backtop


Print 53 comment(s) - last by ebakke.. on Jun 28 at 3:27 PM

Tragedy provided the momentum to

A new bill has been introduced in the House and Senate dubbed "Aaron's Law", which looks to reform the badly outdated and ambiguous Computer Fraud and Abuse Act of 1986 (18 USC § 1030).  So who is Aaron and why is a law being named after him?  The answer traces back to a tragic event that occurred early this year.

I. A Tragic Loss Leads to Reform

Aaron Swartz, a Reddit co-founder and co-developer of the RSS standard, committed suicide this January leaving behind a complex legacy of success and controversy.  While amassing enough money to live comfortably following the sale of Reddit to Conde Nast, Mr. Swartz became an ardent activist.  

In 2011 while visiting the Massachusetts Institute of Technology (MIT) he downloaded a 4.8 million scholarly journal articles from JSTOR -- a subscription only distribution service.  The authors made no money off the publication, he figured. It all went to the publishers.  Further, the research was paid for with taxpayer money.  So he boldly offered up the articles online.
JSTOR logos
And he paid for it.  Federal prosecutors, aided by MIT administrators, hit him with numerous CFAA charges with a maximum penalty of $1M USD and 35 years in prison.  As the feds piled on more charges (nine additional counts in Sept. 2012 alone), Mr. Swartz allegedly grew despondent, and ultimately chose to hang himself.  His then-girlfriend found him at their shared Crown Heights, Brooklyn, New York apartment.

But his death set off a spark.  At his funeral at Central Avenue Synagogue in Highland Park, Illinois, his father Robert Swartz was unequivocal, stating, "[Aaron] was killed by the government, and MIT betrayed all of its basic principles."


Aaron Swartz
 
A media storm ensued.  Congress soon took up the issue.  And some feared -- like many Congressional inquiries -- the momentum would eventually die down.

II. "Aaron's Law" Looks to Clean up CFAA Mess

But ultimately two bills have emerged from the tragedy -- the second of which was introduced today.

One man standing firmly behind both bills is Sen. Ron Wyden (D-Ore.) -- a man who might have more in common with social libertarians like Rep. Ron Paul (R-Tex.) than his Democratic colleagues, when it comes to civil rights.  But the credit for "Aaron's Law" goes primarily to its author, Rep. Zoe Lofgren (D-Calif.).

The bill points out that the language of the CFAA "invites abuse" in that it makes it hard to differentiate between law-abiding users and criminals.  For example the CFAA makes it a felony to "access a computer without authorization or exceed authorized access" -- while failing to define exactly what that blob of tech jargon means.

Ethernet Cables
"Aaron's Law" finally clarifies "authorized access" from a technical standpoint.
[Image Source: Boot Click]

That ambiguity has made it the favorite tool of zealous district prosecutors; after all, almost any action using a digital device could be construed as "exceeding the authorized access".  Further the law allows for redundant charges within the bill itself, and allows these charges to be piled atop state statutes -- which was what happened in Mr. Swartz's case.

The proposed bill does the following:
  1. Prevents redundant charges within the bill itself
  2. Prevents federal charges that overlap state charges.
  3. Allows flexibility to downgrade charges to a non-felony.
  4. Explain what "exceeding authorized access" means.
The final amendment is particularly important.  The bill -- at last -- offers a quasi-technical definition of access, writing:

(A) to obtain information on a protected computer;
(B) that the accesser lacks authorization to obtain; and
(C) by knowingly circumventing one or more technological or physical measures that are designed to exclude or prevent unauthorized ndividuals from obtaining that information.

In other words all manner of attacks on systems protected by cryptography would be considered a crime.  But data dumps on open interfaces -- such as imprisoned computer specialist Andrew "weev" Auernheimer's scraping of openly accessible online ID data for Apple, Inc. (AAPL) iPads or Mr. Swartz's data dump -- would arguably not qualify.  Of course such actions could still violate state criminal or civil statutes, but at a federal level, at least, a "locked door" analogy would be adopted when it comes to access.

Sen. Wyden and Rep. Lofgren write in a Wired op-ed that critics of the bill are ignorant to the fact that other laws already protect companies and institutions against the unauthorized distribution of proprietary information.  They write:

Other critics may argue that Aaron’s Law reforms remove one specific scenario from CFAA: an authorized individual using their own authorization (such as password credentials) to access and use information in unauthorized ways. Although we do not wish to create any new vulnerabilities, the overbroad approach currently taken by the CFAA potentially criminalizes millions of Americans for common Internet activity. Moreover, numerous laws like Theft of Trade Secrets, the Privacy Act, copyright law, the Stored Communications Act, wire fraud, and HIPAA already criminalize misuse of information.

