Web

You’re probably unknowingly breaking laws online thanks to the CFAA

Computer crime sceneThe tragic death of Internet activist Aaron Swartz, who killed himself last Friday amidst prosecution for downloading 4.8 million academic articles from JSTOR, has brought one of the primary U.S. computer crime laws under intense public scrutiny. Known as the Computer Fraud and Abuse Act, or CFAA, the law was the basis for 11 of the 13 felony charges against Swartz, who faced more than three decades in prison and a potential $1 million fine for his actions. Some of these CFAA-related charges partially stem from the fact that Swartz violated JSTOR’s Terms of Service – you know, the type of absurdly long document we all agree to but never read.

If Swartz could be charged with nearly a dozen felonies for violating a ToS, does that mean anyone who violates such terms could be charged with federal crimes?

What is the CFAA?

Enacted in 1986 as an amendment to the Counterfeit Access Device and Abuse Act, the CFAA makes it illegal to do a whole bunch of stuff related to computers and computer networks, from stealing government documents and committing fraud to sending out spam emails. It’s an extremely broad law, which means a lot of activities can get pushed under its umbrella by federal prosecutors. And it’s been amended so many times that it’s completely unruly.

Why the CFAA is problematic

Much of this breadth is due to the fact that the CFAA prohibits anyone from accessing a computer “without authorization” or by “exceeding authorized access” for certain purposes, which includes attempts to “obtain information” from a “protected computer” if doing so includes “interstate or foreign … communication”.

Now, this probably sounds like a bunch of legal blather – and it is – but it is legal blather that could potentially affect anyone who uses the Web. Here’s why:

“Without authorization”

While the CFAA does explicitly define what a computer is (“an electronic, magnetic, optical, electrochemical, or other high speed data processing device performing logical, arithmetic, or storage functions, and includes any data storage facility or communications facility directly related to or operating in conjunction with such device, but such term does not include an automated typewriter or typesetter, a portable hand held calculator, or other similar device”) it does not define what “authorization” means. And that’s a big problem; because of this, prosecutors can (and have) interpreted this to mean that violations of a website’s Terms of Service are tantamount to accessing that website’s computers “without authorization.”

“Obtain information”

“Obtaining information” could mean a whole swath of things, from downloading top-secret nuclear launch codes to loading a Web page. And again, this legalese could be used to argue that someone has violated the CFAA, and has therefore committed a felony.

“Interstate or foreign communication”

You are almost certainly engaging in “interstate or foreign communication” by reading this article, since Digital Trends’ servers are probably not in the same state (or country) where you live. In other words, using the Internet is, almost by definition, “interstate or foreign communication” with a computer.

“Protected computer”

A “protected computer” under the CFAA is any computer that is connected to a government network, or is used for “interstate or foreign commerce or communication.” So if the computer is connected to the Internet, it is “protected.”

To read the full text of CFAA click here.

How CFAA applies to Terms of Service

Okay, so now that we’ve sifted through the most troubling parts of the CFAA, let’s look at how this applies to websites’ Terms of Service.

Every website you go to, every social network you’ve joined, every Internet-connected service you use has a Terms of Services that you had to agree to before using it. Even your Internet service provider has a Terms of Service. And chances are you didn’t read any of them.

Having read through quite a few myself, however, I know that many of them include a big list of rules – things you can’t do, or ways in which you are expected to conduct yourself. For example, most websites – including behemoths like Google – prohibit access by people under the age of 13. On Facebook, users are barred from using pseudonyms, or doing anything “misleading.” Many websites prohibit the posting of sexually suggestive content, or “harassing” anyone.

If a prosecutor so chooses, she can use the CFAA to argue that anyone who violates a Terms of Service is committing a felony. That means every 12-year-old who uses Google Search (or Facebook, for that matter) could technically be targeted under CFAA.

Case in point

This argument was made most famously in United States v. Drew – a case you’ve probably heard of even if it doesn’t ring a bell. In this case, defendant Lori Drew was accused of violating the CFAA when she made a fake MySpace profile, and used it to torment one of her teenage daughter’s enemies. The girl Drew was bullying, 13-year-old Megan Meir, eventually, tragically, took her own life. Prosecutors argued that Drew’s MySpace communications led to her suicide. Drew was later convicted of a misdemeanor violation of the CFAA.

A judge eventually vacated Drew’s conviction, arguing that it was inappropriate to interpret the CFAA. “But other criminal defendants haven’t been so lucky,” writes Marcia Hofmann, staff attorney for the Electronic Frontier Foundation. Hofmann points to AT&T “iPad hacker” Andrew Auernheimer, who was recently convicted under the CFAA for his role in downloading more than 120,000 email addresses of iPad users that AT&T had left unsecured on its network. (He plans to appeal the conviction.)

