So, why didn’t they just say “every computer” instead of coming up with a complicated description of something that sounds very much like a limited subset of “every computer”?
I thinkit was written in a way that doesn’t make sense given the modern internet.
That clause says “accessing info from a protected computer”. so wouldn’t my rule breaking post need to access information somehow?
Probably not as important as the details of the law. Have you looked at it?
IANAL, but it seems pretty obvious that “calling people names on the SDMB” is in no way covered by it. There’s seven sections:
Section 1 concerns “information that has been determined by the United States Government pursuant to an Executive order or statute to require protection against unauthorized disclosure for reasons of national defense or foreign relations, or any restricted data, as defined in paragraph y. of section 11 of the Atomic Energy Act of 1954, with reason to believe that such information so obtained could be used to the injury of the United States.”
So, if you were a moderator on this board, and used your moderator privileges to access the SDMB database on nuclear bomb schematics and then sell them to Pakistan, this law would apply.
Section 2 talks abut exceeding your authority to obtain “information contained in a financial record of a financial institution,” “information from any department or agency of the United States,” or “information from any protected computer.” That last one sounds kinda broad, but in context, I’m pretty sure it means that if you hack my desktop PC, and find that .txt file I keep entitled “Passwords to all my bank accounts,” you can’t skip out on jail by pointing out that my personal PC is not a bank PC or a government PC.
Regardless, posting “Fuck you” in MPSIMS isn’t about you receiving any sort of information, so this part of the law is not applicable.
Section 3 is about accessing “any nonpublic computer of a department or agency of the United States” specifically without authorization. Basically, if you hack a government computer, they can charge you, even if you didn’t do anything after you got in. The SDMB is not the government, and you’re asking about exceeding authorization, not accessing something without any authorization at all.
Section 4 is about using access to commit fraud in excess of $5,000
Section 5 is about uploading virus or deliberately damaging the software so it doesn’t function properly.
I don’t entirely understand what Section 6 is saying, but again, it’s talking about fraud, not shit posting. So you’re still clear.
Section 7 is about extortion.
So, it seems pretty clear that nothing you could do, as a poster on the SDMB, could put you in the wrong with this law - and virtually nothing you could do as a moderator or administrator would, either.
Section 2. Protected computer. See my very last post.
Because the feds still pretend they have limited powers. The commerce clause gives them a hook to regulate.
Read the entire post. When you write “fuck you” to someone on MPSIMS, what information are you receiving?
It might depend on the details of the user agreement. For example, my state agency’s policy allows incidental personal use of the computer network ( and phones) that doesn’t conflict with state business and that is isn’t otherwise prohibited ( for example, even though I am allowed to send/receive personal emails, I am not permitted to send/receive emails pertaining to a side business or second job). On the other hand, the agreements for various applications and databases typically say something like this
- You shall use this application only for purposes directly related to the conduct of official business and the application shall not be used for nonpublic purposes including, but not limited to, the pursuit of personal activities, the mass distribution of unsolicited messages (“spamming”), and the promotion of commercial ventures or religious or political causes;
which does not allow any personal use at all. So I am explicitly not permitted to run a license plate or a criminal history for any reason other than official business.
Certainly. I think it almost certainly is illegal under other laws about misusing government property, misusing one’s official position, bribery, or similar laws. The question is whether it’s also a computer crime based on unauthorized use, when one is an authorized user.
I think this is the key. What is unauthorized access?
If you are a member or guest of the SDMB, then whatever you post is not covered. Only if you hack into the system.
intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains—
(A) information contained in a financial record of a financial institution, or of a card issuer as defined in section 1602 (n) [1] of title 15, or contained in a file of a consumer reporting agency on a consumer, as such terms are defined in the Fair Credit Reporting Act (15 U.S.C. 1681 et seq.);
(B) information from any department or agency of the United States; or
(C) information from any protected computer;…
(4) knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value,
etc etc etc.
It is not simply exceeding your authorization. The cop fell under several sections, none of which are applicable here. IANAL, etc.
However, is it the intent of the OP that this thread be about the SDMB or about the cop etc?
You might want to check out post 23, which also went over the text of the law.
Then check out post 24 to see how much good pointing out what the law actually says does.
Yes, I know. Your post was better than mine. I was replying to the OP, and i should have read all the way down.
Still, maybe saying it again might have some effect.
The CFAA is a bad law, and it has been used and abused by prosecutors and companies to go after people they don’t like. There’s almost too many examples to list, so here is a search at techdirt. (Most of the front page of that search are recent news of courts and law makers pushing back against the CFAA, including on the case in the OP, but those stories often link to older stories about abuse of the CFAA.)
The law is used to turn violations of private terms of service into criminal offenses.
I see some people arguing for what they think the law should say, or a reasonable thing for the law to say, but unfortunately what it says is neither reasonable nor fair. It’s been used to go after people and companies for reporting security vulnerabilities, scraping publicly available information, or just upsetting the powers that be.
“posting things” =/ “access”
The board formats it and sends it to me and everyone else. I get the U beside my username and my guest status. Plenty of information is accessed as a result of that hypothetical post.
But you get that information no matter what you post. You get that information if you don’t post at all. You get that information if you’ve been specifically banned from posting to this message board. How are you going to get charged with unauthorized access to information that we give out, for free, to anyone who wanders by?
Didn’t we see a moderator get insta-banned a few years ago for doing some kind of stupid shit? Does anybody here remember?
Yes, Miller is right. The offense is for accessing information on the computer system, not for posting to it.
If there were some part of the SDMB only accessible to registered users, and someone who’d been banned made a sock to access it, that might be a better analogy about unauthorized use.
I think the law just doesn’t clearly address it. I’m not sure how the Supreme Court will construe the law, but I think Congress ought to decide how they want it to work, and spell that out, regardless of how the case is decided.
It seems like a different offense to me, if nothing else. An authorized user with the proper credentials doing something they aren’t allowed to do in the system is different from an unauthorized user accessing a system with, say, stolen credentials.
To make explicit (or nearly so) the federal government’s grounds for jurisdiction. One of the most common/easiest ways for the federal government to do that is to draw a line to interstate commerce, which the federal government has the explicit power to regulate under the Constitution. There is no similar enumeration for “every computer.”
This smacks of the homecoming queen issue. We all have telephones, and the right to use them, but not abusive overuse. Causing harm is a crime of its own, and abuse of the telephone is just one of the prosecutorial add-ons that adds up to the 16 years that the accused “could” face.
I see it as your authority to access information is limited not just by what you can access but the purpose for which you can access it, you are authorized to access that information for specific purposes, if you access it for any other purpose you are exceeding your authority