Senator Leahy Tries To Sneak Through Plans To Make Merely Talking About Computer Hacking A Serious Crime
from the that's-not-good dept
You may have heard about the recent high-profile, malicious hack of Target’s point of sale systems, giving the attackers access to the details of at least 40 million credit cards. Senator Patrick Leahy is, incredibly cynically, using this news event to try to sneak through a change to the “anti-hacking” law, the CFAA, which was used to prosecute Aaron Swartz and many others. And it’s not a change to improve that law, but to broaden it, extending massively how the DOJ can charge just about anyone they want with serious computer crimes. This is monumentally bad, and Senator Leahy is trying to hide it behind a major news event because he knows he couldn’t get this kind of DOJ wishlist through without hiding it.
Officially, this is Leahy reintroducing his Personal Data Privacy and Security Act — a bill he’s tried to introduce a number of times before. The crux of that bill makes some sense: requiring companies that have had a security breach to inform those who were impacted. State laws (most notably, California’s) already include some similar requirements, but this is an attempt to create a federal law on that front. There are some reasonable concerns about such a law, but the general idea of better protecting the public from data breaches, by at least letting them know about it, is an idea worth considering.
The problem is that Leahy has inserted a couple of other dangerous bits and pieces into the bill, including a couple of “reforms” to the parts of the CFAA that have raised significant concerns, and burying them deep within this bill. Section 105 of the bill, for example, simply repeats the same change that the House Judiciary tried to include last year in an attempt at bad CFAA reform. It’s basically part of the DOJ’s wishlist, changing the CFAA to make you guilty of violating the law if you merely “conspire or attempt to commit” the offense, rather than if you actually do commit the offense. It may be difficult to understand if you just read the proposed bill (this is on purpose), but the bill says it wants to include the term “for the completed offense” so that the CFAA now reads:
Whoever conspires to commit or attempts to commit an offense under subsection (a) of this section shall be punished as provided for the completed offense in subsection (c) of this section.
Right now, the law does not include those four words. Why is that a big change? As we explained last year:
All they did was add the “for the completed offense,” to that sentence. That may seem like a minor change at first, but it would now mean that they can claim that anyone who talked about doing something (“conspires to commit”) that violates the CFAA shall now be punished the same as if they had “completed” the offense. And, considering just how broad the CFAA is, think about how ridiculous that might become.
While the proposed bill does include a further change that notes that merely violating a terms of service agreement does not make you subject to the CFAA, it’s not just the TOS issue that concerns so many people about the CFAA.
The CFAA needs to be greatly scaled back, not expanded, no matter what the DOJ wants. It’s ridiculous that Senator Leahy is not only proposing this, but then trying to hide it in this bill about security breach reporting, tying it to a news event.
Filed Under: aaron swartz, cfaa, conspiracy, criminal, data breach, patrick leahy
Companies: target
Comments on “Senator Leahy Tries To Sneak Through Plans To Make Merely Talking About Computer Hacking A Serious Crime”
This is insane, this would make something as simple as reading the JavaScript on a page that has to do with login or auth or using a tool like Fiddler to look at your own web traffic potentially illegal actions. Not to mention completely killing white and grey hat security research completely. That’s awesome, this is like taking all the guns away from law abiding folks, only the black hats will be able to research security holes and thus have the guns to exploit them.
Re: Re:
“Not to mention completely killing white and grey hat security research completely.”
That is likely his goal because in his tiny pea brain of a mind he likely thinks that if no one is looking for security holes then none will ever be found and exploited!
Re: Re:
I’m guilty then. I use GreaseMonkey. Therefore I’m guilty for violating this on my home pc. Of course then he would be guilty as well. “Hey, You have a trojan on your gov’t issued laptop!” Opps, forgot. You work for the gubbermint. You’re innocent.
Re: Re:
This could also cause problems with TPP is implemented, as it would be impossible to comply with any SOPA-type law without violating the CFAA.
