DOJ changes to CFAA guidance are overhyped, lawyers say

The Department of Justice’s guidance on when and how to charge defendants for violating CFAA remains ambiguous, lawyers say.

The post DOJ changes to CFAA guidance are overhyped, lawyers say appeared first on CyberScoop.

Continue reading DOJ changes to CFAA guidance are overhyped, lawyers say

DOJ revises computer fraud prosecution standards to ease off ‘good-faith’ research

The policy revision instructs prosecutors not to target good-faith security research under the historically fraught law.

The post DOJ revises computer fraud prosecution standards to ease off ‘good-faith’ research appeared first on CyberScoop.

Continue reading DOJ revises computer fraud prosecution standards to ease off ‘good-faith’ research

Court reaffirms that data scraping isn’t hacking in LinkedIn appeal

The court dismissed LinkedIn’s arguments that it had put up “gates” in the form of technical measures to block scraping and legal action.

The post Court reaffirms that data scraping isn’t hacking in LinkedIn appeal appeared first on CyberScoop.

Continue reading Court reaffirms that data scraping isn’t hacking in LinkedIn appeal

Former U.S. intelligence operatives charged with helping UAE hack rivals, U.S. citizens

The Justice Department charged three former U.S. intelligence operatives on Tuesday with hacking and conspiracy charges in connection with their work helping United Arab Emirates spy on activists and political rivals. The charges allege that defendants Marc Baier, Ryan Adams and Daniel Gericke “knowingly and willfully” provided the UAE with spy technology without approval from the U.S. government. The charges back up a 2019 Reuters investigation that found a secret hacking unit of UAE-based cybersecurity firm DarkMatter was hiring former U.S. intelligence officers to help the UAE to spy on the phones of activists, diplomats and other nation’s leaders. Former employees told Reuters that their work with the hacking unit, “Project Raven,” also involved spying on U.S. citizens and companies. The Intercept first reported the existence of DarkMatter in 2016. According to court documents, after leaving government employment, Baier, Adams and Gericker joined a firm prosecutors referred to as “Company […]

The post Former U.S. intelligence operatives charged with helping UAE hack rivals, U.S. citizens appeared first on CyberScoop.

Continue reading Former U.S. intelligence operatives charged with helping UAE hack rivals, U.S. citizens

Supreme Court Limits Scope of Computer Crime Law

Nathan Van Buren was a police officer in rural Georgia. As such, he had lawful access to both the National Crime Information Computer (NCIC) and the Georgia Crime Information Center (GCIC) with the understanding that he could use the computer for “law… Continue reading Supreme Court Limits Scope of Computer Crime Law

A Supreme Court ruling limits the reach of a landmark hacking law

The Supreme Court issued a 6-3 ruling Thursday determining that improper use of a computer system by someone allowed to use it does not fall under the Computer Fraud and Abuse Act, the nation’s landmark hacking law. The ruling is a significant step in limiting the bounds of the law, which critics have long blasted as overly broad. It’s the first time the court has ruled on a case involving the decades-old hacking statute. The case in question involved former Georgia police officer Nathan Van Buren, who was accused of looking up license plate data in a law enforcement database in exchange for bribes. The prosecution argued that Van Buren’s use exceeded “authorized access,” putting him in violation of the Computer Fraud and Abuse Act. Such an interpretation “would attach criminal penalties to a breathtaking amount of commonplace computer activity,” Justice Amy Coney Barrett, who authored the majority opinion, wrote. […]

The post A Supreme Court ruling limits the reach of a landmark hacking law appeared first on CyberScoop.

Continue reading A Supreme Court ruling limits the reach of a landmark hacking law

Supreme Court considers scope of federal anti-hacking law in biggest cyber case to date

Several U.S. Supreme Court justices, including some of President Donald Trump’s appointees, skeptically questioned a broad interpretation of the main federal anti-hacking law during oral arguments Monday. The hearing represented one of the final steps in the biggest case to come before the nation’s highest court involving the Computer Fraud and Abuse Act (CFAA), written in the 1980s. The case centers on when an individual “exceeds authorized access” to a computer, as defined by that law. The law has long held a contentious place in the cybersecurity world, where it’s viewed as hopelessly vague, outdated and overly punitive. One CFAA prosecution that drew particular criticism was that of Aaron Swartz, an internet activist who took his own life before he was scheduled to stand trial for allegedly downloading articles from an academic database, in a case where he faced decades in prison if convicted. The case now before the Supreme Court involves defendant Nathan […]

The post Supreme Court considers scope of federal anti-hacking law in biggest cyber case to date appeared first on CyberScoop.

Continue reading Supreme Court considers scope of federal anti-hacking law in biggest cyber case to date

Security researchers slam Voatz brief to the Supreme Court on anti-hacking law

A group of high-profile cybersecurity specialists doesn’t want mobile voting firm Voatz to have the last word before the Supreme Court takes up a case with major implications for computer research. The security practitioners, including computer scientists and vulnerability disclosure experts, on Monday criticized Voatz’s argument that a federal anti-hacking law should only authorize researchers with clear permission to probe computer systems for vulnerabilities. An amicus brief filed by Voatz earlier this month, the security specialists charged, “fundamentally misrepresents widely accepted practices in security research and vulnerability disclosure.” At issue is the Computer Fraud and Abuse Act (CFAA), a more than 30-year-old law that legal experts say could be abused to target good-faith researchers who break systems while trying to them more secure. The Supreme Court is set to consider whether corporate terms of service can be considered an inviolable boundary under the CFAA when it resumes in October. Legal experts and technologists see the […]

The post Security researchers slam Voatz brief to the Supreme Court on anti-hacking law appeared first on CyberScoop.

Continue reading Security researchers slam Voatz brief to the Supreme Court on anti-hacking law

Voatz urges Supreme Court to not protect ethical research from prosecution

If the mobile voting firm Voatz actually is interested in working with security researchers who can examine their technology, the company sure has an odd way of showing it. Massachusetts-based Voatz on Thursday filed an amicus brief to the Supreme Court, arguing that only security researchers with clear permission should be authorized to probe systems for vulnerabilities. The filing came as part of a Supreme Court case in which justices are poised to reconsider the Computer Fraud and Abuse Act, a 1986 federal law that prohibits access to computers without the owner’s consent. Researchers have said the anti-hacking law is overly vague, and could criminalize activities ranging from innocuous internet habits, like sharing passwords, to important anti-discrimination research. A group of law scholars previously asked the court to allow ethical security tests. Voatz, which advertises an internet-based voting platform in a market dominated by more established voting machine manufacturers, has […]

The post Voatz urges Supreme Court to not protect ethical research from prosecution appeared first on CyberScoop.

Continue reading Voatz urges Supreme Court to not protect ethical research from prosecution

DC Court Ruling Reduces Webscraping Risk

In a decision that reduces some risk associated with webscraping, the United States District Court for the District of Columbia ruled that violating a website’s terms of service cannot alone be the basis for a finding that the conduct is “… Continue reading DC Court Ruling Reduces Webscraping Risk