ACLU Lawsuit Challenges Computer Fraud and Abuse Act

An anonymous reader writes: The American Civil Liberties Union (ACLU) has filed a lawsuit with the U.S. Department of Justice contending that the Computer Fraud and Abuse Act's criminal prohibitions have created a barrier for those wishing to conduct research and anti-discrimination testing online. The ACLU have pursued the matter on behalf of a group of academic researchers, computer scientists and journalists seeking to remove that barrier to allow for third-party testing and research into potential online discrimination. In a public statement the ACLU contend: "The CFAA violates the First Amendment because it limits everyone, including academics and journalists, from gathering the publicly available information necessary to understand and speak about online discrimination."

Re:I don't follow

One of the provisions makes it a felony for unauthorized access to a computer system. In most EULAs it spells out that reverse engineering is disallowed and creates an area of unauthorized access. Thus a security researcher trying to analyze a system is technically committing a felony under the CFAA as it doesn't make any exceptions. Even if the analysis is being performed completely locally on systems they own if say the OS is Windows or MacOS.

The law is as broad as possible

[rsilvergun]

in it's definition of "Unauthorized". If you don't like how someone is using information you've made publicly accessible on your web site then it's suddenly "Unauthorized" and congrats, you're perl script just committed a felony for you. This isn't like walking into a house with it's doors unlocked. It's more like you wrote down advertised prices from billboards, aggregated the data, and when somebody notices you doing that doesn't make them look so good they throw you in prison.

This has been discussed multiple times on /.. It seldom comes up because most of us are working for large corps doing what we're told and so have a bit of the corporate veil to protect us. Someone trying to research a politically unpopular idea (racial profiling is being used to target minorities for expensive high risk loans and exclude them from cheaper low risk ones they otherwise qualify for) has to worry about this. If your study shows a pattern of abuse from on the part of a multi-billion dollar mortgage company expect to see some charges.

Re:The law is as broad as possible

[Facekhan]

If you make factual data public, you don't generally "own" it as in you don't have exclusive rights to it. You can't copyright a database of factual information. Basically the CFAA lets a firm make data public but then if someone uses a script to aggregate it, they can claim it was a felon. Just as an example, the CFAA could even apply to things like price comparison websites if a particular merchant doesn't want their public pricing information compared to their competitors.

Re:ACLU lawsuit

[frovingslosh]

You miss the point. they apparently are upset because the law applies to everyone. They apparently now believe in laws that apply to some people but not others.