When TPP comes in, I could see tech companies going to countries where they can comply with the new copyright laws, without risk of being prosecuted for hacking.
A web site, in, say, Mexico, could not be prosecuted for CFAA violations in the U.S.
Re: Re:
If simply discussing hacking is the same as actually doing it, then the DOJ would be unable to hold briefings or meetings internally to discuss hacking countermeasures without running afoul of the law…not that they’d ever hold themselves to the standards they apply to everyone else.
What a monumentally stupid idea introduced by a monumentally stupid Luddite.
So if Joe User is clicking around on his banking website one day and discovers – inadvertently or otherwise – a security hole big enough to drive a truck through, just pointing that security hole out to the bank will be a criminal offense on par with actually exploiting it. I mean, obviously that’s already happening in many cases, but to have such insanity codified into law means that there is no incentive whatsoever to inform the bank of the flaw.
Re: Re:
How did you come to this conclusion?
Re: Re: Re:
By telling the bank “I could easily steal millions of dollars from you, so could anyone else. You’ve got this big security flaw on your website that anyone can exploit, please fix it before someone victimizes you. [insert description of flaw]”
You’ve spoken about breaking into a website and stealing money from it. That’s now a crime.
(I’m not the same AC that posted the thing you’re responding to BTW)
Re: Re: Re: Re:
No, the bill above doesn’t say ‘Talking about it,’ thats Mikes interpretation.
Try again…
Re: Re: Re:2 Re:
“Whoever conspires to commit or attempts to commit an offense under subsection (a) of this section shall be punished as provided for the completed offense in subsection (c) of this section. “
If one is looking for security vulnerabilities, that is attempting.
If I find one by accident and report it that could easily be twisted into a conspiracy. “Your Honor this man wanted to embarrass the bank so he conspired to find security issues”
Re: Re: Re:2 Re:
look up how broadly the term ‘conspires’ is used in legal prosecution and you will find that merely talking about something illegal may be construed as ‘conspiring’.
Re: Re: Re:3 Re:
Oh, I know it. -it can be a grey area. But the bill does not say TALKING, and I don’t think it intends to. To me conspire is Talking with the intent to perform (or planning).
I like sensational headlines, but not when they are untrue.
I just hope mike avoids a yellow journalism approach here, that would cheapen the site and lower the effectivness.
Re: Re: Re:4 Re:
Security researchers do not operate in their own little bubble. If you find an exploitable weakness and discuss it with other researchers or knowledgeable people, and then later on do something to attract the DoJ’s attention, their history would indicate your discussions could quite easily be turned into ‘conspiring’ in order to threaten you with serious charges.
Remember, we’re not talking about common-sense interpretations here, but about how the laws can be and have been twisted by the DoJ for their own purposes, like making heavy-handed threats as part of a plea bargain.
Re: Re: Re:4 Sensational Headlines
This headline just knocked Tech Dirt down a few pegs in my opinion. It’s ridiculously misleading. Whoever wrote this should be ashamed, and Tech Dirt Editors should retract the headline.
Re: Re: Re:2 Re:
“The bill also includes the Obama administration?s proposal to update the Computer Fraud and Abuse Act, so that attempted computer hacking and conspiracy to commit computer hacking offenses are subject to the same criminal penalties, as the underlying offenses.”
— Quote from the letter
What that means is that informing them of the flaw could very well mean that the bank could accuse you of hacking. I.E. GeoHot was accused of hacking his Playstation 3, that he even bloody well owned, by Sony under CFAA.
Re: Re: Re:2 Re:
http://www.wired.com/opinion/2013/07/dont-hate-the-crime-hate-the-person-how-weevs-appeal-affects-all-of-us/
Read it and weep, jackn. Weep for all of us. Seriously, this is a bad law NOW.
We are all Weev.
Re: Re: Re: Re:
No. By telling the bank you could steal is not a crime.
The whole point of Leahy’s proposal is that crimes committed over the Internet are often carried about by organized groups of individuals. Each individual is contributing to the crime. When caught some individuals are able to make the case that even though their actions contributed or facilitated the crime; they not commit the charged top act.
