Slashdot Mirror
Justice Department Warns It Might Not Be Able To Prosecute Voting Machine Hackers (vice.com)
An anonymous reader quotes a report from Motherboard: After more than a decade of headlines about the vulnerability of U.S. voting machines to hacking, it turns out the federal government says it may not be able to prosecute election hacking under the federal law that currently governs computer intrusions. Per a Justice Department report issued in July from the Attorney General's Cyber Digital Task Force, electronic voting machines may not qualify as "protected computers" under the Computer Fraud and Abuse Act, the 1986 law that prohibits unauthorized access to protected computers and networks or access that exceeds authorization (such as an insider breach).
The report says the law generally only prohibits against hacking computers "that are connected to the Internet (or that meet other narrow criteria for protection)" and notes that voting machines generally do not meet this criteria "as they are typically kept off the Internet." Consequently, "should hacking of a voting machine occur, the government would not, in many conceivable circumstances, be able to use the CFAA to prosecute the hackers." Aside from the fact that the assertion about voting machines not being connected is incorrect -- many voting machines are connected in that they use cellular and landline modems that connect with cell towers and backend telecom networks to transmit results on election night -- the government's assertion that the CFAA applies only to connected machines is news to legal experts.
The report says the law generally only prohibits against hacking computers "that are connected to the Internet (or that meet other narrow criteria for protection)" and notes that voting machines generally do not meet this criteria "as they are typically kept off the Internet." Consequently, "should hacking of a voting machine occur, the government would not, in many conceivable circumstances, be able to use the CFAA to prosecute the hackers." Aside from the fact that the assertion about voting machines not being connected is incorrect -- many voting machines are connected in that they use cellular and landline modems that connect with cell towers and backend telecom networks to transmit results on election night -- the government's assertion that the CFAA applies only to connected machines is news to legal experts.
The law uses the word "protected computer", which is defined as the following:
a computerâ" (A) exclusively for the use of a financial institution or the United States Government, or, in the case of a computer not exclusively for such use, used by or for a financial institution or the United States Government and the conduct constituting the offense affects that use by or for the financial institution or the Government; or
(B) which is used in interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States.
As voting machines are not a computer for a financial institution or the United States Government (they are a State Government owned device, not the federal "United Stated Government"), and they are also not used in interstate or foreign commerce or communication (they only communicate within their own State), voting machines fail to meet the standards as defined for a "protected computer" under the law.
We were all warned a long time ago that MS products sucked, remember the Magic 8 Ball said, "Outlook not so good"