The Supreme Court will finally rule on controversial US hacking law

560 points

Judges Sonia Sotomayor and Neil Gorsuch, at the back, and Stephen Breyer, on the right, seemed skeptical of the government's expanded reading of the CFAA.  Judge Thomas, center, seemed more sympathetic to the government's view.  Chief Justice Roberts, left, kept his papers close to his chest.
Zoom in / Judges Sonia Sotomayor and Neil Gorsuch, at the back, and Stephen Breyer, on the right, seemed skeptical of the government’s expanded reading of the CFAA. Judge Thomas, center, seemed more sympathetic to the government’s view. Chief Justice Roberts, left, kept his papers close to his chest.

On Monday, the Supreme Court looked into the broad interpretation of the Computer Fraud and Abuse Act, the main anti-piracy law in America.

Here’s how Description of the case Back in September:

The case arose after a Georgia police officer named Nathan Van Buren was caught taking a bribe to search for classified information in a police database. The man who paid the bribe had met a woman in a strip club and wanted to confirm that she was not an undercover policeman before he sought to establish a sexual – and possibly commercial – relationship with her.

Unfortunately for Van Buren, the other man was working with the FBI, who arrested Van Buren and accused him of violating the CFAA. The CFAA prohibits gaining unauthorized access to a computer system – in other words, piracy – but it also prohibits “bypassing authorized access” to obtain data. Prosecutors argued that Van Buren “exceeded authorized access” when he searched for information about women from a strip club.

But Van Buren’s attorney was opposed. They argued that his police login credentials allowed him to access any data in the database. They argued that providing confidential information in exchange for a bribe might have been against Ministry policy and state law, but it did not “go beyond authorized access” as far as the CFAA goes.

Obviously, no one will defend a policeman who allegedly accepted bribes for exposing classified government information. But the case matters because the CFAA was invoked in the trials of the most sympathetic defendants. For example, prosecutors used the CFAA to Aaron Schwartz trial To extract academic papers from the JSTOR database. them too prosecution Small company that uses automated scraping software to buy and sell batches of tickets from TicketMaster.

The CFAA allows civil as well as criminal penalties. For example, LinkedIn filed a lawsuit against a small data analysis company to extract data from its website. Last year, the Ninth Circuit Court of Appeal He rejected the lawsuitStating that the CFAA is intended to address computer piracy, and not only the behavior that violates the site’s terms of service.

In short, the primary issue in the case was when – if any – violating the terms of use of a website or other computer system could lead to a legal problem. While the CFAA has been on the books since the 1980s, the nation’s highest court has never addressed this question.

On Monday, the court’s nine justices appeared to have a range of opinions on the matter. Some seemed willing to accept the government’s broad reading of the statute, while others expressed concern that doing so might criminalize much of the harmless online activities.

‘Terror parade’

The crux of Van Buren’s argument is that if found guilty, that may open the door to criminal prosecution of others involved in harmless behavior.

“This build will categorize most American criminals on a daily basis,” said Jeff Fisher, the defendant’s attorney, during Monday’s oral arguments on Zoom. “Imagine a secretary whose employee handbook says her email or Zoom account can only be used for commercial purposes. Or think of someone using a dating site, where users may not include wrong information in their profile to get information about their potential mates. Or think of a law student who’s. The login credentials for Westlaw or Lexis have been issued for educational use only.

Fisher continued: “If the government is right, then a computer user who ignores any of the aforementioned use restrictions is committing a federal crime.” “For example, any employee who used the Zoom account during Thanksgiving to communicate with distant relatives would be subject to the honor of federal prosecutors.”

These kinds of assumptions – dubbed the “Parade of Atrocities” – appeared again and again in Monday’s debate about Zoom. Much of Monday’s argument focused on whether the government’s stance would open the door wide for federal trials in these types of cases.

The government took a surprising position

Eric Wegen, an attorney representing the Department of Justice, rejected Fischer’s shocking offer, arguing that none of Fisher’s scenarios would in fact lead to a federal trial. He said that when the law talks about “authorized access,” it doesn’t mean covering public websites – even sites that require a username and password.

