Legal

US anti-hacking law turns computer users into criminals

Former prosecutor calls for change to CFAA

Dan Goodin Tue 15 Nov 2011 // 02:17 UTC

A commonly invoked anti-hacking law is so overbroad that it criminalizes conduct as innocuous as using a fake user name on Facebook or fibbing about your weight in a Match.com profile, one of the nation's most respected legal authorities has said.

George Washington University Law School Professor Orin S. Kerr said he hopes the critique will spur changes to the Computer Fraud and Abuse Act, a law that's frequently invoked against people who exceed authorized access of websites and computers. He released written testimony (PDF) on Monday, one day before he's scheduled to appear before a US House of Representatives subcommittee on Crime, Terrorism, and Homeland Security.

"The current version of the Computer Fraud and Abuse Act (CFAA) poses a threat to the civil liberties of the millions of Americans who use computers and the internet," said Kerr, who is a former prosecutor who handled hacking cases. "As interpreted by the Justice Department, many if not most computer users violate the CFAA on a regular basis. Any of them could face arrest and criminal prosecution."

The CFAA punishes people who intentionally exceed authorized access to obtain information from a protected computer. Kerr said exceeding authorization is as simple as violating a single term of service, such as one imposed by Match.com that forbids users from providing "inaccurate, misleading or false information" to any other member. A user who fibs about her weight or his height and gets access to another member's profile could well run afoul of the provision, Kerr said.

"The statute does not require that the information be valuable or private," he wrote. "Any information of any kind is enough. Routine and entirely innocent conduct such as visiting a website, clicking on a hyperlink, or opening an email generally will suffice."

The critique comes three years after federal prosecutors charged a Missouri mother for using a fraudulent MySpace profile to taunt a teenage girl who later committed suicide. Lori Drew was eventually found guilty, but the conviction was later overturned after the judge criticized the CFAA for criminalizing what would otherwise be a simple breach-of-contract claim in a civil case.

Kerr recommended that the CFAA be amended to clarify that exceeding authorized access doesn't include terms of service. An alternative statutory fix includes narrowing the law to cover only information that, when obtained in excess of authorization, is "associated with significant harms." ®

32 Comments

Corrections Send us news

Other stories you might like

Scientists took cues from helicopter seeds to invent tiny microchips that float on wind

'Microfliers' could carry sensors to monitor air pollution and more

Lindsay Clark Fri 24 Sep 2021 // 16:29 UTC

Video As autumn arrives in the northern hemisphere, scientists have shown how tiny connected semiconductors can be distributed on the wind in a similar way to the seasonal spreading of airborne seeds.

Researchers led by Professor John Rogers of the US's Northwestern University designed printed circuits able to manifest rotational behaviours, as seen in helicopter and spinner seeds, that enhance the stability and flying behaviour.

In a paper published in Nature this week, they argue that simple electronics can be integrated into the designs, with one example containing a circuit to detect airborne particles.

Continue reading
With just over two weeks to go, Microsoft punts Windows 11 to Release Preview

What's that coming over the hill? Is it new hardware? Is it new hardware?

Richard Speed Fri 24 Sep 2021 // 15:33 UTC

Microsoft has followed up a lacklustre Surface hardware event with a Windows 11 Release Preview for Windows Insiders.

Assuming, of course, those Insiders are possessed of an "eligible PC" – for Microsoft does not appear to be backing down on its vendor-delighting and customer-frustrating hardware requirements for the new operating system.

The build in question is 22000.194, which emerged last week in the Beta Channel to the disappointment of users trying to run Windows 11 on a virtual machine that is not to Microsoft's liking. Its arrival in Release Preview yesterday, just over two weeks from general availability on 5 October, is an indicator that fans should expect little more than patches and updates until then.

Continue reading
Fukushima studies show wildlife is doing nicely without humans, thank you very much

Biodiversity increasing, endangered species gradually returning despite radioactive terror pig presence

Matt Dupuy Fri 24 Sep 2021 // 14:45 UTC

Studies of biodiversity around the former Fukushima nuclear power plant in Japan have shown that a decade after the nuclear incident there in March 2011, the local wildlife, at least, is mostly thriving.

The incident at the Fukushima Daiichi site – in which three of the site's six reactors suffered meltdowns due to damage from an earthquake-induced tsunami – was one of only two events in history to be rated at level 7 on the International Nuclear and Radiological Event Scale (the other being Chernobyl).

This scale is not related to the quantity of radioactive material released (although that was considerable), but by the number of people affected by the event. Following the incident, 154,000 people were evacuated from the area surrounding the plant due to the risk of radioactive contamination, a number second only to the 335,000 evacuated from the environs of the Chernobyl plant in 1986.

Continue reading
HPE campaigns against 'cloud first' push in UK public sector

Because HPE does not do public cloud? No, no, it is 'for the good'

Tim Anderson Fri 24 Sep 2021 // 13:02 UTC

Comment Hewlett Packard Enterprise has posted a "UK Public Sector Manifesto" with nine themes, alongside a campaign hyping the value of hybrid cloud.

The bugbear for HPE is that UK government introduced a "cloud first" policy in 2013.

The current version was revised in 2017 but it mandates that central government, when buying new IT services, must consider a cloud solution – and specifically a public cloud, rather than "a community, hybrid or private deployment model" – before any other option.

Continue reading
Tech contractors fume over payday outage at Giant Pay after it sniffs 'suspicious activity'

Technical difficulties, please stand by

Tim Richardson Fri 24 Sep 2021 // 12:26 UTC

Giant Pay – an umbrella company used by contractors across the UK – has confirmed "suspicious activity" on its platform is behind a days-long ongoing outage that has left folk fretting about whether they'll get paid this month.

