
I conceal my identity the same way Aaron was indicted for - twentysix
http://erratasec.blogspot.com/2013/01/i-conceal-my-identity-same-way-aaron.html
======
watty
Context is important in law. It's not illegal to change your mac address or
wear a ski mask. It can be illegal to do both of these things while committing
other crimes.

I'm really sick of these sensational posts/comments showing up on HN. I know,
I'm not supposed to complain about quality of posts or comments but the past
week has really changed my view on the current state of HN. Witch hunts,
sensational stories, jumping to conclusions, hating the law/government, etc.
Let's go back to technical news.

~~~
clicks
You have completely and absolutely missed the point.

Changing MAC addresses (upon every restart) is something I do too. It is an
extremely easy thing to do. That such an obvious thing will effortlessly add
to a list of charges, amplifying the prosecutor's case for no good reason, is
what the issue is.

The most frustrating thing about your comment is your condescending attitude.
It's exactly this kind of behavior that is sliding us down a path of draconian
laws that will in the end harm us all. Please think before going off like
this.

~~~
ajross
I think you're completely and absolutely talking past the argument.

In the law as it exists, doing something "anonymously" for the purpose of
committing a crime is itself a crime. It's _not_ the act of changing the MAC
address that is illegal by itself. That was the point.

Your point, I think, is that that "extra" crime is a silly law. Which I think
many of us agree with. But it's still the law, and it's not unreasonable for a
prosecutor to enforce it. In fact, they have a duty to do so.

Turning around and claiming that "the gubmint wants to lock up MAC
randomizers!", however, is just dumb. That's not what the law in this case
says at all.

~~~
AnthonyMouse
>In the law as it exists, doing something "anonymously" for the purpose of
committing a crime is itself a crime. It's not the act of changing the MAC
address that is illegal by itself.

What, then, was the underlying crime, if not this unauthorized access nonsense
where access was allegedly unauthorized only because he was supposedly hiding
his identity? Keep in mind that it wasn't copyright infringement (which
normally isn't criminal anyway), because it wasn't JSTOR pressing charges, it
was MIT.

>Your point, I think, is that that "extra" crime is a silly law. Which I think
many of us agree with. But it's still the law, and it's not unreasonable for a
prosecutor to enforce it.

But there are two issues here: There is what prosecutors did, and what the law
allowed them to do. Even if you don't have a problem with the prosecutors, we
can still have a problem with the law and work to have it changed.

>In fact, they have a duty to do so.

No they don't. They have prosecutorial discretion. If the application of the
law in a particular case is ridiculous, they have no legal or professional
obligation to press those charges.

~~~
bad_user
> _No they don't. They have prosecutorial discretion. If the application of
> the law in a particular case is ridiculous, they have no legal or
> professional obligation to press those charges._

You either break the law, or you don't. The law should be the same for
everybody and should NOT be applied selectively. It's actually outrageous that
you imply otherwise.

Because this happens it's precisely the reason for why we have ridiculous laws
in the first place. If this goes on pretty soon everybody will be a criminal,
but the world will still turn for you, until you manage to upset somebody you
shouldn't have.

And since we are on the subject, that's how the law works in totalitarian
states.

~~~
erichocean
_You either break the law, or you don't._

This viewpoint is incredibly naive, and also wrong.

The law is not black or white, it _is_ selectively enforced all the time, and
context _does_ matter in its application.

~~~
rapind
Exactly, and the reason for this is that we can't cover all possibilities with
enough granularity for black and white to be close to reasonable.

If it was illegal to break a lock (black and white), then the guy who breaks a
lock to steal your TV gets the same sentence as the guy who breaks his own
lock because he forgot his keys, and the same as the guy who breaks a lock to
get into a burning building to save a child, etc. Obviously this is
ridiculous, but even so, how could we possibly cover all of the motivations
for breaking a lock?

How could we cover all of the motivations for hiding your identity? How could
it ever be black and white if we can't?

If we could, then the entire justice system could then be automated.

~~~
AnthonyMouse
>Obviously this is ridiculous, but even so, how could we possibly cover all of
the motivations for breaking a lock?

But here's the thing: That's why it isn't illegal to "break a lock." It's
illegal to e.g. steal things. Because that's what we want to prohibit, not
breaking locks, even if breaking locks is a thing mostly done by criminals who
are trying to steal things.

~~~
jack-r-abbit
I don't believe you have to actually steal anything to be guilty of "breaking
and entering".

