Editing Aaron projects/CFAA
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 3: | Line 3: | ||
Draft outline of replacement law underway</center> | Draft outline of replacement law underway</center> | ||
;Goal: Let's | ;Goal: Let's prepare for a full repeal of the CFAA and replacement with sane law. | ||
;Questions: How would we construct good law in these areas, from scratch? | ;Questions: How would we construct good law in these areas, from scratch? | ||
: How do different areas of law, policy, and internet governance view the law and its impact? | : How do different areas of law, policy, and internet governance view the law and its impact? | ||
Line 120: | Line 120: | ||
: This tends to be pretty bad. It's clearly defeating the system, when it requires finding a subtle exploit | : This tends to be pretty bad. It's clearly defeating the system, when it requires finding a subtle exploit | ||
: Can be less bad when a system has an auth system but doesn't use it (e.g. it's never checked) | : Can be less bad when a system has an auth system but doesn't use it (e.g. it's never checked) | ||
; What's the ECTF doing? Who could provide oversight? | ; What's the ECTF doing? Who could provide oversight? | ||
: (cf [http://www.technewsdaily.com/16445-fix-hacking-laws.html fix-hacking-laws essay] and Robert Graham's comment) | : (cf [http://www.technewsdaily.com/16445-fix-hacking-laws.html fix-hacking-laws essay] and Robert Graham's comment) | ||
== Active proposals == | == Active proposals == | ||
Line 162: | Line 160: | ||
== Scenarios == | == Scenarios == | ||
: ''Add yours below | : ''Add yours below'' | ||
* ''War Games'' scenario: someone breaks into a secured machine, accesses government secrets, and uses them to wreak havoc | * ''War Games'' scenario: someone breaks into a secured machine, accesses government secrets, and uses them to wreak havoc | ||
* Rooting a box: Someone finds a way to log into a server, has a way to gain root on the server, and executes arbitrary code on it. | * Rooting a box: Someone finds a way to log into a server, has a way to gain root on the server, and executes arbitrary code on it. | ||
* DDOS: Someone finds a way to overload a server by using its public services very frequently, causing it to be | * DDOS: Someone finds a way to overload a server by using its public services very frequently, causing it to be unavaiable for days. | ||
* | * [Swartz case] | ||
* | * [Morris case] | ||
* | * [Scenarios of other existing CFAA cases? Wikipedia lists "notable cases" here: http://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act#Notable_cases_and_decisions_referring_to_the_Act] | ||