For example someone could claim “I broke a window.”. Another person climbed through that window and robbed the premises. Both parties contributed to the crime.
Re: Re: Re:
As others have said, the legal definition of “conspiring” is broad enough to encompass simply talking about an act, despite your apparent belief to the contrary. In addition, the fact that people are already being prosecuted for this very thing* makes me think that specifically beefing up that part of the Act is intending exactly this.
*If you don’t know what cases I’m talking about here you’re not informed enough to even argue the point.
Re: Re: Re: Re:
You present a nice logical fallacy
Re: Re: Re:2 Re:
I think you’re misunderstanding what he’s saying.
You don’t need to agree with the conclusion he draws but if you don’t even know the cases generally used as relevant legal precedent in these situations then you’re not informed enough to argue legal matters.
This is an incredibly stupid move on behalf of Sen. Leahy. KI can foresee a lot more security holes going unpatched if this law passes.
“Conspire or attempt to commit….” is not the same as ‘Merely talking’ about something
lets not become businessidiots.com here
Re: Re:
But do you have the funds to fight it if someone decides to use the law in that manner?
The laws in the US have 2 faces now. One that is easy for the average person to see and understand, and another distorted face that serves a purpose that the people who wrote the law really wanted in their toolbelt.
Re: Re: Re:
The laws in the US have 2 faces now. One that is easy for the average person to see and understand, and another distorted face that serves a purpose that the people who wrote the law really wanted in their toolbelt.
Yes
Not really
> but it would now mean that they can claim that anyone who talked about doing something (“conspires to commit”) that violates the CFAA shall now be punished the same as if they had “completed” the offense
That’s a bit misleading. Merely talking about something isn’t the same as conspiring to do it. First of all, a conspiracy requires two or more people, so someone merely writing a blog post about computer hacking, for example, wouldn’t qualify. Second, conspiracy requires an “overt act in furtherance of the conspiracy” in order for it to be complete and prosecutable, so not only do you have to plan to commit the crime with other people, you also have to take an affirmative step toward implementing that plan. It’s not merely “talking about it” as the article states.
Re: Not really
After satisfying the first condition I would not be surprise if finding some dual use tools like nmap was sufficient to establish the overt act. That in conjunction with a clueless judge and DOJ FUD, it would probably do the trick.
It’s already happened with encryption software
http://news.cnet.com/Minnesota-court-takes-dim-view-of-encryption/2100-1030_3-5718978.html
Re: Not really
Are you sure? A blog post involves two people as soon as someone reads it. Commenting provides interaction, if that’s a requirement.
Yes, but that’s an incredibly low bar that is easily satisfied in most completely innocent circumstances. In the bank robbery planning incident I described in another comment here, that condition was satisfied by the fact that the “conspirators” had obtained the building plans for the bank.
If, as often happens in my workplace (a software security company), two developers are discussing how a particular exploit works then example code will certainly be exchanged, and probably written. That would probably satisfy the requirement as well.
Re: Re: Not really
even without a blog, conspiring does not require two people.
One can conspire all on their own.
Re: Re: Re: Not really
Re: Re: Not really
Re: Re: Re: Not really
You don’t necessarily need to be found guilty of such an act of conspiracy, you merely have to be threatened by these serious charges in order to make to take a plea deal. Techdirt and others have covered this tactic quite extensively. A law like this would give the DoJ the ability to make even scarier threats, and increase the chances of innocent people pleading guilty to a lesser offence to avoid the possibility, however unlikely, of being found guilty of a much more serious crime.
Re: Re: Not really
If they start prosecuting blogs for this, I could bloggers leaving the country. A blogger, for example, in Mexico, is not subject to U.S. laws.
Re: Re: Not really
When you said:
“If, as often happens in my workplace (a software security company), two developers are discussing how a particular exploit works then example code will certainly be exchanged, and probably written. That would probably satisfy the requirement as well.”
No. It does not satisfy that requirement. People discussing something in the workplace related to their legal employment would not qualify as conspirators to an illegal activity.
Re: Re: Re: Not really
What about when I engage in similar conversations with friends?
Re: Not really
I don’t know if it changes the definition of the crime. The problem is that the punishment for the more active forms of intent is now exactly the same as actually hacking. It is a sad society to live in if punishment for conspiracy to commit murder is the same as a first degree murder…
About the overt act, it seems that it can be ignored as a requirement in some cases like drug enforcement.
From the SCOTUS judgement in US vs Shabani:
The Court ruled: “…Congress intended to adopt the common law definition of conspiracy, which does not make the doing of any act other than the act of conspiring a condition of liability…”
Re: Re: Not really
Re: Re: Re: Not really
This is one definition from one section of one law. “Conspiracy” does not have a monolithic definition. And as far as the overt act goes, simply buying a notebook at a dollar store to keep track of the plan is and act toward effecting the object of the conspiracy, so neither adds nor subtracts substantially from the original view.
Re: Re: Re:2 Not really
Re: Not really
It’s all fun and games until you get sixty years for visiting http://www.hackthissite.org/ and putting your Hello World hacking skills to use.
Re: Not really
I am afriad they have the legal precdent for merely making talking about comething without doing it illetgal When Hal Turner was prosecuted for “threatening” federal judges, it shld be noted that he did not say he was going to kill those judges, nor did he tell anyone to. He just merely offered an opinion.
Under this CFAA change, making saying that someone deserves to have their computer hacked, without actually doing it, or telling someone to dot it, would also be a a criminal offence.
All "conspiracy to commit" laws are questionable
All such laws are highly questionable, and I strongly oppose any effort to add to them.
For a real-world example from a number of years ago, it’s a felony to get together with a few friends and plan a bank robbery — even if we have no intention whatsoever of actually committing the robbery. The people who did this not only didn’t commit a robbery, they very clearly engaged in the planning purely as an intellectual exercise.
This seems to be blatantly unconstitutional on free speech grounds alone.
I could (grudgingly) get behind “conspiracy to commit” charges as add-ons to a real crime that was actually committed, much like the hate speech laws, but that’s as far as it should go.
what IS NOT SAID.
For a few reasons, target does not say HOW(wireless, networked, Internet,???) that there system was taken advantage of..
THIS is important, and could tell us if Target was an IDIOT..
If they had a Fairly protected system, it would mean this is an INSIDE job.
IF they were like home depot(wireless system)(STUPID) then they needed better protection then they HAD.
If they allowed DIRECt access from an internet connection, then they are even more stupid.
Encryption is OK, but giving anyone direct access to the file ITSELF? means only a few people should have access.
for those that dont get it..LEts say you REALLY want to protect a file.
1) you can make it NOT listed in the files(invisible)
2) you have to know the NAME of the file.. as you cant see it.
3)password the file, NOT TO HARD and it can be built into the EDITING program that WORKS with the file.
4.)separate files..name file, Data files can be 2-3-4-5 parts, and you get 1, you dont get the others.
Re: what IS NOT SAID.
you can make it NOT listed in the files(invisible)
Because finding invisible/hidden files is such a hard thing to do?
Hiding files is a trick to keep ignorant people from seeing stuff… but it won’t even speed bump anyone good enough to hack a system.
Re: what IS NOT SAID.
“(wireless system)(STUPID)”
What makes wireless stupid?
Data is transmitted from point A to point B.
It is the job of point A and point B to:
1. Validate they are communicating with the real endpoint
2. Encrypt their communications to prevent eavesdropping
If the communicating parties are doing those two things then it does not matter if you are using wired, wireless, snail mail, smoke signals or whatever.
Fail at either of those things and you are vulnerable on a wired or wireless network.
Re: Re: what IS NOT SAID.
Wireless in general is not stupid, however it presents security problems that are not solved if you just use off-the-shelf consumer equipment without adding additional precautions (such as a VPN).
Wireless broadcasts all of your communications over radio, where it is easily listened to by anybody within range. Also, it’s like placing a network port on the outside of your house — anyone can plug into it.
The built-in, standard security measures (WPA) are insufficient against anybody of more skill than a script kiddie (and, these days not even against them).
It’s not stupid to use such equipment. It is naive and dangerous to use such equipment while believing that it is secure, unless you’ve taken additional steps to harden everything.
Re: what IS NOT SAID.
“1) you can make it NOT listed in the files(invisible)
2) you have to know the NAME of the file.. as you cant see it.”
You need smacked with a clue stick.
Hidden files are simply not shown by default, it is trivial to actually get a listing of ‘hidden’ files on any operating system.
http://windows.microsoft.com/en-us/windows/show-hidden-files#show-hidden-files=windows-vista
https://discussions.apple.com/thread/5483892?tstart=0
http://en.wikipedia.org/wiki/Hidden_file_and_hidden_directory
Re: Re: what IS NOT SAID.
By discussing how to find a ‘hidden file’ you have knowingly conspired to hack the super secret security system. Also having circumvented this ‘hidden file’ security device you have violated the DMCA.
Off to the MPAA re-education camp for you!
Re: what IS NOT SAID.
Only a few people should have access to the file? What use would the file have if no one could use it for sales, the reason it exists in the first place? EVERYONE needs access to the file by some method. When you lock people out too tightly, you also lock yourself in.
And as far as wired/wireless, it makes no difference whatever. It’s surprising that you actually think that it would. But then your suggested methods of supposedly hiding files are all well-known, sophomoric, and as easy to get around as turnstyles to jump over. You really need better security than something a 4th-grader could come up with.
I think this is a little bit beyond u.
It wasn’t said because it has nothing to do with anything.
Re: Re:
iT KINDA DOES..
If you leave your door open, and a thief walks ina nd steals things..IS HE, breaking and entering?
He may have entered, but you left it open..IS it hacking if they DONT protect themselves??
AS WELL AS THE WORD hacking isnt used properly..DID they hack anything? If it was an ADMIN, it wasnt a HACK.
Re: Re: Re:
No, sorry, nothing you have written has anything to do with security, hacking, computers, IT, and reality.
I can tell you are uninformed because of this sentence
password the file, NOT TO HARD and it can be built into the EDITING program that WORKS with the file
and others…
Re: Re: Re: Re:
Jackn, you have no clue what you’re talking about. Reading this comment and the ones before makes it quite clear that you don’t know anything about security or computers.
You can password protect individual files and have the editing software support the encryption. Adobe Acrobat does that, Microsoft Office does that, good database software can do that. Hell, Windows (pro and up) itself supports that.
Re: Re: Re:2 Re:
Hello Mister user,
The fact that you are mentioning acrobat, office, windows pro is f&8^%^4 stupid.
Don’t even bother me with you home software achievements.
the end
Re: Re: Re:3 Re:
Dear Jack..
Giving wireless access or internet Access to ROOT, BASe commands is a REAL sec. threat.
Giving Full control for any remote access should be forbidden..
How stupid do these people seem.
Any commercial business wishes to see Every transaction and Action done in the store. its the only way to protect themselves, and see WHO DID WHAT..and WHOM to blame.
If they did, even BASIC, security and tricks, the ONLY way to have full access to this file, is to KNOW the name of it and have the password to open it.
thats why information is important..HOW did they get the files.
IF they had basic sec. then it had to be someone with access.
ALSO, there are many ways to hide files. 1 uses control characters in the name, which will list the DIR, but the name is blank. it erases itself, and unless you have a HEX dump of the DIR you will NEVER see the name.
The OLD ways still work..HOw do you think we hacked int he OLD days..HEX editors RULE..
Re: Re: Re:4 Re:
What if the hacker just used dir /ah or ls -a.
Wait a minute, Im getting it. We could a hex editor, masm or debug to disable those parameters.