[http://dictionary.findlaw.com/definition/breaking-and-
enteri...](http://dictionary.findlaw.com/definition/breaking-and-
entering.html)

~~~
AnthonyMouse
Neither are you guilty of "breaking and entering" if you break your own lock.
And you might also notice that the penalty for breaking and entering is a lot
lower than it is for e.g. grand larceny (or, for that matter, murder).

~~~
rapind
You're missing the point (intentionally or not, I can't say). So to take a bad
analogy even further...

I'm a lock troll. I like to go around breaking people's locks. I never steal
anything, I just break locks because I'm a prick like that.

This guy I know, Franky, broke a lock the other day in order to save a child
from a burning building.

How would you propose a black and white system handle this? Do I get to run
around breaking locks with impunity, or are we going to punish Franky for the
method of his good deed. I mean, the good deed's nice and all, but irrelevant
to the matter at hand right?

~~~
AnthonyMouse
1) You don't have a law against breaking locks. You have a law against willful
destruction of other peoples' property, and locks are property.

2) You have an exception to such laws for exigent circumstances or implied
consent.

Here is the flaw in your argument: We don't have to nail _everything_ down to
nail _part of something_ down. We don't have to define "exigent circumstances"
mathematically or put the badge number of authorized fire marshals in the
statute. That doesn't mean we can't do better than obscenely broad and vague
nonsense like "unauthorized access to a computer."

There is a reason we have laws more specific than "anyone who does anything
bad shall be punished by a fine of up to one hundred trillion dollars or up to
one thousand years in prison."

~~~
rapind
My point was never that we should be as vague as possible. My point was that
you could never be specific enough to not require context. The mere
possibility of exigent circumstances guarantees it.

I don't think we're actually in disagreement. Maybe my analogy was just that
badly thrown together?

~~~
AnthonyMouse
What happened is that you managed to hit on one of my pet peeves, which is
laws that prohibit innocuous things just because sometimes bad people do them.
Like the DMCA prohibition on circumventing technical measures that control
access to a copyrighted work. I _really hate_ laws like that because they
criminalize legitimate conduct (like circumventing for the purposes of fair
use criticism) and have no benefit whatsoever over just applying the same
penalties to the real bad act (e.g. copyright infringement that isn't fair
use), all they do is expand the scope of criminality beyond the actually
undesirable act so that it ensnares otherwise upstanding and innocent people.
This is especially bad when the penalties are calibrated for the worst
possible intent in doing the thing, e.g. mass scale for-profit infringement,
and then applied with that severity to everyone in violation of
proportionality.

The CFAA is the same way. It prohibits unauthorized access, which seems like
it would generally be bad (though it's vague enough that who knows) and with
no provision for looking into the circumstances to evaluate how bad, then goes
on to impose penalties as though the unauthorized access was in furtherance of
something like terrorism or bank fraud rather than accessing a wifi to check
your email, even though the latter is still covered and subject to the same
extreme penalties.

And none of this is about black and white, which is why I objected to the
example. Wanting black and white laws is about fighting vagueness: Too much
specificity is bad because it's too complicated and no one can understand it
(see: tax code), but too much vagueness is also bad -- even worse -- because
then you have no possible way to know what it actually means until you get
told by a judge, by which point it's far too late.

The problem with your example is that it isn't an example of too much
vagueness, it's an example of too much breadth. Take two examples: "Don't do
things" and "don't do bad things without a good reason." The first isn't
really vague at all -- it just covers _everything_ , which is useless and
stupid. So the problem is that it's too broad. The second isn't too broad --
it's pretty good at only criminalizing things that ought to be -- but it's
hopelessly vague.

And it's overbreadth which is the trouble with "it is illegal to break locks."
It covers breaking locks even for good reasons. So you need a list of
exclusions or you end up like the DMCA: You're allowed to break them if
they're your locks, or if necessary in order to do something legitimate, etc.
Which is actually a counterexample of being okay with relatively simple laws
and not needing a list of caveats to go along with them. Because we _can't_
make things _that_ simple, or we get the DMCA and the CFAA, which are both
terrible and need to be seriously overhauled.

~~~
jack-r-abbit
Great response. Well thought out and articulated.

------
downandout
Under the CFAA, it might in fact be illegal to randomize your MAC address
depending on the terms of use for the network you are accessing. It is not
illegal for this guy to access his home network in this way, because he owns
the network. However, the danger of the CFAA is that it makes it a crime to
violate user agreements - which can say anything that the network or site
owner wants them to. It effectively allows anyone to author and implement
their own criminal laws and have them be enforced by the full power of the
federal government.

