Scott H. Greenfield on Simple Justice: A New York Criminal Defense Blog has an interesting post in which he tackles the question of the CFAA and "getting good lawyers" and discussed the cases of Weev and Matthew Keys.
He notes Sarah Laskow's CJR article which is a total whitewash job and typical of the CJR's brainlessness on this topic in the quest to be ever relevant and new in a scene where old-style media is rapidly being replaced by new media.
My comments (in moderation):
I don’t think the CFAA needs reform, because there isn’t a single case where it has been applied that anyone can really claim it was applied in an overbroad or unjust fashion. Aaron Swartz’s case would not be that example.
Hackers deliberately obfuscate this matter by engaging in a number of duplicitous rhetorical pranks every time one of these cases comes up:
a) they hysterically trumped the theoretical maximum sentences and create scary headlines about young nerds going to jail for 20 or 50 or even 100 years (as they are doing now with Barrett Brown). Nonsense. Stop using your pocket calculators and look at other cases and precedents. Not a single hacker in America has ever gotten more than 20 years — in order to get 20 years like Albert Gonzalez, you have to steal credit cards and help yourself to millions of dollars. Most cases in fact work like this: the defendant is given a mental health excuse; he is let off with a suspended sentence or time served; he turns informant for the authorities and is let off; or he gets from 6 months to 1-2 years. That’s it. Seldom does the application of the CFAA vary from this application.
b) they claim that everything their tribe does must be exonerated in the quest for freedom or innovation, minimizing the criminality of hacking and scoffing at the victims’ complaints. But hacking should be defined by victims, and not by perpetrators, under the law, like all crimes. Somebody who has lost millions of dollars in damages — like Sony — or even jus tens of thousands of damages — like MIT — should not be bullied by copyleftists into dropping their concerns for the greater glory of licentiousness for self-selected groups of nerds.
c) in particular they apply a highly sectarian and contrived notion of “unauthorized” which just doesn’t square with common sense or legal precedent. Judges fortunately don’t fall for this double-talk — they didn’t in Weev’s case, where he claimed he was just “doing math in the browser” and they didn’t in Google’s recent privacy case, where Google engineers first lied and said they hadn’t done anything, then said it was only one rogue engineer, then said they took public information which was like “radio waves” — and the judge didn’t buy any of it. Good!
You mentioned binary thinking – and that is exactly the problem here. Coders tend to see law as a static, rigid self-executing mechanical thing, and imagine it will be applied in the worst way with the worst sentence as a result. They don’t seem to have any feel for the notion of precedent, and how a dynamic court situation doesn’t just have a prosecutor or magistrate as in a civil law system (“code as law” is just such a magisterial system) but in our *adversarial* system has a judge, a jury, precedents to consider, and the actual acts of the defendant to be reviewed. Someone like Barrett Brown who hasn’t himself made use of stolen credit cards is not going to get 100 years.
I reject the idea that this area of human affairs is so complicated that we can only allow the perpetrators of hacks to do all the driving for us. While you want to find good lawyers for hackers, I hope we continue to have good judges who apply organic rule of law over nihilist code-as-law pranksters looking to troll at every turn and hide their crimes. That’s what’s important for a free and liberal society in which government, business and individuals don’t have to have their files stolen or their servers crashed if some set of extremist radicals don’t like them.
As for Matthew Keys, most news stories are only telling part of the story on him. He is also charged with stealing emails:
http://3dblogger.typepad.com/wired_state/2013/03/whats-wrong-with-matthew-keys.html
It helps to read the indictments above all, because most of the time the tech press rushing to defend their own don’t bother to do this.
On Sarah's article:
Everything about this post is deliberately tendentious.
There is nothing special about computers or the Internet; they are human means of communication much like every other one in place for centuries, and the same laws of torts and property apply with the same principles. It's only radical hackers who want to pretend the Internet is different to minimize criminality and enable copyright-free regimes and laissez-faire for hackers who violate the rights of others they don't like politically.
The author fails to mention that both Weev and Matthew Keys are charged wiht stealing people's emails. There are real damages in these cases that don't seem to be validated. Once again, hacking is being defined here by its perpetrators rather than its victims under the law.
No case of application of CFAA -- least of all Swartz's -- has ever been shown to be unfair. Swartz was offered a plea bargain of a mere 6 months -- but he did have to plead guilty to the crime he did in fact commit, which was indeed unauthorized access -- which owners, not hackers get to define -- and disabling of JSTOR for an extended period while his enormous theft of 1.7 million files using circumvention scripts over a period of time was finally cleaned up. It is not up to guerilla hackers to determine whether universities can have pay walls or membership walls on their content and services; it's up to that private institution.
The supportive line that CJR keeps taking on hackers is odd; perhaps Columbia was never hacked? It's as if in the panicked rush to new media, fleeing the old, this criminality has to be embraced. But it doesn't, and in fact hackers are antithetical to free speech when they steal files, erode privacy, and crash servers.
Recent Comments