Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.
http://business.time.com/2013/03/19/u-s-hacker-crackdown-sparks-debate-over-computer-fraud-law/
U.S. ‘HACKER’ CRACKDOWN SPARKS    DEBATE OVER COMPUTER-FRAUD LAW         In June 2010, Andrew Auernheimer, a well-known In...
Auernheimer‟s case is just the latest involving the CFAA amidwhat appears to be an intensifying federal crackdown against ...
Swartz was “killed by the government,” his father told mourners at hisson‟s funeral. The case has became a cause célèbre a...
What ties them together is the government‟s use of the CFAA, alaw that critics say is too vague, overly broad and allows p...
“It bans „unauthorized access‟ of computers, but no one reallyknows what those words mean … Over the years, the punishment...
“It looks like the government used the vague wording of thoselaws to claim that violating an online service‟s user agreeme...
Nächste SlideShare
Wird geladen in …5
×

U.s. ‘hacker’ crackdown sparks debate over computer fraud law

177 Aufrufe

Veröffentlicht am

hass associates
http://business.time.com/2013/03/19/u-s-hacker-crackdown-sparks-debate-over-computer-fraud-law/
In June 2010, Andrew Auernheimer, a well-known Internet-security expert, discovered a gaping hole in AT&T’s website that exposed 114,000 e-mail addresses belonging to the wireless giant’s Apple iPad customers. After a colleague downloaded the data, Auernheimer passed the information to a journalist at Gawker. The episode was a major embarrassment for AT&T because the list included thousands of high-profile individuals, including New York City Mayor Michael Bloomberg and then White House chief of staff Rahm Emanuel. AT&T quickly patched the hole. The FBI promptly launched an investigation, and in November, Auernheimer was convicted of two felony counts under the Computer Fraud and Abuse Act (CFAA), a 1980s-era law originally designed to punish and deter intrusions into government and financial-industry computer systems. His colleague Daniel Spitler pleaded guilty last year. On Monday, Auernheimer, 27, was sentenced to 41 months in prison and ordered to pay $73,000 in restitution to AT&T. He has vowed to appeal. Auernheimer’s case is just the latest involving the CFAA amid what appears to be an intensifying federal crackdown against so-called hackers. The CFAA makes it a federal crime to “access a computer without authorization or exceed authorized access.” Critics say the law has been twisted by U.S. prosecutors to bully and intimidate security researchers, journalists and activists with extremely harsh federal prison sentences. Earlier this month, Reuters journalist Matthew Keys, 26, was indicted on CFAA felony charges alleging that he provided a hacker with log-in credentials to access the Los Angeles Times website, which was then vandalized. Keys faces 25 years in prison and a $500,000 fine. The CFAA was also used to prosecute Aaron Swartz, the 26-year-old programmer who killed himself earlier this year. Swartz had been charged with accessing a server at the Massachusetts Institute of Technology and downloading too many articles from the subscription-based academic research service JSTOR.

Veröffentlicht in: News & Politik
  • excellent article , covers a lot of ground i’ve found a great article. thanks.
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier

U.s. ‘hacker’ crackdown sparks debate over computer fraud law

  1. 1. http://business.time.com/2013/03/19/u-s-hacker-crackdown-sparks-debate-over-computer-fraud-law/
  2. 2. U.S. ‘HACKER’ CRACKDOWN SPARKS DEBATE OVER COMPUTER-FRAUD LAW In June 2010, Andrew Auernheimer, a well-known Internet-securityexpert, discovered a gaping hole in AT&T‟s website that exposed 114,000e-mail addresses belonging to the wireless giant‟s Apple iPad customers.After a colleague downloaded the data, Auernheimer passed the informationto a journalist at Gawker. The episode was a major embarrassment forAT&T because the list included thousands of high-profile individuals,including New York City Mayor Michael Bloomberg and then White Housechief of staff Rahm Emanuel. AT&T quickly patched the hole. The FBIpromptly launched an investigation, and in November, Auernheimer wasconvicted of two felony counts under the Computer Fraud and Abuse Act(CFAA), a 1980s-era law originally designed to punish and deter intrusionsinto government and financial-industry computer systems. His colleagueDaniel Spitler pleaded guilty last year. On Monday, Auernheimer, 27, wassentenced to 41 months in prison and ordered to pay $73,000 in restitution toAT&T. He has vowed to appeal.
  3. 3. Auernheimer‟s case is just the latest involving the CFAA amidwhat appears to be an intensifying federal crackdown against so-calledhackers. The CFAA makes it a federal crime to “access a computerwithout authorization or exceed authorized access.” Critics say the law hasbeen twisted by U.S. prosecutors to bully and intimidate securityresearchers, journalists and activists with extremely harsh federal prisonsentences. Earlier this month, Reuters journalist Matthew Keys, 26, wasindicted on CFAA felony charges alleging that he provided a hacker withlog-in credentials to access the Los Angeles Times website, which wasthen vandalized. Keys faces 25 years in prison and a $500,000 fine. TheCFAA was also used to prosecute Aaron Swartz, the 26-year-oldprogrammer who killed himself earlier this year. Swartz had been chargedwith accessing a server at the Massachusetts Institute of Technology anddownloading too many articles from the subscription-based academicresearch service JSTOR. Swartz faced up to 35 years in prison and a $1million fine. In the wake of Swartz‟s suicide, his family and friendsaccused federal prosecutors of using the CFAA to harass and intimidatethe young activist.
  4. 4. Swartz was “killed by the government,” his father told mourners at hisson‟s funeral. The case has became a cause célèbre among Internetactivists and has prompted a prominent U.S. lawmaker, CaliforniaDemocrat Zoe Lofgren, to introduce a bill called Aaron‟s Law to reformthe CFAA. Thus far, many of Lofgren‟s House colleagues haveexpressed little enthusiasm for reforming the CFAA, a law supported bymany big tech companies including database giant Oracle, which has anunderstandable interest in data security. The U.S. has brought over 500CFAA criminal cases over the past several years, according to Reuters.In fact, the Justice Department wants to expand the law, RichardDowning, deputy section chief for computer crime and intellectualproperty, told Congress in November, according to Reuters. EachCFAA case cited above is different. Auernheimer (also known asWeev) maintained that his actions were driven by a desire to highlightsecurity lapses in AT&T‟s systems. Swartz believed deeply thatacademic information should be made available to the public. AndKeys‟ alleged conduct appears to be little more than a juvenile prank.
  5. 5. What ties them together is the government‟s use of the CFAA, alaw that critics say is too vague, overly broad and allows prosecutors totreat terms-of-service violations as malicious criminal hacking. Criticsalso say the law allows the government to seek wildly disproportionatesentences for victimless crimes, often to send a message to other would-be “hackers.” For example, as CNET‟s Declan McCullagh observed, ifKeys had allowed vandals to access the Los Angeles Times printing pressin order to modify a headline, he might have faced a few months in jail orprobation for violating misdemeanor California trespass or maliciousmischief laws. He would not have faced 25 years in federal prison onfelony charges. To be sure, it‟s highly unlikely that if convicted Keys willgo to prison for 25 years, but critics of the CFAA say the law allowsfederal prosecutors to hang draconian sentences over the head ofdefendants in order to pressure them into plea agreements that will brandthem as felons for the rest of their life. “The Computer Fraud and AbuseAct is the most outrageous criminal law you‟ve never heard of,”Columbia Law School professor Tim Wu wrote in the New Yorker thisweek.
  6. 6. “It bans „unauthorized access‟ of computers, but no one reallyknows what those words mean … Over the years, the punishments forbreaking the law have grown increasingly severe — it can now put peoplein prison for decades for actions that cause no real economic or physicalharm. It is, in short, a nightmare for a country that calls itself free.” TheCFAA was enacted in 1984, well before the Internet became theubiquitous commercial and communication medium it is today. The lawwas designed to punish and deter attempts to break into sensitivegovernment computer systems like NORAD (à la WarGames), as well asfinancial institutions like banks. In the years since, the CFAA has beenrepeatedly broadened by amendment, in one case to include so-calledprotected computers. But the courts are divided about how the law shouldbe applied, and in April, a federal judge rejected prosecutors‟ use of thelaw as too broad, saying it could potentially criminalize millions ofAmericans. Lofgren says Aaron‟s Law is designed to prevent whathappened to Swartz from happening to other Internet users. “Thegovernment was able to bring such disproportionate charges against Aaronbecause of the broad scope of the Computer Fraud and Abuse Act and thewire-fraud statute,” Lofgren wrote recently.
  7. 7. “It looks like the government used the vague wording of thoselaws to claim that violating an online service‟s user agreement or terms ofservice is a violation of the CFAA and the wire-fraud statute.”Prosecutors in the Auernheimer case defended their decision to take thecase to trial. “What did the 114,000 iPad users do that was so wrong, tohave their personal information exposed to Gawker?” asked assistant U.S.Attorney Zach Intrater, in comments cited by the Associated Press. “Hecould have contacted AT&T and let them know what was wrong, andthey could have patched the hole and then the defendant could havepublished and got his reputation.” In the wake of Auernheimer‟ssentencing, the Electronic Frontier Foundation (EFF) has joined his legalteam to litigate his appeal and will argue that “fundamental problems”with the CFAA result in unfair prison sentences. “Weev is facing morethan three years in prison because he pointed out that a company failed toprotect its users‟ data, even though his actions didn‟t harm anyone,”Marcia Hofmann, EFF senior staff attorney, said in a statement onMonday. “The punishments for computer crimes are seriously off-kilter,and Congress needs to fix them.”

×