As for the wire fraud implications (which are separate from the CFAA), if you
cause a false statement to be transmitted for the purpose of obtaining money
or property, you have committed wire fraud and face a potential 20 year
sentence. Spoofing MAC addresses to exceed access limits, for example, would
qualify. You are causing your device to mask its true identity for the purpose
of obtaining "property" that you wouldn't otherwise have access to.

~~~
timbre
At least one court, in US vs Lori Drew
(<http://en.wikipedia.org/wiki/United_States_v._Lori_Drew>) has determined
that violation of terms of use does _not_ qualify as "unauthorized access"
under the CFAA.

~~~
danielweber
And the lawyer that won in that case (Orin Kerr) did a nice write-up of the
case from a legal perspective earlier this week:
<http://www.volokh.com/2013/01/14/aaron-swartz-charges/>

------
JayNeely
_Besides taking the "civil liberty" angle, I'm trying to get to the
"witchcraft" angle. As Arthur C Clarke puts it, "Any sufficiently advanced
technology is indistinguishable from magic". Here is my corollary: "Any
sufficiently technical expert is indistinguishable from a witch". People fear
magic they don't understand, and distrust those who wield that magic. Things
that seem reasonable to technical geeks seem illegal to the non-technical._

Excellent insight.

~~~
rayiner
No, it's wild self aggrandizement.

~~~
JayNeely
Why do you think so?

~~~
rayiner
He's basically saying "I'm being persecuted because I'm so much smarter than
everyone else they can't possibly understand me, and people attack what they
don't understand."

~~~
jlgreco
Is _really_ such an unlikely reality?

The general public is quite ignorant about technical matters. This becomes
evident when, just as a trivial example, you complain about technical
inaccuracies in a hollywood movie. You'll immediately be told in no unclear
terms that the general public neither knows nor cares.

People attacking that which they do not understand is just as old as recorded
history. I'll take that phenomenon as just an axiom of human behaviour.

~~~
dpark
> _the general public neither knows nor cares._

Exactly. The general public does not care about tedious technical things you
can do. Nor should they. Spoofing your MAC address simply isn't interesting to
other people.

> _People attacking that which they do not understand is just as old as
> recorded history. I'll take that phenomenon as just an axiom of human
> behaviour._

This is sad cynicism. In general, people don't just arbitrarily attack things
they don't understand. And people certainly don't attack things they don't
care about. You kind of have to care about something in order to put in the
effort to attack it.

~~~
jlgreco
People certainly care about hacking, why do you think it is in the movies so
much? What people don't care about is an _accurate portrayal_ of hacking.

The problem occurs when people are trying to make ethical calls in a context
outside of hollywood movies. Any string of technobable sounds insidious to
them; writers (quite reasonably) use this to their advantage to reduce the
amount of research they need to do, but prosecutors also use it to their
advantage.

> _You kind of have to care about something in order to put in the effort to
> attack it._

Yeah, and that something they care about is _"ze evil haxxors"_. They care
about a topic they have absolutely no technical insight into.

~~~
dpark
You're conflating a number of separate issues. Sure, people care about
"hacking". That doesn't mean that the general public automatically attacks
anyone accused of hacking. More to the point, is there some evidence that the
general public considers MAC spoofing to be hacking? Most people don't know
what MAC spoofing is, and don't care. Sure, if you can convince someone that
MAC spoofing is hacking, then you might be able to convince them to care, but
first you have to convince them that it's hacking.

> _Any string of technobable sounds insidious to them; writers (quite
> reasonably) use this to their advantage to reduce the amount of research
> they need to do, but prosecutors also use it to their advantage._

Any string of technobabble sounds like technobabble to the average person. It
makes no sense to them, by design. That doesn't mean they automatically
consider it evil or hacking. Writers use this to their advantage because they
know they can assign whatever meaning they want to the technobabble by using
appropriate framing. Now a prosecutor might well stand up and spout a bunch of
technobabble and then say "that's hacking". The defense needs to stand up and
explain why that's stupid.

A prosecutor in a medical malpractice trial could also stand up and describe a
heart bypass surgery using medical terms and then announce that the doctor is
clearly responsible for the patient's death. It would be pure medical babble
to the typical jury, and without accurate context, the jury could indeed be
led to believe that the doctors actions were negligent or even malicious,
despite them being standard procedure. The defense needs to step up and
provide context for those terms that the jury doesn't understand. (The judge
also needs to step up and not allow the prosecution to intentionally mislead.)
The jury here isn't attacking the doctor, though. They're making a judgement
based on the information they are provided.

