Marcia Hoffman speaks at Black Hat
Posted by: Timothy Weaver on 07/24/2013 11:37 AM
[
Comments
]
The Computer Fraud and Abuse Act (CFAA), enacted in 1986 and revisited several times since, is still littered with loopholes and nuances that can be leveraged by a prosecutor in a criminal case, or turned against a white hat in civil litigation.
These two cases in particular illustrate how prosecutors can take advantages of weaknesses in the language of the law to, and in some cases, stack violations one atop another resulting in sentences that rival or exceed those given to violent criminals.
Marcia Hoffman, an attorney and fellow at the Electronic Frontier Foundation, will be speaking next week at the Black Hat Briefings in Las Vegas on the topic.
âThe reason I wanted to give this talk is that I feel like people are paying a lot of attention to the CFAA and there are fears and concerns about it,â Hoffman said. âThe discussion was prompted by Aaron Swartâs tragic death, and I think that is a situation we need to talk about and consider. There are other things in the act that may be relevant to researchers and their work that they donât know about.â
âResearchers are unsettled about how vague the (CFAA) is and unsure if they do X-Y-Z whether it violates the law,â Hoffman said. âLoss is not discussed much either, and I doubt they know a lot of about it; they worry more about unauthorized access.â
Hoffmanâs talk will focus on a number potential gotchas in the CFAA that concern researchers, such as whether port scanning is legal, or how violations of terms of service can be considered crimes or grounds for civil action. She also said she plans to spend time covering Swartz and weevâs cases, despite the fact that in weevâs example, heâs a controversial and polarizing figure in the security community.
âItâs important to realize that edgy CFAA prosecutions are like this; there are situations where the government is looking for an excuse to go after somebody and this is how they do it by coming up with a novel, aggressive CFAA argument,â Hoffman said. âIf the government wins, case law is established that applies to everybody, thatâs why [researchers] need to care, even if they donât like weev or think what he did was appropriate. Even those who are not fans agree what he went to prison for was not worth three and a half years.â
These two cases in particular illustrate how prosecutors can take advantages of weaknesses in the language of the law to, and in some cases, stack violations one atop another resulting in sentences that rival or exceed those given to violent criminals.
Marcia Hoffman, an attorney and fellow at the Electronic Frontier Foundation, will be speaking next week at the Black Hat Briefings in Las Vegas on the topic.
âThe reason I wanted to give this talk is that I feel like people are paying a lot of attention to the CFAA and there are fears and concerns about it,â Hoffman said. âThe discussion was prompted by Aaron Swartâs tragic death, and I think that is a situation we need to talk about and consider. There are other things in the act that may be relevant to researchers and their work that they donât know about.â
âResearchers are unsettled about how vague the (CFAA) is and unsure if they do X-Y-Z whether it violates the law,â Hoffman said. âLoss is not discussed much either, and I doubt they know a lot of about it; they worry more about unauthorized access.â
Hoffmanâs talk will focus on a number potential gotchas in the CFAA that concern researchers, such as whether port scanning is legal, or how violations of terms of service can be considered crimes or grounds for civil action. She also said she plans to spend time covering Swartz and weevâs cases, despite the fact that in weevâs example, heâs a controversial and polarizing figure in the security community.
âItâs important to realize that edgy CFAA prosecutions are like this; there are situations where the government is looking for an excuse to go after somebody and this is how they do it by coming up with a novel, aggressive CFAA argument,â Hoffman said. âIf the government wins, case law is established that applies to everybody, thatâs why [researchers] need to care, even if they donât like weev or think what he did was appropriate. Even those who are not fans agree what he went to prison for was not worth three and a half years.â
Comments