“What Congress has been targeting here is specifically trusted people – people closer to the staff, the kind that has already been specifically considered and authorized individually,” Vision said on Monday. According to his theory, a person who breaks the rules of a dating site or social media platform will not be covered by CFAA no matter what they do.

But Judge Stephen Breyer seemed surprised by Vision’s argument.

“There are dozens and dozens and dozens of websites where they say that you can enter this site and use the information here if you agree to the terms of access. And then you have a large list written in small font that goes on for a long time. I consider that what will be covered in the terms of access will be what is permitted. What is not allowed. Authorized and not allowed. Right? “

Feigin opposed, arguing that the CFAA “authorization” is only required when a person is granted “individual specific permission.”

Previous CFAA cases appear difficult to reconcile. TicketMaster, for example, is available to the general public. People who buy tickets there are not “closer to the staff”. However, people were sued for cancellation. Likewise, JSTOR does not choose who is allowed access to academic articles – yet Schwartz was sued for downloading them without permission.

And there have been several CFAA lawsuits based on information from public websites. In a 2008 lawsuit, for example, Facebook has filed a lawsuit against a startup called Power Ventures To use its users’ credentials – with their permission – to send messages via Facebook’s messaging platform. Power Ventures eventually lost that issue, but it appears that according to Feigin’s logic, it was not supposed to implement a CFAA at all, because Facebook offers accounts for anyone who wants an account (except for young children).

In another case, Craigslist succeeded File a lawsuit against a competitor 3taps are called by the CFAA to cancel the classifieds ads and present them in an alternate format. In this case, the content in question was freely available to the public without even a username and password. However, one judge opined that 3taps had “exceeded authorized access” under the CFAA when it ignored cease and desist letters from Craigslist.

When Judge Samuel Alito asked Feigin about the TicketMaster case, Feigin dismissed it because the defendants had “hired Bulgarian hackers to circumvent some technological limitations” – a clear reference to the defendants’ efforts to circumvent the TicketMaster captcha and other efforts to prevent bulldozing. But it appears that under current government theory, the CFAA “should not apply at all.

“I have not heard the proposals of the Ministry of Justice before.”

The government’s stance has left some legal scholars confused.

“Even this case, so far everyone, including [the Department of Justice]Agreed that the law is incredibly broad other than the issue of delegation, Oren Kerr Books, A legal scholar that supports a narrow reading of the law. “In this case, though, the Ministry of Justice rejects the Justice Department’s previous opinions on the matter. Not only does it refuse, it mocks it being a sheer, utterly hilarious fantasy.”

“Contrary to the contradiction with the previous positions of the Ministry of Justice, it does not seem that the new views of the Ministry of Justice have a textual basis in the Basic Law.” Added. “I have never heard of the Justice Department’s proposals before reading its brief, and I’ve been living these things, including while I’m at the Ministry of Justice, for more than 20 years.”

In a sense, this leaves the Supreme Court in two different ways to limit the scope of the CFAA. One way – the one preferred by the defendant – is to say that violating the site’s terms of use does not violate the law, even in extreme cases. The other option – the one the government now prefers – is to consider violating the terms of use of the site a federal crime only if it is a site that provides sensitive private information and severely limits who can access it.

If the Supreme Court chooses this last option, then the change in the way the CFAA is interpreted may in fact end up becoming even greater. Defendants will be exposed to criminal penalties if they make inappropriate use of certain types of online databases. But it could neutralize the CFAA to a large extent when it comes to information on public sites. Companies like Facebook, Craigslist, and LinkedIn can get less and no more authority over how people use their sites.

The oral arguments on Monday provided little indication of how the court would rule. Few of the judges – Sotomayor, Gorsuch and possibly Breyer – seemed willing to stand by the defendants. Two others – Thomas and Barrett – appeared sympathetic to the government’s stance. But others hold their opinions close to their jackets – and the judges’ questions do not necessarily predict how they will rule in the end. Judges sometimes ask tougher questions from their preferred side to ensure that they do not miss any important counterarguments.

Like it? Share with your friends!

560 points

What's Your Reaction?

hate hate
confused confused
fail fail
fun fun
geeky geeky
love love
lol lol
omg omg
win win


Your email address will not be published. Required fields are marked *