It really is worth reading the whole article. It cites real examples that show the above is far from unimaginable.
I am at a loss for words. With this in place surfing the internet would be a minefield. Want to visit World Net Daily? Then you have to sign up and promise you are a card-carry republican (or vice-versa with, say, HuffPo). Want to cite something on the SDMB? Better hope there is nothing in the small print that insists you copy absolutely nothing from their web site without permission.
The list is endless.
Of all the problems our country faces why the fuck are they even thinking about this?
Not to detract from the pitting of an ill-advised law, but the WSJ sure seems to have fallen into the Fox mold (mould?). I love the opening:
I remember when the paper had some shred of non-partisan integrity. I don’t read it, but I wonder if any of it is left.
I’d be interested in seeing the text of the law, or hearing how to distinguish between benign and malicious/criminal “gaining unauthorized access or use.” Given the level of integration of PCs in homes and businesses, there are lots of activities that IMHO should be punished at the felony level that used to have much lesser impacts.
Well, they’ve taken care of the job situation so what else is left for them to do? They’ll get around to renaming the last three post offices for Saint Ronnie next week.
I agree there is real fraud that should be prosecuted and have strong penalties but the article notes a few cases that are absurd having happened already and this would only make it worse.
The idea, as I understand it, is that the CFAA provides light penalties for computer abuse, including theft of credit cards and other serious crimes. One of the above articles gives the example of credit card fraud, which carries a 20-year sentence if commited through paper mail, but only 5 years if done online. The Obama Admin apparently wants to make computer criminals subject to RICO. The intent seem to be to throw stiffer penalties at organized computer criminals who engage in large-scale data theft or interference with infrastructure.
I am not a lawyer, but I can imagine that the CFAA is sometimes abused to prosecute minor infractions. I gather that the CFAA was really broadly written, and after all it is over 20 years old now, and lots of things have changed in the world of computers. So, I’m not discounting the possibility that the law can be stretched to cover stupid stuff, nor disputing that the law might need to be updated.
Having said that, the Kerr piece is fucking stupid. He provides the vaguest information about the Obama proposal (I had to Google it to find the source of his information) and about the cases he cites as examples of misuse of the law. A few links or some kind of citation would have been nice, dude. He completely fails to mention that the intent is to bring the punishment for computer crimes in line with the punishment for similar crimes committed in the paper world and instead fearmongers about the possibility that you could be jailed for lying to Facebook. While – again – I don’t dispute that the CFAA may need an overhaul to make it more clear what is and isn’t a real computer crime, this piece is pretty much unhinged. Until he gives me a little more to go on, I’m going to have to mark this down tentatively in the column of “partisan hackery”.
By the way, Kerr refers vaguely to a 2009 case in which “the Justice Department prosecuted a woman for violating the ‘terms of service’ of the social networking site MySpace.com. The woman had been part of a group that set up a MySpace profile using a fake picture.”
I think he is referring to the Megan Meier case (Suicide of Megan Meier - Wikipedia). The “fake picture” part of the story is really about the least important aspect. The MySpace profile was set up and used as part of a campaign of harassment against a teenager who ultimately committed suicide. While the profile surely included a “fake picture”, describing the case that way is a little, um, dishonest.
But we can cut Kerr some slack, right? I mean, he doesn’t have any special knowledge about that case, right? Oh, he was the lawyer for the defendant in the Meier case? Really? Huh. I’ll be damned.
Kerr refers vaguely to a 2010 case in which Justice prosecuted someone who “used a computer script to make … purchases” from Ticketmaster. Could he be referring to US vs Lowson? In that case, “[a] ring of ticket brokers has been indicted in connection to an elaborate hacking scheme that used bots and other fraudulent means to purchase more than 1 million tickets for concerts, sporting events and other events.”
So, the poor guy who just “used a script” to buy tickets was really a group of guys who set up a botnet, bought huge numbers of tickets, and scalped them.
This is probably the most disengenuous bullshit to appear in the WSJ since yesterday.
Huh…seems weird that the same fraud has differing penalties. Seems to me there should be a penalty for the fraud. Period. Perhaps an added penalty for using the US Postal Service to commit the crime and perhaps a different penalty for using the internet.
Beats me why they write the law as they do.
