
EFF Asks Supreme Court to Review Bad Interpretation of Computer Crime Statute - DiabloD3
https://www.eff.org/press/releases/eff-asks-supreme-court-review-dangerous-interpretation-computer-crime-statute
======
cav
This should be of interest to anyone working on any application that requires
authorization from users but not necessarily from the service. Here's an
analogy of the problem with "authorization" from _Facebook v. Vachani_ :

"Suppose that a person wants to borrow a friend's jewelry that is held in a
safe deposit box at a bank. The friend gives permission for the person to
access the safe deposit box and lends him a key. Upon receiving the key,
though, the person decides to visit the bank while carrying a shotgun. The
bank ejects the person from its premises and bans his reentry. The gun-toting
jewelry borrower could not then reenter the bank, claiming that access to the
safe deposit box gave him authority to stride about the bank's property while
armed. In other words, to access the safe deposit box, the person needs
permission both from his friend (who controls access to the safe) and from the
bank (which controls access to its premises)."

EFF thinks "authorization" shouldn't be defined only by computer owners (the
bank in the analogy)--especially when the purpose of the computer crime
statute was to address crime, not limit the evolving technological ecosystem.
For practical purposes, however, it probably makes sense to get authorization
from both sources while this gets sorted out.

