Hacker News new | comments | show | ask | jobs | submit login
Aaron’s Law Reintroduced: Computer Fraud and Abuse Act Didn’t Fix Itself (eff.org)
196 points by CapitalistCartr on Apr 29, 2015 | hide | past | web | favorite | 26 comments

What part of this bill would have made it harder to put Swartz in the bind he ended up with? His offenses weren't committed for financial gain. The market value of the information he took --- easily established from JSTOR's fee structure --- exceeded $5000. The tweaks to the definition of "unauthorized access" seem almost shrink-wrapped around what Swartz was actually accused of doing. And "Aaron's Law" doesn't modify the Wire Fraud statute, which Swartz was also charged under.

There needs to be an "Aaron's Law", but it should actually fix the core problem with the CFAA, which is that sentences and offense severity are graded by imputed damages, rather than actual financial gain.

The text of "Aaron's Law", the CFAA, and the Swartz superseding indictment are here:




Why should sentences be graded by financial gain instead of damages? Wouldn't that lead to someone who wrecks a whole network just for kicks and notoriety to be less punished than someone who, say, earns a $50 credit by abusing a race condition on some HTTP server?

Because it's usually potential damage instead of actual damage.

Then let's focus on making it actual damage rather than potential damage. Whether financial gain is considered is a separate issue.

It would be great, but in most computer fraud cases, actual damage is almost impossible to quantify. (or you end up with stupidity like "$5 per song, so damages sum up to 2 millions"..)

I'm cynical about it ever moving forward.

These acts often get introduced just so the sponsors can say they introduced a bill.

(This is why, for example, people introduce bills right before going home to stump, knowing it will achieve nothing, but enabling them to say "Because i care so much about you guys, i just introduced a bill in congress to fix this!")

Would you rather them not be introduced at all?

It's one thing to be cynical, and it's another to be apathetic. This bill has a low chance of passing, but it will get some people talking about the issue at hand. There's a slim possibility that if they keep going, future versions will see more support.

It's unlikely that positive change can be made without these initial small steps (or failures).

Introducing a bill that you have no intention of passing (or do not expect to pass) is like submitting a pull request that you know will get rejected.

It would be much better to do your job and, instead of submitting something that will get rejected for the sake of submitting it, spend the time to draft a solution that has a chance of passing.

Passing laws requires getting other people to vote on them, which in practice requires mobilizing groups interested in the topic, which in turn requires getting attention on the issue, which in turn is often served by introducing bills on the issue, even if those don't pass.

So, even if one views the job of a legislator as "passing laws", introducing bills that are not expected to pass as a means of raising awareness, in order that bills on the issue may be more viable to pass in the future, is a legislator doing their job.

"Passing laws requires getting other people to vote on them, which in practice requires mobilizing groups interested in the topic, which in turn requires getting attention on the issue, which in turn is often served by introducing bills on the issue, even if those don't pass."

Actually, in practice, it happens exactly the other way around.

IE you get support first, then introduce the bill.

Indeed. There are whole third party presidential candidates whose "real" goal is to do this with their platforms.

When a person is in a no-win situation, is it better to do some good, or to try to do the right thing? This is a difficult question. When you can't win - you should work to change the rules. I don't agree that this bill has no chance of passing - we should not endorse regression to the mean.

We're a generation away if not more from having more sensible laws on hacking and computer crime. And unfortunately it'll get worse before it gets better.

> I'm cynical about it ever moving forward.

So, what did you do to help it move forward?

Of course it didn't fix itself. "The only thing necessary for the triumph of evil is for good men to do nothing." -Edmund Burke

Too many of us are doing nothing. We need to do more. We should actively demand that our representatives fix this problem, or vote in people who will. I'm doing this. Please join me.

I can't stress how important it is for Americans to get this right. What you set into law, will be forced upon the rest of us as treaties. We can't influence your politics, but you can.

Because you vote for somebody who says he will fix something doesn't mean he will... they need to be held accountable somehow... Obama is an example of this.

Check out Demoex, http://en.wikipedia.org/wiki/Demoex, where each bill is voted on by all residents, the party's representatives must vote for the corresponding bill in the same proportion as the votes received for each bill. This is how you can sneak direct democracy into a representative democracy through the front door.

Purely direct democracy does not work. Representative democracy is needed because you can't possibly design a system where everyone has to be bothered to assess every new law proposal. Most of the bills are about subjects people know nothing about. It takes time to research the subject, gather expert opinion and then emit a well grounded vote. That's why you need to assign a group of people full-time to the task of assessing new bills, aka representative democracy.

In direct democracy, you either have populist votes or non-participation. It is inescapable.

The fact that the current system is broken is no excuse to move to one that is flawed from the start. We now have the technological means for an evolution of representative democracy: Liquid Democracy, or delegative democracy. It's representative democracy with "continuous elections". It might work (better).

You could use the same method as demoex to achieve that - take the idea of "proxies" from shareholder votes. Anyone and pick anyone as a proxy. Now all you've got to solve is the problem of cycles.

That's precisely why "democracry" as it's being sold currently is utterly broken. You should vote for contracts, not for people, so that they can be enforced once approved.

Okay but what if this contract contradicts itself with another contract on other level?

Your question is about execution and details. That can be figured out, and that should not make the higher level principle (contracts over people) less relevant.

Well that would be a good thing (in my opinion) but you have to have a system closer to the UK where the PM can effectively click his fingers and get a law passed - in some ways a US president has less power than a junior minister does in the UK.

And the Uk PM or Home Secretary would have sorted out the problems you have with over mighty small town police forces very quickly.

Thanks to Naval Ravikant, we got the JOBS act passed. More importantly, he set a precedent for tech/silicon valley as a real political force.

The first thing is for us to realize the political power we have, at the same gut level that we have realized the technological power/possibilities we have.

"tech/silicon valley" is not a political force. It's the market segment that's in ascendancy. Politics has been, and continues to be about who has money. Why does anyone think that the growing political power of handful of tech brands large enough to rate on politician's radars will do good for the citizenry?

Our interests may occasionally align with those of empowered tech giants, but that's purely coincidental. Even as a business owner/employer you're SOL if the policy that's good for the big guys isn't also good for you. They're not lobbying for you, they're lobbying for themselves.

Applications are open for YC Summer 2018

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact