We Should All Step Back from Security Journalism. I’ll Go First. Quinn Norton (previously) responds to the sentencing of Barrett Brown (previously.) [Via]
The Limits of Computer Trespass Law (Lengthy video with audio available) "Have you ever borrowed a smartphone without asking? Modified a URL? Scraped a website? Called an undocumented API? Congratulations: you might have violated federal law!" Legal and internet thinkers (including Ed Felten, Jennifer Granick, Dan Auerbach, & others) talk about vagueness in the Computer Fraud and Abuse Act, chilling effects, and the prosecution of Aaron Swartz in a panel discussion at Stanford's Center for Internet and Society. [more inside]
Over at the Freedom to Tinker blog, Steve Schultze posts about a recent ruling against Craigslist in their suit against PadMapper an online service that helps users of craigslist via mapping, and 3Taps, a platform that documents and stores historical transaction information... Craigslist responded by filing 17 claims... [more inside]
What does proper authorization to access a computer system mean? Robert Graham of Errata Security writes about the recent conviction of Andrew Auernheimer (aka weev) for “hacking” AT&T. Two years ago, weev discovered a bug in AT&T's website that exposed the email addresses of customers with iPads. According to weev, the flaw was reported as per responsible disclosure practices by first informing AT&T before bringing it public. However the FBI investigated and arrested him under the Computer Fraud and Abuse Act (CFAA). On 20th November 2012, he was found guilty of identity fraud and conspiracy to access a computer without authorization.
In 1984, Congress passed a law called the Computer Fraud and Abuse Act, in the wake of some high profile incidents of hacking. Designed to prosecute hackers, the law is written vaguely enough that it has, in recent years, been used (with varying degrees of success) to prosecute people violating terms of an employer's computer usage policies, or in the infamous case of Lori Drew, a Terms of Service agreement. But today, the 9th circuit court of appeals ruled that employees can not be prosecuted under the CFAA for violating an employer's computer use policies, dealing a blow to the Obama administration’s Justice Department, which is trying to use the same theory to prosecute alleged WikiLeaks leaker Bradley Manning.