Crossroads Blog | CYBER SECURITY LAW AND POLICY

Law, law enforcement

As cyberthreats mount, hacker’s conviction underscores criticism of government overreach: WashPo

You probably saw this one already, but ICYMI, here’s a fantastic article by The Washington Post’s Jerry Markon on the mess that is the CFAA.  Tracing the story of Andrew Auernheimer, “a 24-year-old computer hacker suspected of handing off stolen e-mail addresses to the media,” Markon discusses the DOJ’s recent crackdown on hackers like Matthew Keys (the Reuters journalist) and Aaron Swartz.  I thought this excerpt summed up the debate over the CFAA quite nicely:

The case highlights a growing debate over how to define right and wrong in the digital age, what is public and proprietary online, and how far law enforcement should go in pursuing cybercrime.

 

Please click through to the article for the full story, it is worth your time.

I want Congress to amend the CFAA to authorize active defense and/or hackback under limited circumstances.  Other advocates want Congress to amend the CFAA to clarify where and when active defense is legal.  Other advocates want Congress to amend the CFAA to prevent prosecutions of people like Auernheimer, Keys, and Swartz.  Whatever their motivation, a lot of people want to see the CFAA amended.  If cybersecurity legislation ends up being an impossible task (which, unfortunately, it looks to be after the death of an eminently reasonable CISPA which received strong Democrat support), maybe Congress could look to tweak the CFAA; it is long past due.

Leave a Reply