The should probably also use a SECURE font! You could use a hEX EDitor to change the font and make it unreadible.
Re: Re: Re:4 Re:
Or unless you boot the system from a Linux boot disk or USB stick, in which case you’ll see everything without having to resort to hex dumps.
Re: Re: Re:5 Re:
But if the BIOS is password protected and first boot is hard drive…
Re: Re: Re:6 Re:
hint: I know the answers.
1) [REDACTED]
2) Legally force the owner to provide password(s). (My favorite definition of ‘brute force’.)
Re: Re: Re:2 Re:
I possess programs that will crack the password locks on zip files, PDF files, Office files, and more in less than a second. Relying on those mechanisms to protect your data is as useful as locking your screen door.
Re: Re: Re:3 Re:
I wonder how target stored their detailed transaction data. Probably PDF or excel. I think that could handle 70 million records. Indexing is probably really slow though. Maybe they store their trans data in a zipped pdf. No wonder it takes so long for a credit card purchase to go through!
You guys are eye openers. Here i am in my CISSP world making things really difficult when all we need is a hex editior. I wonder if the PCI specs recoginze these methods as appropriate?
Re: Re: Re:4 Re:
PDF? Excel? Are you kidding me? I think I’m getting dizzy. And the DMV, too? And do you think that retrieving that data requires a search or something and that is why you mention the time?
There is a thing called a “database”. It is ofetn huge. Like the Windows registry. Access is immediate and direct to each piece of data – no search, no following some path to get to it, no change in access time regardless of size. Databases have been around quite a long time.
Re: Re: Re:5 Re:
Wow, no search. How does that work? How does it know what Im looking for? I should check into these ‘databases’ like the windows registry. I didn’t know the registry could hold 70 million records.
One question, for ‘databases,’ do I still need to put a control charactor in the filename? What about hiding the file, is this still required?
Thanks again for the 411
Re: Re: Re:6 Re:
Ok, jack, We can see you know more about this than some random window’s guys on the internet.
It was funny, but its getting old.
Re: Re: Re:4 Re:
Target, like anybody else that has a huge database they need to access quickly, stores their data in a DBMS, such as Access, MySQL, etc. Anything else wouldn’t be searchable in a useful way, would take forever to do transactions on, and couldn’t be used by thousands of users simultaneously.
Re: Re: Re:5 Re:
A winner.
But its probably DB2, MSSQL, or Oracle. Probably also involves some sort of queue like mq or the like.
All of those could have million of records and the correct indexs would make them plenty fast. Ive worked with 14 million in db2.
so
Not applicable to Target CC breach
Password protect the file
Hide the file
Office, Adobe, Access, windows pro
Windows registry
ZIP Files
Zip Password crackers
Hex editors
Applicable to the Target breech
Industrial Database
Authentication
Authorization
Encryption
Transport
Business Logic
Presentation Layer
“I’m going to hack Walmart!”
Does that mean I actually hacked Walmart? Cool.
These guys no nothing about computers. As an IT person I think I will write some laws the govern congress.
Seems legit
Hacking?
If I hack my mother inlaw to bits would I be charged under CFAA? Certainly the sentence would be greater then murder.
If Leahy can preemptively jail citizens can we as citizens preemptively impeach him?
Re: Re:
Re: Re: Re:
Anyone can be impeached, including members of congress. The hard part is showing that he is guilty and needs a possible sentence. Impeaching is easy.
Re: Re: Re: Re:
Re: Re: Re:2 Re:
They can be kicked out, though.
Re: Re:
There is nothing that prevents The People from voting for someone else.
It's basically part of the DOJ's wishlist, changing the CFAA to make you guilty of violating the law if you merely "conspire or attempt to commit" the offense, rather than if you actually do commit the offense.
It’s about time to change the name of the DOJ to DOI. Since Eric the Nazi took over as AG, the DOJ has been acting more like the Department of Injustice than the former.
Consider committing a crime, be punished as if you’d actually done the crime.