~~~
jlgreco
You seem to not understand how fiction works.

When all the spinning 3d shit appears on the movie screen, the audience does
not automatically think "hacking". But they _do_ think that once the movie
tells them it is hacking. _(Of course audience members have come to expect
certain depictions to be described as hacking)_ If you spew technobabble at a
layman and tell them that you are rehashing a microwave oven, they'll believe
you, even though that makes no sense. When a prosecutor spews technobabble
about graphology, the layman is going to think it is evidence, not because
when they hear the technobabble they think "hard evidence" but because when
the _prosecutor_ spews it and _calls it_ evidence, they think "evidence".

When a prosecutor spews what seems to be nonsense about MAC addresses, and
calls it leet illegal hacks, do you _really_ think that the layman is going to
sit there and second guess that assessment? _Really?_

The general public cares about illegal hacking. The general public has no idea
what illegal hacking looks like. When the general public is shown something
alien to them, and then _told_ it is illegal hacking, you would be insane to
think they would not react in fear of it.

If they understood the subject matter, they would act rationally even if they
did not understand the particulars; for example, if they understand the basic
premises of medicine. Now, if you had a surgeon describe the familiar (say an
appendectomy) in unfamilar detailed medical jargon, your standard layman is
going to be a hell of a lot more stressed out over the procedure. Why? Because
the unfamilar frightens.

~~~
rayiner
Being persuaded by technical jargon is not the same thing as simply attacking
someone for having technical skills, as was the original implication.

And for better or worse, juries are tasked all the time with coming to
conclusions in problem domains that might be beyond their understanding. This
is not unique to the technical realm nor is it a new phenomenon. A jury in a
complex insurance or securities dispute is going to need things explained to
them just as much as in a computer hacking case. Indeed, I'd argue it's much
easier to explain to someone what MAC address spoofing is than to explain to
them what the LIBOR manipulation entailed.

------
CurtHagenlocher
I am not a lawyer, and neither is the author. But I suspect that there's
nothing illegal about randomizing your MAC address or concealing your online
identity. It's the combination of those things and committing some other
"crime" (ie accessing data or systems for which you don't have permission)
that becomes a problem, in that it shows intent to deceive the other party.

But again, I am not a lawyer.

~~~
lukifer
The problem is that the various computer crime laws are vague and subject to
interpretation. I read an article recently claiming that accessing a URL
manually that is not intentionally exposed via a public link could be
considered a form of unauthorized access and wire fraud.

~~~
mpyne
The problem is that the laws _have_ to be almost impossibly vague. In just a
few years we move from Sun RPC to DCOM/ActiveX to XML to SOAP to various SOA
web standards onward to REST APIs/Ajax/etc. etc.

That's why the law leaves it couched in terms unlikely to change (like
"authorized access", "intentionally" doing something, etc.) and leave the
charges to be considered in light of the totality of what went on.

Would a jury convict on typing in one URL, realizing it gave access to an
admin panel and just leaving the site immediately? Hopefully not...

Would a jury convict on building a screen-scraper that steals the password for
users by incrementing ID's on a URL that wasn't public but wasn't properly
secured? I would think so. Sometimes the circumstances of the case matter more
than the law itself.

~~~
AnthonyMouse
>The problem is that the laws _have_ to be almost impossibly vague.

No they don't! Please don't say things like that in public, someone may
actually believe you.

It is not possible for the laws to be perfect. They can't be like programs or
catch every possible nuance or edge case (and when they try they look like the
tax code). But we have specific articulable laws that are severely defective
in ways that _normal_ laws aren't, and they can certainly be improved to
attain roughly the same level of imperfection found in the large body of
legislation rather than their current state of total absurdity.

~~~
mpyne
For ours laws that can be clarified then by all means let's get those
clarified.

By what I mean by almost impossibly vague is things like even basic elements
of the CFAA. There have been debates up and down HN, Reddit, and across the
web about whether logging onto a website that uses laughably poor
authentication schemes even _counts_ as "unauthorized access".

If a specific-enough term like "unauthorized access" can lead to so much
controversy in practice then yes, I don't see how one could argue that a legal
code could simultaneously encompass all reasonable aspects of computer
technology, in the present and future, and still not be at least somewhat
vague.

It's the principle of indirection applied at a legal level. "What does
unauthorized access mean? Well, I guess that's for the specific judge to hash
out and the specific jury to decide"

~~~
AnthonyMouse
"Unauthorized access" is why it's defective. The wording is wrong and the
penalties are wrong. Here's an example. This is the MA law against trespass:
[http://www.malegislature.gov/Laws/GeneralLaws/PartIV/TitleI/...](http://www.malegislature.gov/Laws/GeneralLaws/PartIV/TitleI/Chapter266/Section120)

Penalty: "shall be punished by a fine of not more than one hundred dollars or
by imprisonment for not more than thirty days or both such fine and
imprisonment."

