Web

You’re probably unknowingly breaking laws online thanks to the CFAA

Computer crime sceneThe tragic death of Internet activist Aaron Swartz, who killed himself last Friday amidst prosecution for downloading 4.8 million academic articles from JSTOR, has brought one of the primary U.S. computer crime laws under intense public scrutiny. Known as the Computer Fraud and Abuse Act, or CFAA, the law was the basis for 11 of the 13 felony charges against Swartz, who faced more than three decades in prison and a potential $1 million fine for his actions. Some of these CFAA-related charges partially stem from the fact that Swartz violated JSTOR’s Terms of Service – you know, the type of absurdly long document we all agree to but never read.

If Swartz could be charged with nearly a dozen felonies for violating a ToS, does that mean anyone who violates such terms could be charged with federal crimes?

What is the CFAA?

Enacted in 1986 as an amendment to the Counterfeit Access Device and Abuse Act, the CFAA makes it illegal to do a whole bunch of stuff related to computers and computer networks, from stealing government documents and committing fraud to sending out spam emails. It’s an extremely broad law, which means a lot of activities can get pushed under its umbrella by federal prosecutors. And it’s been amended so many times that it’s completely unruly.

Why the CFAA is problematic

Much of this breadth is due to the fact that the CFAA prohibits anyone from accessing a computer “without authorization” or by “exceeding authorized access” for certain purposes, which includes attempts to “obtain information” from a “protected computer” if doing so includes “interstate or foreign … communication”.

Now, this probably sounds like a bunch of legal blather – and it is – but it is legal blather that could potentially affect anyone who uses the Web. Here’s why:

“Without authorization”

While the CFAA does explicitly define what a computer is (“an electronic, magnetic, optical, electrochemical, or other high speed data processing device performing logical, arithmetic, or storage functions, and includes any data storage facility or communications facility directly related to or operating in conjunction with such device, but such term does not include an automated typewriter or typesetter, a portable hand held calculator, or other similar device”) it does not define what “authorization” means. And that’s a big problem; because of this, prosecutors can (and have) interpreted this to mean that violations of a website’s Terms of Service are tantamount to accessing that website’s computers “without authorization.”

“Obtain information”

“Obtaining information” could mean a whole swath of things, from downloading top-secret nuclear launch codes to loading a Web page. And again, this legalese could be used to argue that someone has violated the CFAA, and has therefore committed a felony.

“Interstate or foreign communication”

You are almost certainly engaging in “interstate or foreign communication” by reading this article, since Digital Trends’ servers are probably not in the same state (or country) where you live. In other words, using the Internet is, almost by definition, “interstate or foreign communication” with a computer.

“Protected computer”

A “protected computer” under the CFAA is any computer that is connected to a government network, or is used for “interstate or foreign commerce or communication.” So if the computer is connected to the Internet, it is “protected.”

To read the full text of CFAA click here.

How CFAA applies to Terms of Service

Okay, so now that we’ve sifted through the most troubling parts of the CFAA, let’s look at how this applies to websites’ Terms of Service.

Every website you go to, every social network you’ve joined, every Internet-connected service you use has a Terms of Services that you had to agree to before using it. Even your Internet service provider has a Terms of Service. And chances are you didn’t read any of them.

Having read through quite a few myself, however, I know that many of them include a big list of rules – things you can’t do, or ways in which you are expected to conduct yourself. For example, most websites – including behemoths like Google – prohibit access by people under the age of 13. On Facebook, users are barred from using pseudonyms, or doing anything “misleading.” Many websites prohibit the posting of sexually suggestive content, or “harassing” anyone.

If a prosecutor so chooses, she can use the CFAA to argue that anyone who violates a Terms of Service is committing a felony. That means every 12-year-old who uses Google Search (or Facebook, for that matter) could technically be targeted under CFAA.

Case in point

This argument was made most famously in United States v. Drew – a case you’ve probably heard of even if it doesn’t ring a bell. In this case, defendant Lori Drew was accused of violating the CFAA when she made a fake MySpace profile, and used it to torment one of her teenage daughter’s enemies. The girl Drew was bullying, 13-year-old Megan Meir, eventually, tragically, took her own life. Prosecutors argued that Drew’s MySpace communications led to her suicide. Drew was later convicted of a misdemeanor violation of the CFAA.

A judge eventually vacated Drew’s conviction, arguing that it was inappropriate to interpret the CFAA. “But other criminal defendants haven’t been so lucky,” writes Marcia Hofmann, staff attorney for the Electronic Frontier Foundation. Hofmann points to AT&T “iPad hacker” Andrew Auernheimer, who was recently convicted under the CFAA for his role in downloading more than 120,000 email addresses of iPad users that AT&T had left unsecured on its network. (He plans to appeal the conviction.)