The pair did say that they were open to suggestions by businesses on that topic of tweaking the language to fairly punish the theft of insider secrets.

Sen. Wyden
The bills have the backing of Sen. Ron Wyden (left). [Image Source: Kevin Krejci]

The cost of inaction is too high, they conclude, writing:

The consequences of inaction are all too clear. We live in an age where people connect globally by simply touching a device in the palm of their hand, empowered by online advances that have enriched the world scientifically, culturally, and economically.

But ill-conceived computer crime laws can undermine this progress if they entrap more and more people — simply for creative uses of the technology that increasingly mediates our everyday activities and our interactions with the world. This not only fails us today, it can also become an obstacle to the innovations of tomorrow.

The second pending bill was already introduced back in February, dubbed The Fair Access to Science and Technology Research Act (FASTR).  Sponsored by Sen. Wyden, Sen. John Cornyn (R-Tex.), and Rep. Lofgren (among others), this law is nicknamed "The Other Aaron's Law".  Its primary purpose would be to force taxpayer-funded research to be released to the public .

Sources: Aaron's Law (PDF), The Fair Access to Science and Technology Research Act (FASTR) [PDF], Sen. Wyden, Rep. Lofgren on Wired



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: Millenials
By Ammohunt on 6/24/2013 3:17:11 PM , Rating: 2
quote:
You're an idiot.


Nice debate skills there son. Shades of grey..learn something then get back to me.

quote:
Think about what you just said on a different level. Currently you see things in black and white. What if it isn't? Because this NSA spying scandal is anything but ordinary.


Never once did i say there was nothing of concern with what the NSA was doing. What i did imply was that they have done nothing illegal based on the Government we elected into place that created the NSA prism project. You among others are two faced by standing on the side lines and complaining about something you willfully participated in creating! It was all indirectly derived from us and our choices in government.

Gathering intelligence in order to determine potential threats does not fall under unreasonable search and seizure of personal effects. The obvious reason for such seizures was the protection of the republic and its people; the motivations were and are just.

Since we cannot racially profile like other countries do perhaps you have a better way of securing this republic? by all means please speak up and offer a replacement to the Patriot act which survived two administrations and even enhanced by the second one. Why is that? nefarious evil government wanting to enslave millions of armed Americans...listen to yourself. You are among the same type of people that think the Rosenbergs were heroes too.

quote:
It's easy to say you are free when you don't have your freedom forcibly taken away from you.


I have a gun cabinet full of reasons why my freedom will never be forcibly taken away from me; that you can bank on.

quote:
Your government is busy chipping away your freedoms under the excuse of "national security". What have you ever received in return? Nothing.


Has their been another 911 style attack? somethings working wonder what it is.


RE: Millenials
By ven1ger on 6/24/2013 3:26:28 PM , Rating: 2
So, in that respect if the Government was to ban guns, then you'd respectably give up your guns, right? I mean you are a law-abiding citizen and if the duly elected government officials voted to ban guns, then you'd have to give them up.


RE: Millenials
By Ammohunt on 6/24/2013 3:37:21 PM , Rating: 2
You attempting an argument? *Hint: The point of debate is the word unreasonable in the 4th amendment. Their is no such interpretation in the second amendment. Hence you are arguing apples and oranges try harder!


RE: Millenials
By ritualm on 6/24/2013 4:35:07 PM , Rating: 1
quote:
Shades of grey..learn something then get back to me.

You're not learning what you preach. Shades of grey? You're viewing things in black and white. Epic fail.
quote:
What i did imply was that they have done nothing illegal based on the Government we elected into place that created the NSA prism project.

You just described tyranny right there.

The USG isn't interested in protecting you from harm. In fact, the USG doesn't give a rat's ass if you die tomorrow as long as it knows you agree that this warrantless spying is legal, even if it's ethically and morally wrong.
quote:
Gathering intelligence in order to determine potential threats does not fall under unreasonable search and seizure of personal effects.

Yep, and look what happened to the hours before the Boston Marathon Bombing. They knew it's going to happen. The Russians even warned them about it. They did nothing. They just let the whole thing blow up and clean the mess afterwards.

