Freddybear writes: Congresswoman Zoe Lofgren proposes a change to the Computer Fraud and Abuse Act (CFAA) which would remove the felony criminal penalty for violating the terms of service of a website and return it to the realm of contract law where it belongs. This would eliminate the potential for prosecutors to abuse the CFAA in pursuit of criminal convictions for simple violations of a website's terms of service.
Freddybear writes: An exception for "law enforcement" built into online privacy protection laws makes it easy for prosecutors to obtain potentially incriminating private information from social media sites like Facebook, while defense lawyers have a hard time getting access to information which can help the defense
This is highlighted in an ongoing Portland murder case. In that case, the defense attorney has evidence of a Facebook conversation in which a key witness reportedly tells a friend he was pressured by police into falsely incriminating the defendant.
Facebook rebuffed the defense attorney’s subpoena seeking access to the conversation, citing the federal Stored Communications Act, which protects the privacy of electronic communications like e-mail – but which carves out an exemption for law enforcement, thus assisting prosecutors. “It’s so one-sided they cooperate 110 percent anytime someone in the government asks for information,” one Oregon attorney told the Portland Oregonian, citing a separate case in which Facebook withheld conversations that could have disproved a rape charge, but turned over the same conversations when the prosecution demanded them.
Freddybear writes: If your computer has been cracked and subverted for use by a botnet or other remote-access attack, is it legal for you to hack back into the system from which the attack originated? Over the last couple of years three legal scholars and bloggers have debated the question on The Volokh Conspiracy weblog. The linked webpage collects that debate into a coherent document.
"The debaters are:
Stewart Baker, a former official at the National Security Agency and the Department of Homeland Security, a partner at Steptoe & Johnson with a large cybersecurity practice. Stewart Baker makes the policy case for counterhacking and challenges the traditional view of what remedies are authorized by the language of the CFAA.
Orin Kerr, Fred C. Stevenson Research Professor of Law at George Washington School of Law, a former computer crimes prosecutor, and one of the most respected computer crime scholars. Orin Kerr defends the traditional view of the Act against both Stewart Baker and Eugene Volokh.
Eugene Volokh, Gary T. Schwartz Professor of Law at UCLA School of Law, founder of the Volokh Conspiracy, and a sophisticated technology lawyer, presents a challenge grounded in common law understandings of trespass and tort."
Freddybear writes: Last Friday, Maryland became the first state to ban employers from asking for access to the social media accounts of employees or applicants. Lawmakers in the US House and Senate are working on legislation that would ban the practice nationally.
Freddybear writes: US Ninth Circuit Court has handed down it's decision in US v Nosal, which concerned whether violation of terms of service could be made a federal crime.
From the ruling: "[W]e hold that the phrase “exceeds authorized access” in the CFAA does not extend to violations of use restrictions. If Congress wants to incorporate misappropriation liability into the CFAA, it must speak more clearly."
This decision contradicts rulings in several other district courts.