24 Mar 2013

The dangers of the Computer Fraud and Abuse Act

By Joseph Quiroz: On March 18, 2013, Andrew “weev” Auernheimer was sentenced to 41 months in prison and has been order to pay $73,000 in restitution to AT&T for his role in Goatse Security’s AT&T hack.
This incident involved the theft of over 100,000 email addresses gained due to a flaw in AT&T 3G iPad userbase. Auernheimer passed the information about the flaw along to Gawker.
After finding out what happened, AT&T took Auernheimer and Daniel Spitler, Auernheimer’s associate during the hack, to court.
They were eventually charged under the 1984 Computer Fraud and Abuse Act (CFAA), the same law used to prosecute late activist Aaron Swartz. This was a moment of major embarrassment for AT&T.
The CFAA was originally passed in order to punish those that entered government and financial industry computer systems.  However, throughout the years this law has been amended several times in order to keep up with internet and technology developments
Some have stated that the CFAA is now being used by the United States government to intimidate journalists, activists and security researchers with long prison sentences.
Aaron Swartz, for instance, faced 35 years in prison for downloading 4.8 million documents from the subscription-based academic research database JSTOR in 2011.
Think about that for a moment, getting 35 years in jail for downloading a bunch of academic documents illegally?

In the vast realm of the internet, how many of us have downloaded something illegally? It is scary to realize that some could get years in prison for downloading a movie or a song illegally.
If the government decided to prosecute every person that illegally downloaded something, the United States government could gain a great deal of power over people. Rights can be taken away in a moment due to an illegal download.
Or even worse, the government could take away the rights of all since too many have broken the law.
The CFAA is considered by many to be too vague since no one really knows what “unauthorized access” of a computer is. The government, if it wanted to, could twist this into almost anything.
Auernheimer wanted to alert AT&T to the presence of its flaw by exposing it to Gawker. A huge corporation like AT&T is usually too proud to admit a mistake when a user comes to it in private.
What happened to Auernheimer could happen to a whole lot of internet users, as it now seems that the government thinks it’s a crime to collect email addresses.
Aren’t there a lot of sites out there that collect a lot of email addresses? Why charge Auernheimer? He is not the first to collect a vast amount of emails.
This only became a major issue because a big corporation like AT&T led the charge.
Had Auernheimer collected emails from a vastly smaller site, would the government have gone after them as they did and get him charged under the CFAA?
The CFAA is extremely valuable when you think about it. It is not valuable to the average internet user, but it’s extremely valuable to huge corporations seeking to cover up their mistakes and blame it on a scapegoat like Auernheimer.
Instead of blaming someone else for a mistake you made, why not fix the problem? Corporations don’t want to go that way and even as they keep on making mistakes, they keep on chugging along when they have a useful tool like the CFAA by their side.
In today’s America, we have a lot of problems. Prosecuting internet users under the CFAA should be the least of their concerns.
Why waste money going after internet users when we have a massive economic situation to solve? It doesn’t make any sense when you think about it.
Also, there is a lot of danger in having something like the CFAA as a chief tool to imprison internet users who might seem unsavory to some.
Since it’s so vague, the CFAA can be used against people for just collecting emails or something similar that doesn’t hurt people. Even worse, it could be used to control a massive number of Americans since so many people have done illegal things on the internet.
In a free America, we wouldn’t need laws like the CFAA at all since they limit more than protect.
Edited by Madison Ruppert

No comments:

Post a Comment