Gathering intelligence on potential threats? Bullsh1t. What potential threats? Every attempt of chipping away our freedoms and liberties were done under the excuse of "national security", dumbass. You accuse us for being blind and oblivious to the reality, when you're the one with your head stuffed up your ass.
quote:
Since we cannot racially profile like other countries do perhaps you have a better way of securing this republic?

Then start racial profiling. What's racist about it? The MSM is clearly underreporting black on white violence and self-censoring themselves over them because doing so will make them look like racists.

"Land of the Free" ceased to exist the moment Patriot Act was signed into law, that's your answer.
quote:
I have a gun cabinet full of reasons why my freedom will never be forcibly taken away from me; that you can bank on.

You're not actively using them to protect your freedoms and liberties from being taken away, bit by bit, by the government and its power-thirsty cronies. Yep, a toothless tiger.

What the NSA and the Obama Administration were doing is illegal. You're too dense and ignorant to see the treachery of the folks you elected into office. The congressman you voted in? He represents the interests of corporations, not you. Get a hint.


RE: Millenials
By Ammohunt on 6/24/2013 5:06:01 PM , Rating: 2
quote:
Yep, and look what happened to the hours before the Boston Marathon Bombing. They knew it's going to happen. The Russians even warned them about it. They did nothing. They just let the whole thing blow up and clean the mess afterwards.


Wow! tin foil hat much? come on man get a grip.


RE: Millenials
By ritualm on 6/24/2013 6:34:57 PM , Rating: 2
You personally claim the NSA is not doing anything illegal because you believe they will never abuse the wide-ranging powers they have received over the past decade.

So unwise.

They'll go after you and not even your own firearms vault will save you from death at the hands of your government "friends".


RE: Millenials
By Ammohunt on 6/24/2013 7:28:59 PM , Rating: 2
Please enlighten me of the crimes the NSA has commited and are currently under indictment for?


RE: Millenials
By 3DoubleD on 6/24/2013 4:58:21 PM , Rating: 2
quote:
Has their been another 911 style attack? somethings working wonder what it is.


Two things about that statement.

1) You have absolutely zero proof that anything the NSA did or anything that the US government has done since 9/11 has prevented a repeat occurrence on a similar scale.

To answer this question you would need to answer the following questions: has anyone planned such an attack? Has anyone been capable of executing such an attack? How close to executing the attack did they come? What prevented them from executing the attack? Was it prevented by the NSA program?

I'm sure you'd have a damn hard time answer those questions for the time between 2001 and 2013, since almost all intelligence activity is classified.

The idea of "it's for your protection" is a terrible excuse when they keep what they are protecting American's from as top secret. In some regards the whole thing reminds me of 1984 where they are constantly at war, but the war is just an unwinnable facade to maintain control - an overused, but chilling parallel.

If you think about it in that regard, the entire fight against terrorism has been preposterous. This is about as silly as a guy walking into a village and saying he's a wizard and will protect the inhabitants from evil spirits (you could also replace wizard with priest if you'd like). Either way, if you choose to believe that A) there are evil spirits and B) he can defend against them with absolutely no proof and fund him to to it, you would be exercising poor judgement.

Under the guise of it being top secret, this whole thing is ridiculous. If the fight against terrorism is to be anything but a farce, it would need to be a hell of a lot more transparent and when that is not possible be subject to way more oversight.

2) Regardless if they are actually protecting you or not, it is still wrong and against the 4th amendment. It also highlights the complete lack of legitimate oversight and exposes the untrustworthiness of these agencies.

Now, since you claim that they are protecting American lives, let's just look at whether this is a good way for the government to do so:

32,367 people died in road accidents in the US in 2011. That works out to 100 deaths in 1 million. Deaths due to terrorism in the US since 1985 works out to 0.44 deaths in 1 million. To emphasize, road deaths are per year and terrorism deaths are since 1985.

If they had spent TRILLIONS of dollars on automated car technology instead of: unnecessary wars; killing hundreds of thousands of innocent people; violating human rights; pissing on due process and the American Constitution; building yottobyte scale infrastructure to analyze and spy on data that includes Americans and their allies; and in general creating more animosity towards Americans than ever before... then we would have save up to 30,000 innocent lives per year in the US alone! (not including the lives of those people that were bombed or shot to hell for no reason in the aforementioned useless conflicts)

We also would no longer have to drive, get where we want to go faster, not have to park, never sit in traffic.......

