Legal commentary is a tricky thing. There are usually legitimate differences of opinion involved (or else the case wouldn't have survived, generally), and people often have strong views about the issues. But there's little more irritating to me than legal commentary that either completely fails to engage the reasoning or deliberately lies about the law.
Mike Masnick's recent article, "Court Says Sending Too Many Emails To Someone Is Computer Hacking," is a good example. In part:
Okay, the courts are just getting out of hand when it comes to the Computer Fraud and Abuse Act (CFAA), which is supposed to be used against cases of malicious hacking. Most people would naturally assume that this meant situations in which someone specifically broke into a protected computing system and either copied stuff or destroyed stuff. And yet, because of terrible drafting, the law is broad and vague and courts are regularly stretching what the CFAA covers in dangerous ways.I can't say whether Masnick is deliberately lying to his readers, or if he just can't read the opinion and the statute. But the word that his whole post revolves around, 'hacking,' seems to come purely from his imagination.
The latest example, found via Michael Scott is that the Sixth Circuit appeals court has overturned a district court ruling, and is now saying that a labor union can be sued for violating the CFAA because it asked members to email and call an employer many times, in an effort to protest certain actions. Now some of the volume may have hurt the business, but does it reach the level of hacking?
The law in question is called the "Computer Fraud and Abuse Act," and there can certainly be fraud and abuse of computers without 'hacking.' And the actual legal claim made was that there was either a 'transmission' or an 'access' violation (see page 6 of the opinion, available in Masnick's post.)
The transmission violation is defined in 18 U.S.C § 1030(a)(5)(A):
Whoever knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer shall be punished as provided in subsection (c) of this section.The access violation is defined in 18 U.S.C § 1030(a)(5)(B):
Whoever intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage shall be punished as provided in subsection (c) of this section.Whether either of these standards has been met in the case is a fair question, and there could be a legitimate discussion of that. There can also be a good argument over whether the CFAA is a good law, or whether it's incredibly over broad. But those discussions won't ever happen so long as people like Masnick keep pulling legal standards out of thin air. 'Hacking' has nothing to do with it, and there's no good reason to pretend it does.
No comments:
Post a Comment
I encourage commenters to use their real name, although I do not require it.
Blogger employs an automatic spam filtering algorithm for comments. If a non-spam comment has been filtered out, email source4politics@gmail.com and the issue will be investigated.