Editing Aaron projects/CFAA
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 3: | Line 3: | ||
Draft outline of replacement law underway</center> | Draft outline of replacement law underway</center> | ||
;Goal: Let's | ;Goal: Let's prepare for a full repeal of the CFAA and replacement with sane law. | ||
;Questions: How would we construct good law in these areas, from scratch? | ;Questions: How would we construct good law in these areas, from scratch? | ||
: How do different areas of law, policy, and internet governance view the law and its impact? | : How do different areas of law, policy, and internet governance view the law and its impact? | ||
Line 120: | Line 120: | ||
: This tends to be pretty bad. It's clearly defeating the system, when it requires finding a subtle exploit | : This tends to be pretty bad. It's clearly defeating the system, when it requires finding a subtle exploit | ||
: Can be less bad when a system has an auth system but doesn't use it (e.g. it's never checked) | : Can be less bad when a system has an auth system but doesn't use it (e.g. it's never checked) | ||
; What's the ECTF doing? Who could provide oversight? | ; What's the ECTF doing? Who could provide oversight? | ||
: (cf [http://www.technewsdaily.com/16445-fix-hacking-laws.html fix-hacking-laws essay] and Robert Graham's comment) | : (cf [http://www.technewsdaily.com/16445-fix-hacking-laws.html fix-hacking-laws essay] and Robert Graham's comment) | ||
== Active proposals == | == Active proposals == | ||
Line 162: | Line 160: | ||
== Scenarios == | == Scenarios == | ||
: ''Add yours below | : ''Add yours below'' | ||
* ''War Games'' scenario: someone breaks into a secured machine, accesses government secrets, and uses them to wreak havoc | * ''War Games'' scenario: someone breaks into a secured machine, accesses government secrets, and uses them to wreak havoc | ||
Line 172: | Line 170: | ||
* Using Access to Perform Identity Theft: Nonaurtorized access & distribution of personal or financial information by authorized users exceeding their granted access rights. | * Using Access to Perform Identity Theft: Nonaurtorized access & distribution of personal or financial information by authorized users exceeding their granted access rights. | ||
* Worm introduction: Engineering or introducing code to enable access to unauthorized data via autoreplication & propagation. | * Worm introduction: Engineering or introducing code to enable access to unauthorized data via autoreplication & propagation. | ||