I found the following:
So, looks like it is still in limbo and we’ll have to wait and see. Hopefully, for once, our congresscritters will show a lick of sense here but I won’t hold my breath (although since this could easily nab them with such broad wording I can see them not going for it).
So, Kerr writes, “In another case, Justice has charged a defendant with violating workplace policies that limited use to legitimate company business. Prosecutors claimed that using the company’s computers for other reasons exceeded authorized access. The Ninth Circuit Court of Appeals recently agreed.” That is really, really vague (hey, how about a year or something, chief?), but I think he’s referring to US vs Nosal.
And what were the “other reasons” for which the defendant in that case was using his employer’s computers? Well, he and three accomplices were accessing the employer’s database, in violation of employee standards of conduct and posted warnings on the application itself, to steal trade secrets and other proprietary company data in order to set up a competing business. Basically, they used the computer system to steal from the company (Korn/Ferry International).
So… In three examples of innocent civilians caught up in CFAA abuse run amok, Kerr conveniently leaves out such minor details as: deliberate harassment leading to suicide, botnet-enabled ticket scalping totaling millions of dollars, and theft of trade secrets.
Orin Kerr, you are a lying piece of shit. You lie by omission, apparently deliberately, and I presume with the knowledge that few people will bother to look into your fucking lies. This is the kind of shit that gives lawyers a bad name. You are a discredit to your profession.
The WSJ should be ashamed of giving a forum to such a liar.
George Washington University should be ashamed of having such a liar on its faculty.
The bottom line is that the Wall Street Journal opinion pages are worthless for getting good information. They’ve been that way for quite a while. It’s pure partisan hackery, no better than getting your news from Glenn Beck.
This especially troublesome. RICO was established as a tool for organized crime busting. Just as the Patriot Act is said to have been far, far more productive of drug busts than terrorism cases, the government bends definitions to pre-determined ends.
Perhaps the RICO approach has outlived its usefulness. One has to ask :
Oh, I’m not necessarily defending the admin on this. Although…over the past few years there has been a real blurring of the distinction between old-fashioned organized crime groups and computer crime groups. You and I probably have similar concerns about laws getting bent to fit government needs, and I don’t know if RICO is the right tool for prosecuting organized computer criminals, but I’m not ready to dismiss the idea entirely yet (at least until I get around to reading more about it, which may be a while, because this whiskey isn’t going to drink itself).
Anyway, my main objection to the WSJ article is that it’s hysterical partisan fearmongering. Even if the Obama admin is completely in the wrong on this, Kerr is making his point by repeated lies of omission. Fuck that guy.
It’s clear that Orin Kerr intentionally misrepresented the scope and intent of these changes, and played down the key aspects of the only two pieces of actual supporting evidence he had (re: the Ticketmaster scalper and the Myspace suicide case). The federal government has a long history of creatively interpreting the letter of the law to put folks behind bars - Al Capone anyone? When the feds couldn’t pin drug-running, racketeering and murder on him, they nailed him for tax fraud, of all things.
In related news, I just created a Facebook page called “I’m Orin Kerr and I like to have hot, sweaty anal donkey sex” - I’m expecting the feds to come knocking down my door any minute now.
The problem is that Congress is generally stupid about technology of any kind (series of tubes, anyone?) and writes bad, overly-broad law as a result. That said, I agree that the WSJ article is a steaming pile of shit.
And the award for Overreaction of the Year goes to: Whack-A-Mole!
The award for Most Misleading Article Published by a Formerly Reputable News Source was presented to The Wall Street Jounal and Orin Kerr in a non-televised portion of this ceremony.
[non-pit-response]Given the fluidity of technology, the limitations of language, and the glacial pace of updating/revising legislation, how would you (the general you) write the law?
I am aware of the horror show that is The Wall Street Journal Opinion page. I missed that I was reading the Opinion page when reading that. My own fault and I am chagrined for having missed it and posting an alarmist thread here. I apologize for that. I should have done more legwork on my own first before posting.
I do, however, think this merits watching. It seems despite alarmist rhetoric that there is a kernel of worry here.
I am not prepared to give the government the ability to prosecute me for a felony because I mis-clicked when entering my birthday to view some adult content.
If you want to hope that the government won’t prosecute you for a felony for misrepresenting your age (or whatever) cuz they are just cool like that I’ve got a bridge to sell you.
From my later post it seems some congresscritters are trying to make sure such things do not happen but sounds like it is still in question.