On top of that, look at the wording: You have to have some specific notice
that you're unauthorized before it's trespass. And _then_ the penalty is a
$100 fine or 30 days. So okay, you want to have the digital equivalent of
trespass, let's do the same thing: You have to have been specifically told
(not implied by some trumped up circumstantial nonsense about MAC and IP
addresses or URLs) that you aren't allowed to access a particular computer and
then have done it anyway, and then the penalty should be $100 or 30 days.

Because that's the trivial offense. That's the one that should have the
_really low_ penalties because it doesn't _necessarily_ imply any substantial
harm. The high penalties should be for high value financial fraud or
misappropriating classified materials or disrupting the control systems at a
power plant or a chemical processing facility, and they should each be
separated out so that we know what they are and have penalties proportional to
the specific offense.

And to do that we don't need to talk about XML or SOAP or AJAX, because that
isn't what matters. It doesn't matter specifically how you did it, it matters
what you did and what you intended to do. This is why we don't have laws
against trespassing while wearing a yellow shirt. Because you don't need to
specify the _irrelevant_ details, only the relevant ones, and the specific
underlying technology is almost always irrelevant to a particular class of
criminal activity. Sometimes it does make a difference, and then you need to
update the law, but that doesn't actually happen so often that we can't keep
up with it if we're paying attention.

------
juzfoo
Why should we even be trying to sugarcoat what he did? His intention was right
but perhaps means weren't and thats how every rebel goes about doing their
stuff. They aren't too much concerned about "confirming", and ,duh, not for
nothing they are a rebel. The moment the society and the government start
treating A Rebel With a Cause for the means they take than read the message
they are trying to convey, it invariably shows the rot in the system. A system
that doesnt like mirror being shown at. Lets please stop finding reasons for
Aaron's action, instead lets accept what he did was not confirming to the
system, we also need people who question and challenge the system not just
those who confirms!

~~~
wlievens
There's also the notion of proportionality.

------
nsmartt
As I understand it, the problem was that he continued to connect to the
network after being kicked off. It's unauthorized access.

I don't really know how to explain how I feel about it, but that's my
understanding.

~~~
tomp
No, he wasn't kicked off, just the MAC address of his laptop was banned. As
the article author wrote, if someone blocks your number, it's not illegal to
call him/her from a different phone number.

Maybe they could make it illegal if they got a restraining order, but AFAIK
MIT did not do that.

~~~
freehunter
Perhaps its different for me since I work in information security, but if
there's someone connected to our guest network (where we have no identity
information) and their computer is misbehaving, the only recourse we have to
demonstrate that they are not welcome anymore is to terminate their session
and block their MAC address. There's literally no other way to get in contact
with them.

I would say it's safe to assume that if your MAC address gets banned, it was
for a reason. It means you're not welcome on the network anymore.

~~~
RobAley
The retort would be : If you want to be able to address me, you don't have to
have an open network, you can require registration and/or other physical
verification first. You have chosen to run a network where you can't identify
or talk to me, you should therefore know that I won't necessarily know what
you're wanting. Some places have a policy that older versions of OSes aren't
permitted on the network, and you'll get booted for that. Doesn't mean that
you aren't welcome after you've updated your system or changed to another PC.
But you haven't told me why you booted me, so I can't know for sure that I'm
not welcome again.

~~~
danielweber
_But you haven't told me why you booted me, so I can't know for sure that I'm
not welcome again._

Because Aaron is not an idiot, he knew exactly the reason he was being booted
from the network: because he kept on abusing it to access JSTOR.

Courts, for good reason, have very little sympathy for the "duuuhhhhhh, they
didn't explicitly tell me not to do that" defense for adults.

