

Reddit review puts some teeth into “Aaron's Law” - jug6ernaut
http://arstechnica.com/tech-policy/2013/02/reddit-review-puts-some-teeth-into-aarons-law/

======
raldi
_"The new version defines unauthorized access as "the circumvention of
technological access barriers," which leaves a much narrower scope for
prosecution. It also specifies that changing one's MAC or IP address does not
violate CFAA or the wire fraud statute. It's pretty clear Swartz, who was
authorized to be on the MIT network, wouldn't be prosecutable under the new
law."_

Uh, what about the part where he snuck into a network closet and plugged
directly into a piece of infrastructure so he could be on a subnet he knew he
wasn't supposed to have direct access to? Wouldn't that still be considered
unauthorized access? I'd like to think that if someone breaks into my home
LAN, they won't beat the rap just because I also happen to run a free open
hotspot in an attached VLAN sandbox.

~~~
superuser2
That's trespassing, not hacking. I certainly hope plugging into a switch
doesn't upgrade a minor local misdemeanor to federal felony hacking.

~~~
raldi
Hope aside, I'm trying to address what the bill would _actually_ do, and I
don't see how it would have cleared Aaron.

Reread the first line I quoted. What part of the redefinition of "unauthorized
access" makes it no longer apply to plugging into a network layer you know
you're not authorized to be on, for the purposes of circumventing a
technological access barrier like the JSTOR antiscraping system?

~~~
politician
Wasn't the trespassing charge dropped?

~~~
raldi
I don't see how the trespassing charge is relevant here. We're discussing the
proposed bill, and what its impact would be on computer crime law.

~~~
politician
Sorry, I misread you as suggesting that because the proposed bill wouldn't
affect the closet access that it was an ineffective bill.

In any case, all of the MAC addresses he used were authorized to be on the MIT
network until they stopped working without notice. Doesn't the bill now state
that changing MAC addresses is not circumvention?

~~~
mpyne
He saying there's two separate things going on when Aaron went into the
closet.

1\. Trespassing. This is not germane to this discussion though. 2\.
Unauthorized circumvention of a technological measure (i.e. deliberately
hooking up to a trusted subnet to evade the blocks that had been place on his
previous network access)

Aaron would very well still have been in violation of even the proposed law,
as worded now.

------
mjn
Fwiw, here is some commentary from Orin Kerr, a law prof who generally
supports reforming the CFAA, but is more lukewarm on the specific drafts
proposed so far: [http://www.volokh.com/2013/02/02/drafting-problems-with-
the-...](http://www.volokh.com/2013/02/02/drafting-problems-with-the-second-
version-of-aarons-law-from-rep-lofgren/)

~~~
btilly
Given Kerr's expert status, that needs more awareness.

I just submitted it to the new queue.

------
eksith
At the risk of sounding cynical:

1) CFAA should have been scrapped entirely and a new law written, this time in
good faith, and actually taking into account the technology of the first
decade of the 21st century. This law should keep an open path to sensible
application for at least a few decades to come.

2) This is unlikely to pass as-is when corporate interests haven't put their
fingers into the pot yet.

------
elteto
A little OT, but if you read the PDF of the bill [1], you can see that the way
in which they go about updating laws is the equivalent of a hand maintained,
text based version control system. Every object (text lines) is uniquely
identifiable by page and line number (a hash), and modifications are in the
form of additions or strike outs to these lines (deltas). If you get the
original bill and follow through all the subsequent modifications you could
even build a version control tree! Neat.

[1]
[http://www.lofgren.house.gov/images/stories/pdf/aarons%20law...](http://www.lofgren.house.gov/images/stories/pdf/aarons%20law%20revised%20draft%20013013.pdf)

~~~
mpyne
This has actually been criticized before because it's prone to being mis-
applied at times.

E.g. there have been times when new legislation was first added to U.S. Code
not as a new section, but as a bunch of deletions/additions that make it
_very_ hard to tell what the end result is supposed to look like.

