Editing Aaron projects/CFAA

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 3: Line 3:
Draft outline of replacement law underway</center>
Draft outline of replacement law underway</center>


;Goal: Let's decsribe what a full repeal & replacement of the CFAA[http://www.law.cornell.edu/uscode/text/18/1030] should look like.
;Goal: Let's prepare for a full repeal of the CFAA and replacement with sane law.
;Questions: How would we construct good law in these areas, from scratch?  
;Questions: How would we construct good law in these areas, from scratch?  
: How do different areas of law, policy, and internet governance view the law and its impact?   
: How do different areas of law, policy, and internet governance view the law and its impact?   
Line 120: Line 120:
: This tends to be pretty bad.  It's clearly defeating the system, when it requires finding a subtle exploit
: This tends to be pretty bad.  It's clearly defeating the system, when it requires finding a subtle exploit
: Can be less bad when a system has an auth system but doesn't use it (e.g. it's never checked)
: Can be less bad when a system has an auth system but doesn't use it (e.g. it's never checked)


; What's the ECTF doing?  Who could provide oversight?   
; What's the ECTF doing?  Who could provide oversight?   
: (cf [http://www.technewsdaily.com/16445-fix-hacking-laws.html fix-hacking-laws essay] and Robert Graham's comment)
: (cf [http://www.technewsdaily.com/16445-fix-hacking-laws.html fix-hacking-laws essay] and Robert Graham's comment)
; Do MIT and other tech institutions care?
: See [http://swartz-review.mit.edu/node/284 this question] on MIT's Swartz Review site.


== Active proposals ==
== Active proposals ==
Line 162: Line 160:


== Scenarios ==
== Scenarios ==
: ''Add yours below:''
: ''Add yours below''


* ''War Games'' scenario: someone breaks into a secured machine, accesses government secrets, and uses them to wreak havoc
* ''War Games'' scenario: someone breaks into a secured machine, accesses government secrets, and uses them to wreak havoc
* Rooting a box: Someone finds a way to log into a server, has a way to gain root on the server, and executes arbitrary code on it.   
* Rooting a box: Someone finds a way to log into a server, has a way to gain root on the server, and executes arbitrary code on it.   
* DDOS: Someone finds a way to overload a server by using its public services very frequently, causing it to be unavailable for days.
* DDOS: Someone finds a way to overload a server by using its public services very frequently, causing it to be unavaiable for days.
* Social Engineering: Someone gaining access to systems via confidence approach or subterfuge.
* [Swartz case]
* Access Credential Sharing: Sharing commercially acquired user credentials with others (i.e. Netflix login).
* [Morris case]
* Pseudonym Use/Fake Persona: Creating one or more access accounts using pseudonyms/manufactured persona in breach of website or service EULA.
* [Scenarios of other existing CFAA cases? Wikipedia lists "notable cases" here: http://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act#Notable_cases_and_decisions_referring_to_the_Act]
* Using Access to Perform Identity Theft: Nonaurtorized access & distribution of personal or financial information by authorized users exceeding their granted access rights.
* Worm introduction: Engineering or introducing code to enable access to unauthorized data via autoreplication & propagation.
* ...
Please note that all contributions to Noisebridge are considered to be released under the Creative Commons Attribution-NonCommercial-ShareAlike (see Noisebridge:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following CAPTCHA:

Cancel Editing help (opens in new window)