Editing Aaron projects/CFAA
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 1: | Line 1: | ||
<center>''Work in progress; please link to other work here'' | <center>''Work in progress; please link to other work here''</center> | ||
;Goal: Let's | ;Goal: Let's prepare for a full repeal of the CFAA and replacement with sane law. | ||
;Questions: How would we construct good law in these areas, from scratch? | ;Questions: How would we construct good law in these areas, from scratch? | ||
: How do different areas of law, policy, and internet governance view the law and its impact? | : How do different areas of law, policy, and internet governance view the law and its impact? | ||
Line 62: | Line 60: | ||
# Extortion through use of computer | # Extortion through use of computer | ||
== | == Proposed solutions == | ||
=== Aaron's Law === | |||
* Lower some of the penalties for crimes that produce little or no harm, | |||
* Delete a provision that is repeated elsewhere in the statute | |||
* Clarify once and for all that violating terms of service agreements is not a crime. | |||
*: NB - Chin in US v. Drew - precedent that an individual, violating a TOS without a script, is pretty clearly not a crime. But it is still always used as a threat to amplify perceived risk. | |||
; current status | |||
* referred to the Committee on Crime, Terr, Homeland Security subcomm of Judiciary Committee (chair: Sensenbrenner) | |||
== Principles == | |||
: compare [https://necessaryandproportionate.org/text Necessary and Proportionate] principles | : compare [https://necessaryandproportionate.org/text Necessary and Proportionate] principles | ||
What substantive things should be in a rational computer crime law? | What substantive things should be in a rational computer crime law? | ||
=== Positive principles === | |||
; Parallelism with non-computer crime law | ; Parallelism with non-computer crime law | ||
; Proportionate punishment | ; Proportionate punishment | ||
=== Negative principles === | |||
; Avoid confusion/overlap between different parts of the government : in terms of means and ways | ; Avoid confusion/overlap between different parts of the government : in terms of means and ways | ||
* b/t different parts of the government | * b/t different parts of the government | ||
Line 76: | Line 88: | ||
* b/t social-good and infosec goals | * b/t social-good and infosec goals | ||
=== Open questions === | === Open questions === | ||
Line 115: | Line 99: | ||
* 'sockpuppeting' authentication where it's assumed you have one-account-per-user? | * 'sockpuppeting' authentication where it's assumed you have one-account-per-user? | ||
: This is rarely prevented clearly. | : This is rarely prevented clearly. | ||
; Circumventing the auth process? | |||
; What's the ECTF doing | ; What's the ECTF doing? | ||
: (cf | : (cf fix-hacking-laws essay) | ||
== Active proposals == | == Active proposals == | ||
=== | === Patching existing law === | ||
; EFF proposals and ideas | |||
* Limit scope of "exceeding authorized access" | |||
* | : Say: contractual violation can't be the basis for this | ||
* Amend the Wire Fraud Act | |||
* | : Say: contractual violation can't be the basis for this | ||
* lower penalties for crimes that produce little or no harm | * lower penalties for crimes that produce little or no harm | ||
* cleanup: delete repeated provision, delete provision repeated in WFA | * cleanup: delete repeated provision, delete provision repeated in WFA | ||
Line 159: | Line 130: | ||
* mapping out where the CFAA overlaps with existing law; identifying areas left untouched. | * mapping out where the CFAA overlaps with existing law; identifying areas left untouched. | ||