Alternatively, that money could have been spent a number of other ways... such as education, infrastructure development, healthcare, research (pick your favorite topic) - all both at home and in developing countries. All would have increased the quality and longevity of peoples lives, creating goodwill towards the US, which in turn would have decreased the number of people who hate it enough to go to the trouble of terrorising it. Perhaps over simplistic and/or optimistic, but certainly 100% better than the way "war against terror" money has been spent thus far.


RE: Millenials
By Ammohunt on 6/24/2013 5:27:08 PM , Rating: 2
quote:
To answer this question you would need to answer the following questions: has anyone planned such an attack? Has anyone been capable of executing such an attack? How close to executing the attack did they come? What prevented them from executing the attack? Was it prevented by the NSA program? I'm sure you'd have a damn hard time answer those questions for the time between 2001 and 2013, since almost all intelligence activity is classified.


And i am glad of it! because in order to find out that information you have to give away methods and capability to any potential enemy!

Frankly if you want those answers for your own piece of mind suit up get your clearance and go work for the NSA! hey you can be an evil civilian to back up evil government programs(its obvious to me that the civilians are the weakest link here).

On a side note ask yourself why else would they collect this information? if they were truly evil do ya think the NSA would need legislation to spy on you? so far i have heard because they (the evil government) wants to create an Orwellian surveillance state...to what ends? Soviet Era citizen spying was unique to the culture and the paranoid government at the time it was used to suppress overall discontent with the state and is part and parcel to authoritarian rule. You think the soviets waited for the approval of the proletariat to start surveillance programs analogous to the NSA with the patriot act?

Seriously people need to think rather than just emote the meme of the day.


RE: Millenials
By ritualm on 6/24/2013 6:58:26 PM , Rating: 2
quote:
And i am glad of it! because in order to find out that information you have to give away methods and capability to any potential enemy!

Frankly if you want those answers for your own piece of mind suit up get your clearance and go work for the NSA! hey you can be an evil civilian to back up evil government programs(its obvious to me that the civilians are the weakest link here).

On a side note ask yourself why else would they collect this information? if they were truly evil do ya think the NSA would need legislation to spy on you? so far i have heard because they (the evil government) wants to create an Orwellian surveillance state...to what ends? Soviet Era citizen spying was unique to the culture and the paranoid government at the time it was used to suppress overall discontent with the state and is part and parcel to authoritarian rule. You think the soviets waited for the approval of the proletariat to start surveillance programs analogous to the NSA with the patriot act?

Seriously people need to think rather than just emote the meme of the day.

Pray tell what intelligence gathering done by the NSA of late had anything to do with the War on Terror?

"why else would they collect this information?" If you won't answer this question yourself, why bother asking the rest of us what our answers were so you can call us insane? Fact: your country refuses to come clean over this scandal, and you cling onto this supposed belief that anyone who leaks details over domestic warrantless surveillance deserves to be prosecuted.

In other words, you believe the rest of the world is conspiring against you. And they are, because you see nothing wrong in actively breaching their trust when it's most politically convenient. Now the wolf's coming home to the roost and there is nothing you can do about it.
quote:
Originally posted by Fern (Anandtech forums super moderator):

We just got caught spying on the entire world - and I'm referring here to spying on regular citizens (ethically if not legally violating their right to privacy) - and going into full 'bully mode' makes us look even worse.

Russia? We don't even have an extradition treaty with Russia. We didn't want one and I think that's the right call. Trying to bully Putin just reveals our impotence. Probably gives him a good giggle too. We need to drop the 'bully crap' with them, it makes us look stupid.

I also think there are many out there who, based on current evidence, are getting downright hysterical in there claims that Snowden is some kind of major spy, a traitor about to give up all kinds of damaging info on the US. Some are borderline apocalyptic in their predictions etc. How about chilling on that crap? Even it was true we look absolutely desperate etc. And maybe we shouldn't be alienating Snowden so much. It validates his fear of the US govt, and I think, makes him more sympathetic to people.

And our intelligence service looks not only malevolent and stupid, but utterly incompetent. One low level who doesn't even work for the US govt bring down multi billion $ intel infrastructure?

Your evangelical support of the US government against Snowden is thoroughly disgusting and devoid of YOUR own morals and values. Don't try to lecture us over how you are right and we are wrong, kid, because you're shouting at us from inside an elephant and that elephant is bleeding to death.


"I mean, if you wanna break down someone's door, why don't you start with AT&T, for God sakes? They make your amazing phone unusable as a phone!" -- Jon Stewart on Apple and the iPhone














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki