is as rich as it is...

    1. Re:Oracle trying to protect trade secrets by gstoddart · · Score: 5, Insightful

      You know what, this is precisely what happens when you decide corporations are people, and that money equals speech ... your democratic process becomes subverted by the will of corporations and ceases to be about representing the people.

      It's pretty much all downhill from here.

      --
      Lost at C:>. Found at C.
    2. Re:Oracle trying to protect trade secrets by jfdavis668 · · Score: 2

      Well, maybe if people stopped deciding who to vote for based on television commercials and put some actual thought into it we would get a more responsible government.

    3. Re:Oracle trying to protect trade secrets by gstoddart · · Score: 2

      Sounds like an insane argument. Defending a law because you're using it for something it wasn't intended to be used for.

      In fairness, the government does it all the time ... so it's no more screwed up when corporations do it.

      News flash, badly written laws get misused.

      The problem comes when the people passing laws have no idea of what they say, the laws are written by corporate lobbyists, and the law makers ignore people pointing out the flaws in the law before it's passed.

      When your elected representatives owe more to their corporate sponsors/donors than they do the people who elected them, this is what you get.

      --
      Lost at C:>. Found at C.
    4. Re:Oracle trying to protect trade secrets by idontgno · · Score: 2

      News flash, badly written laws get misused.

      Every tool is a weapon in the hands of someone with violent intent.

      Business is a battlefield. Weapons are damn useful in a battlefield.

      Business is ultimately responsible for the weaponization of the law. How could anyone argue that the CFAA is intended for anything else? If no one is digging holes, the only use left for a shovel is bashing your adversaries. The only question left, and it's purely an academic one, is whether this (mis-)use of the CFAA is an accident arising after its inception, or its real but unpublicized raison d'être.

      --
      Welcome to the Panopticon. Used to be a prison, now it's your home.
    5. Re:Oracle trying to protect trade secrets by spire3661 · · Score: 2

      I have standing against all laws I am subject to. Anything less is not a functioning justice system. One shouldnt have to prove personal suffering to change the law.

      --
      Good-bye
  4. CFAA & Aaronsw by Anonymous Coward · · Score: 4, Insightful

    CFAA may be broken but what Aaron did was still wrong and I don't think the law should be changed to make his behavior legal, which is the impression I get when the bill is named after him. I'm sure many others feel the same way. Sure, Swartz will be missed and many people are blaming themselves for not recognizing the signs of mental illness and helping him before he killed himself. However, I'd do the same thing MIT did if I discovered some creep walking in off the street and causing all the researchers to lose access to a major database, kept evading blocks over a period of months, and broke into a wiring closet to hook up his own equipment. Likewise, if some creep was trying to "keepgrabbing" my entire database, creating more traffic than all of my other customers combined, and jeopardizing my relationship with one of my biggest customers, you bet your ass I'd call the cops. Somehow, however, Swartz apologists keep trying to hitch this wagon up to the "I didn't read a web sites ToS and now I have a felony conviction" cause.

    1. Re:CFAA & Aaronsw by king+neckbeard · · Score: 5, Insightful

      I don't think that people are wanting his actions to be totally legal so much as just having reasonable punishment. I think naming it Aaron's law is to demonstrate that it is a means of preventing the abuse of the CFAA in the way it was used against Aaron.

      --
      This is my signature. There are many like it, but this one is mine.
    2. Re:CFAA & Aaronsw by whoever57 · · Score: 2

      CFAA may be broken but what Aaron did was still wrong

      What Aaron did was not wrong (in a moral sense). What Aaron might have done could have been wrong, but no one knows what his intent was in downloading all those papers. Was he going to publish them all? Was he going to just run some analysis on them?

      What is clearly wrong is the level of punishment that he could have been subject to for doing something that had hurt no one and caused no significant losses to anyone.

      You are condemning him based on assumptions about his future actions.

      --
      The real "Libtards" are the Libertarians!
  5. Will never ever pass by Lumpy · · Score: 4, Insightful

    When your lawmakers are low IQ low education level types that put more weight in the opinions of the lobbyists that stuff their pockets full of money... You will NEVER get fair and balanced laws.

    DMCA and PATRIOT are two prime examples of how the people on capitol hill work. most of those idiots do not even READ the laws they are voting on.

    The proper answer still remains, if you want to be a white hat, you MUST remain anonymous when you release any information. DO NOT ever let someone know who you are because good deed will be punished harshly by the scared and uneducated lawmakers.

    And the laws are only going toget worse as big business buy even more legislation to shore up out of date business practices.

    --
    Do not look at laser with remaining good eye.
  6. Abstract laws that already exist. by jellomizer · · Score: 2

    Lets say someone had little security, akin to not locking the door, and someone gets into the system and seals data. That is the same as if someone just walked in and made photocopies of all the data and left the building.

    If they needed to break in, where the computers are in a more compromised state then it is breaking and entering.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  7. Larger request by JimSadler · · Score: 5, Insightful

    Apparently the young man committed suicide due to the threat of severe charges and punishments. The real challenge is the way the legal system works. The common tactic is to charge a defendant with a stack of really off the wall charges and force a plea bargain for much more accurate charges. A person who really would face a year or two in prison is faced with a prosecutor threatening 60 years or more. Many personalities will fold and make a deal. Addicts are particularly vulnerable as they have urgent desires to get out and get loaded as soon as possible. There is also a public display element in that convictions and sentences make great newspaper fodder but inmates appeal and bargains are struck to avoid a retrial in many cases. Think about it. A bad person breaks into a home with people sleeping at night. The charge could be burglary which usually gets one probation for the first offense. Or the exact same crime can be called home invasion and the person may be in prison for 75 years. The prosecutor says plead to burglary and we won't charge you with home invasion. The bad actor doesn't want to die in prison so even if innocent will tend to plead guilty. So the only real cure is to require all charges to be filed before anyone interviews the bad actor. Then disallow any changing of the charges. Or we could dump the entire idea of allowing plea bargains.

    1. Re:Larger request by Jason+Levine · · Score: 4, Informative

      The same thing happens with civil lawsuits also. If the RIAA thinks they've caught you uploading a thousand songs, they'll sue you for $150 million (the maximum penalty the law allows). Then, they will offer to settle for "only" $3,000 and a signed statement that they give you which basically admits your guilt and forces your silence on the matter. Your options are a) pay for a lawyer and spend time and money fighting the case knowing that you might lose and, even if you win, might not get back lawyer fees or b) settle and cut your losses.

      Most people understandably choose option b. It's nice to say you'll defend your innocence in theory but in reality a fight like this would be too much for some people when they need to juggle work, bills, and other aspects of real life. The RIAA counts on this and abuses the legal system to ensure as high a "number of pirates caught" number as possible regardless of whether those "pirates" are really guilty or not.

      --
      My sci-fi novel, Ghost Thief, is now available from Amazon.com.
    2. Re:Larger request by Rockoon · · Score: 5, Informative

      Apparently the young man committed suicide due to the threat of severe charges and punishments.

      He was offered a 6-month sentence in a low security prison. Turned it down.

      --
      "His name was James Damore."
    3. Re:Larger request by Trailer+Trash · · Score: 4, Insightful

      Apparently the young man committed suicide due to the threat of severe charges and punishments.

      He was offered a 6-month sentence in a low security prison. Turned it down.

      What's the point? If I'm innocent then 6 months in any prison is wrong.

      The grandparent has a lot of good points. Another much-needed reform is to force prosecutors to tell the jury the details of all plea bargains that were offered. When someone's facing 70 years in prison and the prosecutor has to sheepishly say to the jury "yeah, we thought 6 months was a reasonable sentence" then the jury's going to step back and say "okay, then what's up with all these charges?"

      The other reform mentioned by the grandparent is to simply disallow adding charges after the initial charges. If they uncover other criminal activity then make it a separate trial or something - it needs to be more expensive in terms of time and money for the prosecution to bring more charges.

      --
      Do you have ESP?
    4. Re:Larger request by Bing+Tsher+E · · Score: 2

      He thought he was being 'the hero' would would face The Man down. But the deal worked out differently. And in the end he's ended up getting more attention by his death.

      People his age think in terms of Absolute because righteous Adventurism is highly rewarding, and they really don't have big stakes in anything that matters.

  8. Re:He didn't hack by Anonymous Coward · · Score: 2, Insightful

    Fine, no. But worth 30 years in prison when even all the wronged parties did not want to continue the prosecution. FUCK NO.

  9. First problem is calling it Aaron's Law by clovis · · Score: 2

    Associating the act with Aaron Swartz such as calling it Aaron's Law is a huge mistake because any congressman that votes for it will have to consider how his opponents would use that against him in the next election. Keep in mind that the people who fund election campaigns are the kind that would look upon Aaron as a simple thief and menace.

    The CFAA certainly needs to be fixed, but a better way would be to not mention Aaron Swartz and rather call it something like "CFAA Modernization Act"

  10. Re:He didn't hack by meta-monkey · · Score: 2, Informative

    But he had every right to attach his computer to that network. MIT has (or had?) a free and open network. It was open to everyone, not just students, faculty and guests. So there was no problem with him connecting to their network, or stashing his computer there.

    JSTOR's contract with MIT allowed access to their papers to anyone on MIT's network. Not limited to students and faculty. Just anyone coming from their network. So there was nothing illegal about him downloading papers from JSTOR.

    However, JSTOR's terms of service limited the number of papers one could download in a given period of time. I think it was something like 25 a day. Aaron, however, wrote a script that would download all 4 million in rapid succession.

    The only thing "wrong" that he did was violate JSTOR's terms of service. Yes, if everyone did that the system would collapse. What he did amounts to bad manners. For that he deserves to be threatened with up to 50 years in jail? That's the kind of abuse Aaron's Law is intended to stop.

    --
    We don't have a state-run media we have a media-run state.
  11. Re:He didn't hack by Rockoon · · Score: 3, Insightful

    Fine, no. But worth 30 years in prison when even all the wronged parties did not want to continue the prosecution. FUCK NO.

    Lets be completely honest about this.

    He was neither convected nor sentenced. The claim that he faced 35 years jail time is highly disingenuous since he had been offered a plea bargain that carried only 6 months in a low security prison, but he turned it down.

    The story after his suicide was one disingenuous load of crap after another. If the guy killed himself because of the jail time he faced, then even 6 months was too much for him.

    I dont see how 6 months is out of line for the crimes that he admitted to committing.

    --
    "His name was James Damore."
  12. Re:He didn't hack by PPH · · Score: 2, Insightful

    I dont see how 6 months is out of line for the crimes that he admitted to committing.

    What crimes? He violated the system's terms of service. Purely a civil matter.

    --
    Have gnu, will travel.
  13. lack of interest by Vintermann · · Score: 3, Insightful

    There are a thousand laws where "lack of interest amongst the general population" was no obstacle to getting them passed.

    --
    xkcd is not in the sudoers file. This incident will be reported.
  14. Re:He didn't hack by Rockoon · · Score: 2

    Not crimes, civil charges that were entirely disputable.

    His 2 counts of wire fraud were not 'civil charges' -- nor were his 11 criminal violations of the computer fraud and abuse act.

    How exactly do you think? Is it that if you know that you dont know anything about a subject that you will act like an expert anyways because you really feel that you are THAT fucking special as to not actually need to know anything at. fucking. all?

    --
    "His name was James Damore."