{"id":33,"date":"2013-05-09T09:10:27","date_gmt":"2013-05-09T14:10:27","guid":{"rendered":"http:\/\/sites.law.duq.edu\/juris\/?p=33"},"modified":"2017-11-20T20:04:51","modified_gmt":"2017-11-21T01:04:51","slug":"hacking-law-is-it-time-for-reform","status":"publish","type":"post","link":"https:\/\/sites.law.duq.edu\/juris\/2013\/05\/09\/hacking-law-is-it-time-for-reform\/","title":{"rendered":"Hacking Law: Is it time for reform?"},"content":{"rendered":"
\"Photo<\/a>
Photo courtesy of www.dogtownmedia.com<\/figcaption><\/figure>\n

by Matt Andersen, Op-Ed Participant<\/p>\n

\n\n\n\n\n
<\/td>\n<\/tr>\n
<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

We currently reside in a technologically rich era, and our personal information is constantly under attack, or available to attack, by hackers.\u00a0 Luckily, the United States legislature enacted the Computer Fraud and Abuse Act (CFAA) in 1984, and it has been heavily critiqued ever since.\u00a0 It goes without question that technology has significantly changed since 1984, and for that reason judges<\/a> and United States citizens are calling for reform of the 29-year-old law.\u00a0 Additionally, every state<\/a> legislature has enacted a statute similar to the CFAA (Pennsylvania\u2019s can be found at 18 Pa. Consol. Stat. Ann. \u00a7 7611 (West 2012)).<\/p>\n<\/div>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 The CFAA can be found at 18 U.S.C.A. \u00a7 1030 (West 2012), and it specifically states that it is illegal to \u201cintentionally access a computer without authorization or exceed authorized access.\u201d\u00a0 In recent months, there has been public outcry over the CFAA, and, most notably, because the United States government has used the CFAA to indict a few well respected members of the hacker community.<\/div>\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Most recently, Andrew Auernheimer, commonly known in the hacker community as \u201cWeev,\u201d was sentenced to 41 months<\/a> in prison for violating the CFAA.\u00a0 Specifically, Auernheimer hacked into AT&T\u2019s servers and obtained the email addresses of over 114,000 iPad users. \u00a0By doing this, Auernheimer was able to obtain the email addresses of New York City Mayor Michael Bloomberg, New York Times CEO Janet Robinson, ABC\u2019s Diane Sawyer, and former White House Chief of Staff Rahm Emmanuel.<\/div>\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Auernheimer considers himself a \u201cgray hat\u201d in the hacking community, which means he hacks into a company\u2019s servers, strictly to expose the flaws in their cyber security. \u00a0When a gray hat finds a flaw in a company\u2019s cyber security, they will usually let the company know, and offer to sell them the information so they can fix it.\u00a0 After a company is hacked, it will usually spend at least $100,000 to fix the breach, because companies are required to inform every customer who could be affected, and they have to pay to resolve the breach.\u00a0 In fact, the largest hack in history happened to the Sony Playstation Network, which caused Sony to shut down the network for 24 days, and pay the 77 million affected users a total of $170 million.<\/div>\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 However, this was not a normal \u201cgray hat\u201d hack for Auernheimer.\u00a0 The jury did not believe Auernheimer\u2019s argument that he was acting as a gray hat, because, upon obtaining these email addresses, he subsequently handed the data over to Gawker, which publicly posted the information on its website.<\/div>\n
<\/div>\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Just a week before Auernheimer\u2019s sentencing, federal prosecutors indicted Reuters social media editor Matthew Keys<\/a> for helping the world-renowned hacker group \u201cAnonymous\u201d attack the website of his former employer, the Tribune Company.\u00a0 Keys is facing up to 25 years in prison, as well as fines that could reach $750,000.<\/div>\n
\n\n\n\n\n
<\/td>\n<\/tr>\n
<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

The biggest news story came in January when Aaron Swartz, an internet activist who advocates for absolute freedom of information, committed suicide while he was awaiting trial.\u00a0 Swartz allegedly hacked into the Massachusetts Institute of Technology\u2019s digital archive and stole millions of scholarly journals that would normally require payment to access.\u00a0 Swartz was facing a potential prison sentence of more than 30 years. \u00a0Many devout fans of Swartz believe that the federal prosecutor\u2019s threats of an extreme prison sentence are what led Swartz to commit suicide.<\/p>\n<\/div>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Auernheimer, Keys, and Swartz were all charged under the CFAA, and many have criticized this law for being too broad and overly vague.\u00a0 Many also criticize the CFAA for imposing sentences that are entirely too harsh for merely computer crimes.\u00a0 However, many critics do not realize that Keys and Swartz were indicted under completely separate provisions of the CFAA.\u00a0 Swartz was indicted for violating the provision of the CFAA dealing with unauthorized access, and Keys was indicted for violating the provision dealing with damage to a computer.<\/div>\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 The provision of the CFAA dealing with unauthorized access, which Auernheimer and Swartz violated, is what has received the most criticism in recent months.\u00a0 It certainly seems that a law enacted in 1984 that deals with computer hacking is most likely out-of-date, and in need of some serious change.\u00a0 With high profile cases in federal courts, and the attention that this issue is getting from mainstream media, an amendment to the CFAA within the next few years appears likely.<\/div>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

by Matt Andersen, Op-Ed Participant We currently reside in a technologically rich era, and our personal information is constantly under attack, or available to attack, by hackers.\u00a0 Luckily, the United States legislature enacted the Computer Fraud and Abuse Act (CFAA) in 1984, and it has been heavily critiqued ever since.\u00a0 [\u2026] <\/p>\n

<\/div>\n

Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":61,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,4],"tags":[],"class_list":["post-33","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-juris-blog","category-posts"],"_links":{"self":[{"href":"https:\/\/sites.law.duq.edu\/juris\/wp-json\/wp\/v2\/posts\/33","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sites.law.duq.edu\/juris\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sites.law.duq.edu\/juris\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sites.law.duq.edu\/juris\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sites.law.duq.edu\/juris\/wp-json\/wp\/v2\/comments?post=33"}],"version-history":[{"count":4,"href":"https:\/\/sites.law.duq.edu\/juris\/wp-json\/wp\/v2\/posts\/33\/revisions"}],"predecessor-version":[{"id":62,"href":"https:\/\/sites.law.duq.edu\/juris\/wp-json\/wp\/v2\/posts\/33\/revisions\/62"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sites.law.duq.edu\/juris\/wp-json\/wp\/v2\/media\/61"}],"wp:attachment":[{"href":"https:\/\/sites.law.duq.edu\/juris\/wp-json\/wp\/v2\/media?parent=33"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sites.law.duq.edu\/juris\/wp-json\/wp\/v2\/categories?post=33"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sites.law.duq.edu\/juris\/wp-json\/wp\/v2\/tags?post=33"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}