Editing
Aaron projects/CFAA
(section)
Jump to navigation
Jump to search
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
=== Points of consensus === Based on conversations with folks at the '''Cambridge/Boston''' hack, these principles emerged as points of agreement. Other groups feel free to chime in as well. ==== Reasonable defenses ==== * '''Scope should be limited''' - the law should not run to the boundary of what we find ethical or moral. We want people to have freedom to "mess around" with the web (perhaps with some negligence-based liability if they cause actual damage). As with media law and "bad journalism", copyright and "plagiarism," the law should leave the edge cases for the community to set up a moral/normative/shame-oriented punishment scheme. ** we feel as though there is sufficient persistent identity in the community that even pseudonymous hackers care about their reputations. * '''Focus on bad ''access'', leave ''use'' to other laws''' - laws on copyright, trade secret, identity theft, espionage, extortion, and fraud govern most of the "scary" use cases. ** In this way, we are leaving the "hats" (black/white/grey/green) discussion for the community norms or existing law. * '''Consent should always be a defense''' - server owners ask members of the public to do some weird stuff against their systems, but as long as they ask for it, it should never be a crime to access one's computer in that way. * '''Consider technical effectiveness of site design''' for its intended use. For code-based vulnerabilities and authentication measures, a "reasonable" standard may not be appropriate: defining what is "reasonable" may lead to unnecessary confusion. But some consideration should be made to ensure that trivially-overcome measures are not within the scope. ==== What should be unlawful ==== * '''Setting up and triggering an exploit''' - even if it was not done on that person's computer. Hold the party intending to do the bad behavior culpable. [ex: sharing a tinyurl that carries out a sql-injection] * '''Circumvention of a code-based authentication measure''' - leaving proportionality for another discussion. This includes cracking, password guessing, or human-engineering password disclosure. *: Once we get to this set of actions, we're in fraud-land. [this still shouldn't be penalized more than non-electronic fraud] * '''Exploiting a code-based vulnerability to obtain information''' should be unlawful (leaving proportionality for another discussion). We are thinking of things like a SQL injection hack. * '''Knowingly deleting or impairing the integrity or availability of the data''' should be unlawful if done intentionally or recklessly. Moving down to negligence or strict liability at a certain damage threshold is harder to say. ==== Uncertain areas ==== * '''Penetration testing''' is squishy. An open call for bug bounties should be treated as consent to access the site (again, using other laws to govern bad uses) * '''"Obtaining information from accidentally-open" sites''' is squishy. E.g., sites that were supposed to be behind an authentication layer but are not. To a certain extent, it may be best to place the fault of this onto the coder of the site, with the comfort that certain uses by the obtainer of information may still be unlawful.
Summary:
Please note that all contributions to Noisebridge are considered to be released under the Creative Commons Attribution-NonCommercial-ShareAlike (see
Noisebridge:Copyrights
for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource.
Do not submit copyrighted work without permission!
To protect the wiki against automated edit spam, we kindly ask you to solve the following CAPTCHA:
Cancel
Editing help
(opens in new window)
Navigation menu
Personal tools
Not logged in
Talk
Contributions
Log in
Request account
Namespaces
Page
Discussion
English
Views
Read
Edit
View history
More
Search
Dig in!
Noisebridge
- Status: MOVED
- Donate
- ABOUT
- Accessibility
- Vision
- Blog
Manual
MANUAL
Visitors
Participation
Community Standards
Channels
Operations
Events
EVENTS
Guilds
GUILDS
- Meta
- Electronics
- Fabrication
- Games
- Music
- Library
- Neuro
- Philosophy
- Funding
- Art
- Crypto
- Documentation/Wiki
Wiki
Recent Changes
Random Page
Help
Categories
(Edit)
Tools
What links here
Related changes
Special pages
Page information