In an update on its website today, the firm said: "Upon detection of suspicious activity on our network on 22nd September 2021, we immediately assembled a response team including IT data experts and specialist lawyers, and we are currently working with the highest priority to resolve this issue.

"As part of the investigation and as a measure of caution, we have proactively taken our systems offline and suspended all services temporarily." It also confirmed it had contacted regulatory authorities and assured contractors they would get paid.

Continue reading
Parking is expensive. It can cost an arm, a leg, and a Windows licence

Activate Windows and put up a parking lot

Richard Speed Fri 24 Sep 2021 // 11:29 UTC

Bork!Bork!Bork! Sometimes only the freshest of borks will do, and sometimes the best laid plans of administrators can go awry.

Continue reading
'Nobody in their right mind would build a naval base here today': Navigating in and out of Devonport

Twisting and turning like a twisty-turny thing

Gareth Corfield Fri 24 Sep 2021 // 10:49 UTC

Boatnotes II As HMS Severn continues hosting the Royal Navy's Fleet Navigating Officer's course, The Register has taken a closer look at the precision demanded of naval officers conning their ships in and out of one of the most cramped ports where the Navy routinely operates.

Entering and leaving Plymouth, home to Devonport naval base, is a tricky operation under naval rules as we observed.

Continue reading
CutefishOS: Unix-y development model? Check. macOS aesthetic? Check (if you like that sort of thing)

Also a range of homegrown apps. Still in beta, so plenty of rough edges, though

Scott Gilbertson Fri 24 Sep 2021 // 10:01 UTC

Review One of the reasons Linux has never caught on as a desktop operating system, as Linux fans know, is that Linux isn't a desktop operating system, it's a kernel. And assembling it into a coherent package users can install is the job of a distribution.

This is a very different distribution model than the one Apple or Microsoft uses, and it confuses newcomers. Windows and macOS are easier to understand, they are single things made by single companies. Canonical and Red Hat notwithstanding, Linux is not packaged and presented this way at all. I've long believed that this difference is one of the key stumbling blocks to wider Linux adoption.

Apple has macOS, Microsoft has Windows, Linux has... hundreds of awkward, confusingly named options.

Continue reading
Nothing works any more. Who decided that redundant systems should become redundant?

It'll all come out in the wash

Alistair Dabbs Fri 24 Sep 2021 // 09:14 UTC

Something for the Weekend, Sir? Something is out of place; it does not quite fit. I reach down and give it a gentle tug. Ah, that's better.

If you are expecting a harmless reveal of a desperately contrived euphemism, as per usual, you are going to be disappointed. This time I really am talking about my underwear. I am experiencing a clothing comfort conflict below the waist. To misparaphrase an ailing Oscar Wilde, either these new chuddies or my nuts will have to go.

It is my fault, of course, for having purchased the wrong size or whatever. Am I wearing them back to front? It's a bit difficult to tell as I removed the labels. When I say "labels", I am referring to the three-dozen nylon razor blades that were sewn into the hem, each adorned with iconographic instructions helpfully reminding you not to clean the item with a circular saw, industrial sander or quarry explosives.

Continue reading
BOFH: You'll find there's a company asset tag right here, underneath the monstrously heavy arcade machine

Flame purifies all

Simon Travaglia Fri 24 Sep 2021 // 08:30 UTC

Episode 17 It's barely 9am in the morning and we're all standing outside while the fire brigade inspects the premises for the source of the fire.

A fire that in all likelihood never happened.

"What was it?" the Boss asks, no doubt fearing a discovery of the charred remains of a Beancounter in a closet somewhere on the third or fourth floor.

Continue reading
UK Ministry of Defence tries again to procure £1.7bn tri-service recruitment system

New guys can't do a worse job than Capita, right? Right?

Lindsay Clark Fri 24 Sep 2021 // 07:45 UTC

The UK Armed Forces are looking to restart a £1.7bn procurement for recruitment and onboarding of personnel to cover extensive IT investments as well as process outsourcing.

The move follows in the footsteps of an earlier Army deal which saw Capita under-perform on a £1.3bn recruiting project.

Under a 10-year contract, the UK services are looking for a single, common, tri-service recruiting process under the banner of the Armed Forces Recruiting Programme.

Continue reading

ABOUT US

SITUATION PUBLISHING

The Register - Independent news and views for the tech community. Part of Situation Publishing

SIGN UP TO OUR DAILY NEWSLETTER

Your Consent Options Cookies Privacy Ts&Cs

Review and manage your consent

Manage Cookie Preferences

Topics

Resources

Situation Publishing

Get our Weekly newsletter

Legal

US anti-hacking law turns computer users into criminals

Former prosecutor calls for change to CFAA

Other stories you might like

Scientists took cues from helicopter seeds to invent tiny microchips that float on wind

With just over two weeks to go, Microsoft punts Windows 11 to Release Preview

Fukushima studies show wildlife is doing nicely without humans, thank you very much

HPE campaigns against 'cloud first' push in UK public sector

Tech contractors fume over payday outage at Giant Pay after it sniffs 'suspicious activity'

Parking is expensive. It can cost an arm, a leg, and a Windows licence

'Nobody in their right mind would build a naval base here today': Navigating in and out of Devonport

CutefishOS: Unix-y development model? Check. macOS aesthetic? Check (if you like that sort of thing)

Nothing works any more. Who decided that redundant systems should become redundant?

BOFH: You'll find there's a company asset tag right here, underneath the monstrously heavy arcade machine

UK Ministry of Defence tries again to procure £1.7bn tri-service recruitment system

ABOUT US

MORE CONTENT

SITUATION PUBLISHING

SIGN UP TO OUR DAILY NEWSLETTER