Just when you didn’t think America could get any more dystopian, the Senate is now voting on whether to start having people arrested for thoughtcrime.
Conspiracy
> Consider committing a crime, be punished
> as if you’d actually done the crime. Just
> when you didn’t think America could get any
> more dystopian, the Senate is now voting
> on whether to start having people arrested
> for thoughtcrime.
So many people in this thread are acting like this is something new. The conspiracy offense has been a part of federal law for a century or more. Just because it’s now being applied to computer/tech offenses doesn’t make it some novel attempt to create a dystopian nightmare.
Re: Conspiracy
There’s some truth to this. It’s like in Men In Black, where Agent J was shocked to learn that a spaceship was getting ready to destroy Earth, and Agent K told him that there’s ALWAYS something out there preparing to destroy Earth.
But that doesn’t mean you shouldn’t get angry and mobilize when you happen to hear about these things, or even stop talking about what could happen if you don’t remind the government who’s actually supposed to be running this country.
Re: Conspiracy
Agreed. It is an effort to have the tools to actually prevent the breeches before they happen instead of just trying to clean up the mess afterward. “Conspiracy” is something always difficult to prove and involves a lot more than just “talking about” the security in question.
Re: Conspiracy
You’re right, conspiracy laws are nothing new. However, the CFAA is already a dystopian nightmare. I think the reaction is that adding the ability to bring conspiracy charges on top of it will just make everything that much worse.
You know what I find insanely stupid in all this? There is no requirement that if the federal government gets hacked they have to tell anyone anything. Nor if you look does it include the federal government in this bill. This bill is about states.
Given the reports about ACA (Obamacare) having never been built with security in mind, this becomes seriously important. In order to sell ACA this particular topic has been sidelined into silence. And what about the NSA gathering up all this data and then turning it over to other agencies with the admonishment they can’t be used as the source? Given their tools, that is hacking; dishing out malware at targeted computers/individuals.
Senator Leahy once again shows his real colors in all this. It’s about covering the governments ass not about security. When you can’t find another charge, claim conspiracy to hack as a catch all dealing with computers. This makes me very uneasy. I use element Q to get rid of annoying javascript and other undesirable items on web pages I view. It does nothing to the original site, as all changes are temporary and on my computer only. Removing blocks to view the public site until you activate javascript doesn’t float. Yet it is likely under prosecutor expansion it could one day be illegal with this vague law.
Sen. Leahy is also the one introducing the USA FREEDOM Act, in order to scale back unconstitutional spying. Yet, he introduces dangerous changes to the CFAA that allows people to be charged with a crime they have yet to commit.
This just goes to show you can never trust a politician, because the vast majority of them are two faced deceivers. The most “transparent” administration ever, the Obama administration, is proof of how two faces politicians are.
Never trust them, or you’ll wake up with a dagger in your back.
Re: Re:
“Yet, he introduces dangerous changes to the CFAA that allows people to be charged with a crime they have yet to commit.”
Actually, conspiracy to commit a crime is often a crime in and of itself. It’s why you can arrest someone for hiring a hitman before the target gets killed, because it’s a conspiracy to commit murder (I know, a big example, but there ya go).
Conspiring with others to hack into a network to obtain material illegally should be a crime. It wouldn’t harm white hat hackers trying to show a problem, but it would sure screw up black hatters planning their next break in.
Re: Re: Re:
The conspiracy to hack already was a crime, but that’s not the problem. The problem is that with the 4 words added to the law, the conspiracy to hack would be treated the same as if you had actually committed the crime.
Leahy is a fake. Always been.
This simply proves, he don’t even looks at papers shoved down his throat.
All I read was “Old man yells at cloud” and see a picture in my mind of Grandpa Simpson talking about how in his day he was hacked by three different nonconsecutive presidents.
