hacking


Unfortunately, I haven’t been keeping this site up to date as I’ve been blogging on the Stanford Law School Center for Internet and Society site.  To that end, here are my most recent posts:

The Unintended Consequences of CISPA

New Cybersecurity Bill Available

Revised Cybersecurity Act Needs Amendments for Privacy, Security

Thanks for following along.

 

The House Judiciary Committee is considering a bill (.pdf) to amend the Computer Fraud and Abuse Act, 18 USC 1030. I’ve redlined the current statute (.doc) to show how the law would look should this bill pass, and inserted comments where relevant.

I’ve heard that the bill is intended to fix what’s come to be known as “The Lori Drew Problem“: criminalizing terms of service violations. By my analysis, it does the opposite. The text could clear the way for such prosecutions while introducing new legal uncertainties, expanding the scope of the CFAA and greatly increasing penalties, without resolving the underlying problem, which is that the phrase “exceeds authorized access” — as well as the new phrase “in excess of authorization” in the bill — are subject to conflicting interpretations.

The bill also dramatically increases penalties while introducing new ambiguous language that muddies rather that clarifies the reach of this expansive law in other areas as well. For the reasons set forth in the comments to my attached redline, this legislation needs to be scrapped.

This legislative push comes just a few days following the Ninth Circuit’s opinion in United States v. Nosal. There, the Court sitting en banc reversed the panel decision and held that violations of an employer’s computer use restrictions are not penalized under the statute, because “exceeds authorized access” doesn’t mean merely violating a policy, it means obtaining data you are not allowed to see. While a very welcome decision, this creates a Circuit split with the Fifth, Seventh and Eleventh Circuits. We don’t yet know whether the government will petition for, or the Supreme Court will grant cert in Nosal. What we do know is that if Congress wants to resolve the ambiguity, the current bill will only make matters worse.

EFF filed a brief today in U.S. v. Lowson, again arguing that public websites can not decide who is and is not a criminal.

For why you should care about what happens to a bunch of Wiseguys cutting the virtual line for ticket purchases, check out my blog post.

Help EFF and get a free trip to Vegas for Defcon in our First Annual Defcon Getaway Fundraising Contest!.

Today’s SF Chronicle reports that state authorities are warning local bars that they cannot serve artisan infused liquors. Certainly, there’s a place for health regulation of on-site alcohol sales. But infused liquors are based on, yes, alcohol, and alcohol kills germs. That’s what’s kept me healthy ever since turning 21. So the health risks from a limoncello, or rosemary infused rye, or whatever they are serving at Bourbon and Branch or Starbelly this week, are nil. There’s an analogy to be drawn between the state rectification laws and the work I do with programmers and coders. Laws that were written to resolve a certain set of problems are being used to hinder creativity not connected to those social ills. For whatever reason, we aren’t seeing the kind of forbearance from enforcement that one would hope for in order to allow innovation to proceed. So we probably have to change the laws. In the meanwhile, in solidarity with the bartender community, I’m making up some homemade limon- and grapefruitcello in my kitchen pantry. Photos below.

LemonsGrapefruitsZested lemonsInfusing

The Electronic Frontier Foundation and I are mentioned in this Wall Street Journal article about TI calculator hackers and the law.

UPDATE: Texas Instruments failed to stand behind their misguided claim that calculator hobbyists violated copyright law by having public, online discussions about techniques to get more functionality from TI calculators. Yet the company continues to dig itself into new holes by issuing more improper take-down letters.

Great article on my Texas Instruments dispute in the IEEE Spectrum magazine, with a picture of one of my clients: For Texas Instruments, Calculator Hackers Don’t Add Up.

Prepaid Providers Seek to Put Locks On Your Phone and Their Hands In Your Pocket.

One of my new projects is defending researchers and bloggers discussing how to put custom operating systems on TI calculators. The press release and explanatory blog post are on the EFF site.

Next Page »