~~~
RobAley
The courts can and do, particularly when a particular crime specifies that you
violate a specific placed prohibition. In Arrons case (without knowing
precisely what went on), it may very well be possible to argue that he thought
the banning of the mac address was e.g. a warning, an automated trip/response
that the administration may not agree with in his deserving case, related to a
period of overload on the system (i.e. temporary ban) etc. And the court would
need to believe "beyond reasonable doubt" that none of those were the case.
The courts (usually) take a common sense approach like you suggest when your
argument of "duuuhhhhhh, they didn't explicitly tell me not to do that" has
very little to back it (i.e. no plausible explanation of why you thought it
necessary for them to explicitly say it). But backed by a reasonable, or at
least feasible, alternative, the courts often side with the defendant.

------
ChristianMarks
The author has not bothered to read the indictment. Maybe he should talk with
MIT's sysadmins, who were attempting to block Swartz's MAC address as he
changed them when the MIT sysadmins found out about them. They were trying to
block Swartz. It's their network. The author's blog post doesn't mention any
of this. What the author should do is block his own access based on his MAC
address, change his MAC address to get around his own block, and then blog
about it. He could wear a bike helmet to conceal his identity and run away
when he attempts to apprehend himself, for extra realism. Then he could think
about the implications for the case, as a "security" expert.

~~~
randomdata
It is their network, but does changing a MAC address to resolve, presumably,
flaky network problems count as circumvention? I don't think Access was meant
to imply Authentication in the naming of MAC.

If my telephone at home suddenly and inexplicably stopped working and I walked
up the pay phone down the street to get another phone number, am I running the
risk of legal consequences because my own phone number may have been cut off
on purpose?

If he was explicitly told why his MAC addresses were being blocked, you may
have a point. However, if he was explicitly talked to about what was going on,
how was it able to escalate to the level it did?

~~~
ChristianMarks
I think you should read the NY Times article on how AS worked assiduously to
avoid detection.

------
BashiBazouk
I always wonder at these sort of tinfoil hat articles. It seems to me that
someone who has the skills and access to the internet but does not leave much
of a trace is a huge red flag for what ever the tinfoil hatter fears. A better
strategy would be to boot in to your original MAC address then have a covert
switch that randomizes it for doing things out of the ordinary, then returns
it to normal once they are done. If you fear you are being tracked, it would
be better to leave a completely normal, boring footprint that is easy to find.
Normal boring Facebook page, tweets, etc. All the way down to a cache of
vanilla porn on your hard drive with just a hint of kink for that ah ha
moment. Then anything that goes beyond what you want that footprint to look
like then moves to randomized MAC addresses, TOR networks and all the other
tricks…

------
nitrogen
I once did a test on my own network to see what would happen if I assigned two
computers the same MAC address (but different IP addresses). You know what
happened? Nothing. Despite my best efforts (for all of 30 seconds), I couldn't
see any meaningful difference in the behavior of the computers. I was
expecting tons of dropped packets as my switches tried to figure out what port
that address was really on, but it didn't happen.

------
louischatriot
I anxiously await the day (that may never come) when legislators actually
understand what they do when they try to regulate technology.

------
annnnd
You do know that being the only iPhone user in the world who tells that he is
using HTC One X is actually a pretty lead on you? :)

Sometimes the very acts that you do when trying to conceal your identity can
be used to reveal it.

------
hcarvalhoalves
The charges are most likely not for _how_ he did (spoof MAC addresses), but
_what_ he did (redistribute material he obtained without permission). A crime
exists if it can proved there's intention.

------
TheAmazingIdiot
This argument goes towards the DMCA, as well as what is considered under the
CFAA..

"Intentionally accessing a computer without authorization to obtain:
....Information from any protected computer."

What does 'without authorization' mean, and what does 'protected' mean?

Does without authorization mean you violate a click-through license? Or is
there some nebulous authentication chit you are handed? Is it a felony to fake
your name on a website demanding your name?

And with that keyword 'protected', how do we know it is indeed protected? What
steps one must take to protect, and what steps one must go through to
understand that it is indeed protected computer/data?

In other words, we are all felons-on-standby. The laws are so vague as to
entrap all by default.

~~~
darkarmani
> Is it a felony to fake your name on a website demanding your name?

If so, facebook has made us all felons. We won't get access to facebook if we
didn't give up our names, so it's wirefraud.

~~~
tedunangst
Lori Drew case basically ruled that interpretation is a no go.

------
goggles99
You can carry a concealed handgun and shoot it at a shooting range, but if you
murder someone with it - you will not only be charged with murder, but also
with unlawful use of a handgun. This is common sense stuff here people sheesh.