Mike, you seem to be misunderstanding what the bill says, or what current law says. Or both. Those words don’t change what acts are criminal at all. They don’t make things into crimes that aren’t criminal as the law now stands. They just change the maximum possible punishment, from 5 years (the punishment for conpiracy ) to 5 or 10 or 15 years or more under the CFAA. I’m sure you think that’s a bad idea too , but it is a completely different bad idea from the one your post seems to have invented based on some misreading of the statute.
They way I see this, this could put ISPs in a damned-if-you-do, damned if you don’t sitaution once TPP is implemeneted. They could be in violation of the CFAA if they do monitor users for copyright violations, and violations of copyright laws of theuy dont.
Between this and TPP, it could force nearly every internet company out of business, if you cannot obey the laws that will result from TPP, without violating the CFAA.
The way this law is written, half the student body where I went to community college in the late 1980s would have been felons, if this had been law them, because of a few things we did to circumvent disk quotas.
Courtroom Hillarity
So wouldn’t that mean that under that utterly idiotic law it is ironically nearly impossible to convict someone for hacking? I mean in order to prosecute you they’d need to talk about computer hacking. Therefore you can attempt to have the prosecutor prosecuted for violating the law when he attempts to prosecute you.
With this expansion of the CFAA, I would suggest buying stock in the makers of programs like Evidence Eliminator or KillDisk, as these programs will start selling like hotcakes if it goes through.
If they cannot get any evidence off your hard disk, they will have no case against you.
“conspire or attempt to commit”
So would the NSA be found guilty ..hacks up a lugie
“Senator Leahy Tries To Sneak Through Plans To Make Merely Talking About Computer Hacking A Serious Crime”
But, then, wouldnt that, like, seriously cripple governments “cyber security” departments, or is this just, like, another law for the “peasants” only…….again
Re: Re:
Hell, would this law not implicate spy agency methods as illegal, or is this, like, another, “do as i say, not as i do” kinda, situation……..again
Leahy also voted for the Patriot Act. That sorry sack of sh^t needs to be voted out.
Re: Re:
Who didn’t vote for the Patriot Act? If you remember the time well, you would most likely have accused him of treason if he had not voted for it at the time. Everyone was gung-ho, and even then I had the feeling that it was too much, too fast.
Re: Re: Re:
No, not everyone was gung-ho at the time. The Patriot Act was incredibly unpopular in my circles. Not everyone lost their minds.
I thought that every single person who voted for it then (and the renewals since then) shouldn’t be trusted to be in government due to either extremely poor judgement or too much of a totalitarian bent.
Conspiracy means.....
Though I am totally against anything that would tend to restrict our freedoms in any way more than they have already been post-9/11, I have to question the interpretation of this law. Leahy has always been a strong advocate of personal rights and his insidious planning as limned here is something that would be completely out of character, if it were true. But the word “conspiracy” makes it all quite different from the knee-jerk interpretation. Talking about or discussing something is not conspiracy. Even discussing ways of circumventing security without the intention of actually doing it is not conspiracy, either. Conspiracy has always been a difficult thing to prove in court, as it should be, and I have no doubt, will continue to be.
Re: Conspiracy means.....
The problem is the nexus with the CFAA, which is infamous for being interpreted way beyond reason to imprison people who, at worst, engaged in misdemeanor offenses. Bringing conspiracy into that mix is a pretty clear indicator that “conspiracy” will be used in an overly-broad fashion as well.
One other thing that I think could become a criminal offence is bypasssing the anti-tethering features on your cell phone.
It is possible, on many phones, circumvent that by logging in to a VPN. I know when I moved, and did not have normal Intrenet for a while, I had to do this to get the Internet.
Nypassing anti-tethering features on your cell phone, by using a VPN, could be construed at attempted hacking, the way I see it.
One other thing that I think could become a criminal offence is bypasssing the anti-tethering features on your cell phone.
It is possible, on many phones, circumvent that by logging in to a VPN. I know when I moved, and did not have normal Intrenet for a while, I had to do this to get the Internet.
Nypassing anti-tethering features on your cell phone, by using a VPN, could be construed at attempted hacking, the way I see it.