However if you find that neat you may also find it neat how they end up
placing these bills passed into law into the legal code. It's done manually
just as you say, but the ones doing the work sometimes notice issues which
they footnote (e.g. I've seen a lot of "foo was probably meant instead of bar"
footnotes).

~~~
elteto
> This has actually been criticized before because it's prone to being mis-
> applied at times.

>E.g. there have been times when new legislation was first added to U.S. Code
not as a new section, but as a bunch of deletions/additions that make it very
hard to tell what the end result is supposed to look like.

Ha! Typical, at some point politics had to show it's ugly head :) I thought
that eventually some sort of consolidation took place (a release, if you will)
and then subsequent modifications were based off of that one.

~~~
mpyne
Yes, occasionally a group of existing law will be assembled together and
approved as a block (this is how the U.S. Code is formed), and then they can
tweak with USC from there directly.

Other times they pass the law and it just kind of floats out there, in the
"Statutes-at-Large" until some poor legislative assistant decides to/gets told
to go consolidate the groups back into appropriate titles of USC (which
requires another bill in Congress).

Even when you're making a law which is basically just a diff to the U.S. Code
though, the various interactions of each of the changes can be difficult to
discern the _real_ meaning of. But on the other hand it's nice to be able to
simply _fix_ the broken part of a law without having to do a full rewrite.

------
madsravn
I'm having a lot of trouble following all this media storm due to the Swartz
suicide. The guy obviously did something illegal against a very big
organization. It could not come as a shock to him the consequences would be
severe.

And yet, when caught he commits suicide. And now he is a martyr... Can you
imagine the pain his family is in right now just because this guy had to
commit illegal acts and couldn't pay for his crimes?

------
fleitz
The problem is not the law, the problem is the attitude that in the
administration of criminal justice that the ends justify the means.

The government has long believed it has the power to do whatever it wants to
secure whatever end it deems good for the people.

We saw it in the 30s with Olmstead, in the 50s with the FBI under Hoover and
the House Committee on Unamerican Activities, in the 60s with COINTELPRO and
use of FBI resources to disrupt the civil rights movement, and in our current
time with the war on terror, the use of torture, drones, body scanners, and in
the prosecutorial realm with mandatory minimums, etc.

Ortiz is not a bad apple, she is amongst the best and brightest of the US DOJ.
You can tell from her other cases that she is extremely clever about using the
resource of the government to bully the weak and advance the interests of the
powerful.

Let me repeat, she is not a bad apple, she is the best the system can produce
and what it aims to produce. It is not a law that needs changing but an
attitude. The foul stench of the holier than thou zealotry starts at the top
and permeates its way throughout the entire system.

~~~
mpyne
If Ortiz's only interest is truly to bully the weak and serve the powerful
then she's a bad apple.

You're claiming that the entire bushel of apples is rotten, but that wouldn't
make any single one good.

~~~
walshemj
It's the elected nature of judges and prosecutors that is the main problem -
to much emphasis on news worthy cases to get elected and not on applying the
spirit of the law.

No Judge or Prosecutor should ever be elected its just to dangerous and to
make a start I suggest that supreme court Justices should have a minimum of at
least 20 years experience as a Judge - not as one recent one zero experience
being just an academic lawyer.

~~~
slapshot
Federal prosecutors (like Carmen Ortiz) are not elected. Carmen Ortiz was
appointed by President Obama in 2009. The rest of the prosecutors in her
office were hired as part of the civil service system and are insulated from
politics.

Federal judges (like the judge that was hearing Aaron's case) are not elected;
they are appointed by the President and confirmed by the Senate. Same for
Supreme Court justices; you may remember Justice Sotomayor being appointed by
President Obama and being confirmed by the Senate. Given the way that politics
are, it's unlikely that a judge with 20 years of experience will be appointed
to the Supreme Court: over a 20-year career as a judge, they will have
inevitably made a controversial decision that the "other side" would
fairly/unfairly pick apart.

~~~
walshemj
Ah sorry I was confusing this with District attorney.

The point about Judges or prosecutors being not selected because they have
pissed off one side or the other stands - I think the UK system is safer as it
mush harder for politicians to block or influence.

------
lizzard
Seems kind of heinous of Ars Technica to refer to Aurenheimer as "Internet
troll weev". I mean, he _is_ , but they know his name by now.

~~~
fnordfnordfnord
Not the least bit surprising. Ars is a wasteland.

