Tag Archives: aaron swartz

If you’ve fudged on Facebook, you’ve committed a federal crime

FacebookTwitterGoogle+PinterestLinkedInRedditEmail

Aaron’s Law wouldn’t have kept Aaron out of prison.

A Silicon Valley congresswoman and an Oregon senator, both democrats, are introducing parallel bills that would tighten up the Computer Fraud and Abuse Act (CFAA). Zoe Lofgren and Ron Wyden are titling it Aaron’s Law, in honor of Aaron Swartz, an Internet activist who committed suicide after being charged with a tall stack of felonies for downloading a library’s worth of pay-walled academic journal articles at MIT. Federal prosecutors motivated by ambition and not justice were threatening him with 35 years in prison.

Lofren and Wyden laid out their case for taking civil disputes over terms of service out of the reach of criminal law in a Wired editorial

Vagueness is the core flaw of the CFAA. As written, the CFAA makes it a federal crime to access a computer without authorization or in a way that exceeds authorization. Confused by that? You’re not alone. Congress never clearly described what this really means. As a result, prosecutors can take the view that a person who violates a website’s terms of service or employer agreement should face jail time.

So lying about one’s age on Facebook, or checking personal email on a work computer, could violate this felony statute.

CFAA was written and passed in 1986, so it’s no surprise that it lacks a level of nuance and specificity appropriate to the Internet age. Aaron’s Law would restrict prosecutions to genuine cracking

Access without authorization means (A) to obtain information on a protected computer; (B) that the accesser lacks authorization to obtain; and (C) by knowingly circumventing one or more technological or physical measures that are designed to exclude or prevent unauthorized individuals from obtaining that information.

Ironically (or maybe cynically – Washington is what it is) what Swartz allegedly did would still be a crime. He was said to have connected a laptop to a server inside a locked closet, which may be fairly characterised as circumventing technological and/or physical security measures. But it would prevent aggressive prosecutors from piling on dozens of years in prison for what would otherwise be a straightforward burglary charge.

So far, Wyden is carrying the bill alone in the senate, but Lofgren has lined up a bipartisan slate of co-authors in the house.

You didn’t buy that phone

FacebookTwitterGoogle+PinterestLinkedInRedditEmail

An increasingly common criminal.

The latest move by Washington lobbyists to harnass the coercive force of government in pursuit of business models is bearing fruit today. Thanks to the Librarian of Congress, it’s now illegal to unlock a mobile phone you buy from a carrier. (H/T to the WCA’s David Witkowski for the heads up.)

The ruling came three months ago, and is only now taking effect. Previously, the Librarian of Congress, under authority granted by, well, congress under the Digital Millennium Copyright Act, said unlocking was legal. Under pressure from CTIA, the mobile industry’s primary lobbying organization, that stance was reversed. You see, you don’t really own the software that’s on your phone or, indeed, the phone itself.

Proponents [of mobile phone unlocking] …failed to offer relevant agreements to support their view of software ownership. CTIA, by contrast, cited agreements from several major carriers in an effort to demonstrate that the software on the mobile handsets is licensed, rather than sold, to a phone’s owner.

Although there’s still a grey area for older phones, the ruling removes the safe harbor protection that consumers once had. Jailbreaking is still legal – the Librarian gave us that much – but you’re at risk of engaging with the criminal, um, justice system if you want to use your phone overseas without paying a bazillion dollars in roaming charges.

If you buy a mobile in the U.S. today or in the future, you have to put your faith in the “liberal, publicly available unlocking policies” offered by mobile carriers. If you do it yourself and your carrier detects it, they’re now free to do something about it. Like shut it down.

Or point federal prosecutors at you. Yep, the same guys who handled the Aaron Swartz case with such professionalism, restraint and respect for civil rights.