“It’s possible that Auernheimer’s unsympathetic reputation as an Internet troll played a role in the government’s decision to indict him,” writes Hofmann. “And the CFAA’s vague and over-broad language gave the jury an excuse to punish someone who didn’t carry out anything remotely resembling a serious computer intrusion, even though that’s the concern that caused Congress to criminalize ‘unauthorized’ access in the first place.”

Will you go to jail for violating a Terms of Service?

Not likely. History shows us that you really have to do more than just use a fake name on Facebook to have the feds pounding down your door.That said, the cases against Swartz, Drew, Auernheimer, and many others proves that you could be targeted, if the federal government views you as a threat. And being able to use CFAA to take down undesirables is a power the U.S. Department of Justice desperately wants to have (PDF).

Relief on the horizon

The death of Swartz has spurred Washington politicians into tackling the absurdity that is the CFAA. Earlier this week, Rep. Zoe Lofgren (D-CA) announced plans to introduce a bill (PDF) that would change the CFAA to explicitly decriminalize Terms of Service violations. But until that bill is signed into law – and there’s no good reason at this point to believe it will – I’d make sure to give those Terms of Service a read before you click “agree.”

Web

Shutdown makes dozens of .gov websites insecure due to expired TLS certificates

The US government shutdown is causing trouble in internet security. As the shutdown enters day 22, dozens of government websites have been rendered insecure or inaccessible due to expired transport layer security (TLS) certificates.
Home Theater

Looking to cut cable? Here’s everything you need to know about Pluto TV

Pluto TV offers plenty of entertainment in a fashion similar to live internet TV services, only at no cost — you don’t even need to register. Too good to be true? Here’s everything you need to know.
Home Theater

The seven best TVs you can buy right now, from budget to big screen

Looking for a new television? In an oversaturated market, buying power is at an all-time high, but you'll need to cut through the rough to find a diamond. We're here to help with our picks for the best TVs of 2019.
Movies & TV

The best shows on Netflix, from 'Haunting of Hill House’ to ‘Norsemen’

Looking for a new show to binge? Lucky for you, we've curated a list of the best shows on Netflix, whether you're a fan of outlandish anime, dramatic period pieces, or shows that leave you questioning what lies beyond.
Computing

Make a GIF of your favorite YouTube video with these great tools

Making a GIF from a YouTube video is easier today than ever, but choosing the right tool for the job isn't always so simple. In this guide, we'll teach you how to make a GIF from a YouTube video with our two favorite online tools.
Mobile

Apple Maps boosts Flyover locations, indoor mall maps, and more

In a boost for Apple Maps, the tech company has recently added more than 50 new locations for Flyover, the feature that offers spectacular 3D photo views of particular cities and famous landmarks around the world.
Smart Home

Booth babes, banned sex toys, and other mishaps at CES 2019

From female sex toys bans, to fake Tesla/robot collision stories, there was some weird stuff going on at CES 2019 this year. Here are some of the biggest mishaps and flubs at the world's biggest tech show.
Mobile

Google has found a clever way to make your search history more useful

Google has found a clever way to make more use of your search history by showing links to pages you've visited before. Ideal for repeat searches for the same page, the links show up on cards at the top of mobile search results.
Computing

Our favorite Chrome themes add some much-needed pizzazz to your boring browser

Sometimes you just want Chrome to show a little personality and ditch the grayscale for something a little more lively. Lucky for you, we've sorted through the Chrome Web Store to find best Chrome themes available.
Social Media

A quick swipe will soon let you keep bingeing YouTube on mobile devices

The YouTube mobile app has a new, faster way to browse: Swiping. Once the update rolls out, users can swipe to go to the next (or previous) video in the recommended list, even while viewing in full screen.
Business

Cathay Pacific messes up first-class ticket prices — again

A couple of weeks ago, an error on Cathay Pacific's website resulted in first-class seats selling for a tenth of the price. On Sunday, January 13, the airline made the error again. The good news is that it'll honor the bookings.
Computing

Reluctant to give your email address away? Here's how to make a disposable one

Want to sign up for a service without the risk of flooding your inbox with copious amounts of spam and unwanted email? You might want to consider using disposable email addresses via one of these handy services.
Social Media

YouTube to crack down on dangerous stunts like the ‘Bird Box’ challenge

YouTube already bans content showing dangerous activities, but new rules published by the site go into greater detail regarding potentially harmful challenges and pranks, including certain blindfold- or laundry detergent-based stunts.
Computing

Pinning websites to your taskbar is as easy as following these quick steps

Would you like to know how to pin a website to the taskbar in Windows 10 in order to use browser links like apps? Whichever browser you're using, it's easier than you might think. Here's how to get it done.