“It’s possible that Auernheimer’s unsympathetic reputation as an Internet troll played a role in the government’s decision to indict him,” writes Hofmann. “And the CFAA’s vague and over-broad language gave the jury an excuse to punish someone who didn’t carry out anything remotely resembling a serious computer intrusion, even though that’s the concern that caused Congress to criminalize ‘unauthorized’ access in the first place.”

Will you go to jail for violating a Terms of Service?

Not likely. History shows us that you really have to do more than just use a fake name on Facebook to have the feds pounding down your door.That said, the cases against Swartz, Drew, Auernheimer, and many others proves that you could be targeted, if the federal government views you as a threat. And being able to use CFAA to take down undesirables is a power the U.S. Department of Justice desperately wants to have (PDF).

Relief on the horizon

The death of Swartz has spurred Washington politicians into tackling the absurdity that is the CFAA. Earlier this week, Rep. Zoe Lofgren (D-CA) announced plans to introduce a bill (PDF) that would change the CFAA to explicitly decriminalize Terms of Service violations. But until that bill is signed into law – and there’s no good reason at this point to believe it will – I’d make sure to give those Terms of Service a read before you click “agree.”

Smart Home

Airbnb says sorry to guest for how it dealt with undisclosed security camera

An Airbnb guest recently found a surveillance camera in his rental apartment that hadn't been properly disclosed in the listing. The firm admits its initial response to the guest's complaint was poor, but has since made amends.
Home Theater

Looking to cut cable? Here’s everything you need to know about Pluto TV

Pluto TV offers plenty of entertainment in a fashion similar to live internet TV services, only at no cost — you don’t even need to register. Too good to be true? Here’s everything you need to know.
Computing

Think someone's leeching off your Wi-Fi connection? Here's how to find out

It's important to find out immediately if anyone is stealing your bandwidth. Here's how to tell if someone is stealing your Wi-Fi using a few simple tools, along with some suggestions on improving security.
Movies & TV

Stay inside this winter with the best shows on Hulu, including 'Killing Eve'

It's often overwhelming to navigate Hulu's robust library of TV shows. To help, we put together a list of the best shows on Hulu, whether you're into frenetic cartoons, intelligent dramas, or anything in between.
Social Media

YouTube to crack down on dangerous stunts like the ‘Bird Box’ challenge

YouTube already bans content showing dangerous activities, but new rules published by the site go into greater detail regarding potentially harmful challenges and pranks, including certain blindfold- or laundry detergent-based stunts.
Computing

Pinning websites to your taskbar is as easy as following these quick steps

Would you like to know how to pin a website to the taskbar in Windows 10 in order to use browser links like apps? Whichever browser you're using, it's easier than you might think. Here's how to get it done.
Social Media

Nearly a million Facebook users followed these fake Russian accounts

Facebook purged two separate groups behind more than 500 fake accounts with Russian ties. One group had ties to Russian news agency Sputnik, while the other had behavior similar to the Internet Research Agency's midterm actions.
Computing

Want to save a webpage as a PDF? Just follow these steps

Need to quickly save and share a webpage? The best way is to learn how to save a webpage as a PDF file, as they're fully featured and can handle images and text with ease. Here's how.
Computing

Delete tracking cookies from your system by following these quick steps

Cookies are useful when it comes to saving your login credentials and other data, but they can also be used by advertisers to track your browsing habits across multiple sites. Here's how to clear cookies in the major browsers.
Web

Switch up your Reddit routine with these interesting, inspiring, and zany subs

So you've just joined the wonderful world of Reddit and want to explore it. With so many subreddits, however, navigating the "front page of the internet" can be daunting. Here are some of the best subreddits to get you started.
Smart Home

Amazon Prime members number more than 100 million in the U.S., survey says

Consumer Intelligence Research Partners estimated there were 101 million U.S. Amazon Prime members as of December 31, 2018. Last April, CEO Jeff Bezos wrote there were more than 100 global million Prime members.
Computing

It's not all free money. Here's what to know before you try to mine Bitcoin

Mining Bitcoin today is harder than it used to be, but if you have enough time, money, and cheap electricity, you can still turn a profit. Here's how to get started mining Bitcoin at home and in the cloud.
Computing

Need a free alternative to Adobe Illustrator? Here are our favorites

Photoshop and other commercial tools can be expensive, but drawing software doesn't need to be. This list of the best free drawing software is just as powerful as some of the more expensive offerings.
Computing

Always have way too many tabs open? Google Chrome might finally help

Google is one step closer to bringing tab groups to its Chrome browser. The feature is now available in Google's Chrome Canady build with an early implementation that can be enabled through its flag system.