EFF Asks Supreme Court To Review Dangerous Interpretation of Computer Crime Statute

["DAVID FARBER" <dfarber () me com>]

Begin forwarded message:

> From: EFF Press <press () eff org>
> Date: June 5, 2017 at 3:52:28 PM EDT
> To: dfarber () me com
> Subject: EFF Asks Supreme Court To Review Dangerous Interpretation of Computer Crime Statute
> Reply-To: EFF Press <press () eff org>
>
>
>    
>
> This is a friendly message from the Electronic Frontier Foundation. View it in a web browser.
>
>  
>
>
> FOR IMMEDIATE RELEASE: MONDAY, JUNE 5, 2017
> Contact:
> Jamie Williams
> Staff Attorney
> jamie () eff org
> +1 415-436-9333 x164
>
> EFF Asks Supreme Court To Review Dangerous Interpretation of Computer Crime Statute
> WASHINGTON, D.C.—The Electronic Frontier Foundation (EFF) urged the U.S. Supreme Court to review a ruling that 
> threatens to transform a law against computer break-ins into a mechanism for criminalizing password sharing and 
> policing Internet use.
>
> In an amicus brief filed with today, EFF urged the court to weigh in on a case in which an individual was charged 
> with violating the Computer Fraud and Abuse Act (CFAA), a law intended to criminalize breaking into computers to 
> access or alter data. Under the CFAA, it’s illegal to intentionally access a “protected computer”—which includes any 
> computer connected to the Internet—“without authorization” or in excess of authorization. But the law doesn’t tell us 
> what “without authorization” means. 
>
> Some courts have recognized that the CFAA must be interpreted narrowly to stay true to Congress’s intent of targeting 
> crooks breaking into and stealing data from computers. These courts agreed that the CFFA mustn’t be used against, 
> say, employees checking sports scores at work in violation of rules restricting Internet use at work to company 
> business, or against people who shared their Facebook passwords, in violation of Facebook’s terms of service rules.
>
> But other courts—including the U.S. Court of Appeals for the Ninth Circuit in its 2016 U.S. v. Nosal decision—have 
> broadly interpreted the statute to cover using a computer in a way that violates corporate policies, preferences, and 
> expectations. In the case, David Nosal, an ex-employee of the Korn/Ferry executive recruiting firm, was charged with 
> violating the CFAA after other ex-employees acting on his behalf accessed Korn/Ferry’s proprietary database using 
> legitimate credentials of a current company employee. The current employee knew of and authorized the use of her 
> credentials, which was against Korn/Ferry’s computer policies. The Ninth Circuit found that in using the shared 
> password, Nosal accessed the database “without authorization.” The court said that implicit in the definition of 
> “authorization” is the proposition that authorization can come only from a computer owner—here, Korn/Ferry—not an 
> employee with legitimate access credentials.
>
> There is nothing in the CFAA, or even in the dictionary, that defines “authorization” to mean only permission from a 
> computer owner. The Ninth Circuit imported a corporate ban on password sharing into its definition of “without 
> authorization.” 
>
> “This ruling threatens to turn millions of ordinary computer users into criminals,” said EFF Staff Attorney Jamie 
> Williams. “Innocuous conduct such as logging into a friend’s social media account or logging into a spouse’s bank 
> account, with their permission but in violation of a corporate prohibition on password sharing, could result in a 
> CFAA prosecution. This takes the CFAA far beyond the law’s original purpose of putting individuals who break into 
> computers behind bars.”
>
> “EFF has long advocated for reforming the CFAA, which overzealous prosecutors have exploited in troubling ways,” said 
> Williams. “The Supreme Court can do its part by reviewing the Ninth Circuit’s troubling decision and giving 
> “authorization” an appropriately narrow definition, specifically clarifying that password sharing is not—and was 
> never intended to be—a crime.”
>
> For EFF’s brief:
> https://www.eff.org/document/nosal-v-us-cert-petition
>
> For more on this case:
> https://www.eff.org/cases/u-s-v-nosal
>
> For this release:
> https://www.eff.org/press/releases/eff-asks-supreme-court-review-dangerous-interpretation-computer-crime-statute
>  
>
> About EFF
>
> The Electronic Frontier Foundation is the leading organization protecting civil liberties in the digital world. 
> Founded in 1990, we defend free speech online, fight illegal surveillance, promote the rights of digital innovators, 
> and work to ensure that the rights and freedoms we enjoy are enhanced, rather than eroded, as our use of technology 
> grows. EFF is a member-supported organization. Find out more at https://eff.org.
>
>
>
> Electronic Frontier Foundation, 815 Eddy Street, San Francisco, CA 94109 USA.
> EFF appreciates your support and respects your privacy.
> Unsubscribe from all mail or change your email preferences.



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/18849915-ae8fa580
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-aa268125
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-32545cb4&post_id=20170605161453:A0E126DA-4A2B-11E7-81C3-B654B1D11891
Powered by Listbox: http://www.listbox.com