Did Marco Rubio's Campaign Violate The CFAA? Will He Commit To Reforming It?
from the broken-law dept
We’ve talked a lot in the past few years about the desperate need to reform the CFAA — an absolutely horrible “anti-hacking” law that has been stretched and broadened and twisted by people over the years, such that it’s frequently used to “pile on” charges when nothing else will stick. If you want to go into a lot more detail, you can listen to the podcast we recently did about the CFAA, or listen to this wonderful podcast that Reply All did about the CFAA (where I also make a brief appearance). But one of the biggest problems with it is that it considers you to be a dangerous hacker if you access a computer/network “without authorization” or if you merely have “exceeded authorized access.” It’s that latter phrase that often causes trouble. What does it even mean? Historically, cases have been brought against employees who use their employer’s computers for non-work related things, against someone for supposedly failing to abide by MySpace’s terms of service and for downloading too many academic journals that were freely available for downloading on MIT’s campus network.
Keep that in mind as you read this Associated Press story about how Presidential candidate and current Florida Senator Marco Rubio’s “low-budget” Presidential campaign office got free internet access for a bit:
At one of the campaign’s Nevada offices, staffers tried to do their part to live up to the less is more mantra. After noticing a pizza place next to a campaign office had free wireless internet that required a password, a staffer walked over and bought two pieces of pizza and asked for the internet access code.
But the cost-cutting measure was short-lived. After about three weeks, the pizza place caught on and asked the Rubio team to stop.
It’s not at all difficult to see how that could be “exceeding authorized access” under the statute. After all, it’s pretty clear that the intent of the access is for customers while they’re in the restaurant. That seems to be confirmed by the fact that the pizza place asked the Rubio campaign to knock it off once it discovered what was going on. Now, for it to be a felony, there needs to be $5,000 worth of damage — but considering that in another recent case, the DOJ turned a single news article defacement (that lasted just 40 minutes) into a supposed $929,977 in damages, I’m sure some creative math can make the use of the WiFi into something greater than $5,000. You just need to argue that the congestion on the WiFi likely turned off customers who may not ever come back, and the value of those losses exceeds $5,000.
Now, Rubio hasn’t really been involved at all in the debate over the CFAA and reforming it. The only official “policy” line he has even closely related to it on his campaign issues page suggests he’d favor making the CFAA punishments even worse: “Use American power to respond harshly to international cyber attacks on American citizens, businesses, and governments.” Of course, that’s focused on foreign attacks, so may not apply directly.
Either way, this seems like something an enterprising political reporter might want to ask the Rubio campaign, seeing as they themselves may have potentially committed a felony under the current CFAA.
Filed Under: access, cfaa, cfaa reform, internet access, marco rubio
Comments on “Did Marco Rubio's Campaign Violate The CFAA? Will He Commit To Reforming It?”
… After about three weeks, the pizza place caught on and asked the Rubio team to stop…
Wonder if they had data caps, which is how they would’ve found this going on when they got surcharged.
The biggest Abuse surrounding the Computer Fraud and Abuse Act is the enforcement.
They only noticed after three weeks?
I would assume the data spike in week one would have tipped anyone looking at the stats off…
Of course the FBI would be able to come up with losses totaling greater than $5,000. The offense was happening in a restaurant after all (albeit not at the end of the Universe (I hope!)).
Bistro Mathematics comes into play, and almost any number, no matter how improbable, can be found.
For example: just imagine the number of customers who will stay away from that pizza place because of its connection to the Rubio campaign? That should total a couple of million people (at $1 per person even!) right there, with the poll numbers as obvious evidence.
Re: Bistromathics strikes!
I can only count 42, eh, something… Sorry, what was the question again?
I don't see this holding up
They asked for the code, and were given it. Unless they were specifically instructed to only use it in the restaurant, which is doubtful, or if they continued to use it after being asked to stop, there is no case for claiming that they exceeded authorized access.
Re: I don't see this holding up
I bet you are a lot of fun at parties. You probably pass around a hat asking for donations cause the keg is getting low followed by a quick get away. After all, you never actually said you intended to go get another keg did you?
Re: I don't see this holding up
You know the signs that say “wifi for customers”? you aren’t a customer forever. My local McDs has it clearly posted you get 30 minutes of usage with a purchase.
Rubio won't do the work to reform CFAA
Rubio won’t do the work to reform CFAA, in either direction, at least not as senator.
His campaign pretty much admitted a month ago that Rubio isn’t showing up for work as senator because he hates the job.
Re: Rubio won't do the work to reform CFAA
If anything I would expect him to make the CFAA worse. He’s already proven himself a supporter of the national security state. So it’s a good thing he’s not running for re-election to the Senate next year.
Damages seem easy enough
Without looking into the facts further, let’s just assume for argument’s sake that the wifi was used for exactly three weeks. Further, let’s assume that the typical patron who orders two slices finshes and leaves after 15 minutes.
3 weeks X 7 days in a week X 24 hours in a day X 4 quarter hours in an hour – 1 (because they paid for the first quarter hour) is 2015 quarter hours. If two slices is $2.49 or more, it’s over $5,000 that they should’ve been paying to get pizza at a rate of one pizza an hour for three weeks with complementary wifi.
Re: Damages seem easy enough
Even easier– just use a typical hotel wifi rate.
Of course not.
Laws are for the little people.
Re: Of course not.
Exactly. The CFAA won’t be enforced against the important people or big corps. That would just be crazy!
No crime here
I doubt there will be any reporter asking the Rubio campaign these kinds of questions simply because no reporter wants to be thrown off the campaign for asking the “wrong” questions.
And I doubt the pizza restaurant will push for charges since they’re getting free publicity for giving the campaign free wi-fi… not to mention the customers they’ll get when Rubio supporters come to visit.
So, even though the law can be stretched to say there was a crime, it’ll be hard to show anyone got hurt.
Seriously? They are filthy rich! Or perhaps they just didn’t like the 2 year contract terms the only ISP in town had on offer… how’s that free market choice working out for ya?
Re: How cheap...
Well it’s not his campaign that has all the money, but his SuperPAC.
they could have sold their privileged situation to
the wrong people: philantropists like Soros & Friends
to do man in the middle attacks to spy and sabotage the presidential campaign or just to document Rubio’s dirty deeds for future use…
They could have their own swiss charitable pizza foundation to promote the well being of mankind through the education and research on pizza sciences