Nominee For Attorney General Tap Dances Around Senator Franken's Question About Aaron Swartz

from the fix-the-cfaa dept

We've discussed for years how broken the CFAA (Computer Fraud and Abuse Act) is. The law, which was written many years ago, is problematically vague in certain areas, allowing prosecutors to claim that merely breaking a terms of service you didn't read is a form of felony hacking -- as they define it as "unauthorized access." While there have been many egregious CFAA cases, one of the most high-profile, of course, was that of activist Aaron Swartz, who was arrested for downloading too many research papers from JSTOR from the computer network on the MIT campus. The MIT campus network gave anyone -- even guests -- full access to the JSTOR archives if you were on the university network. Swartz took advantage of that to download many files -- leading to his arrest, and a whole bunch of charges against him. After the arrest, the DOJ proudly talked about how Swartz faced 35 years in prison. Of course, if you bring that up now, the DOJ and its defenders get angry, saying he never really would have faced that much time in prison -- even though the number comes from the DOJ's (since removed) press release.

Swartz, of course, tragically took his own life in the midst of this legal battle, after facing tremendous pressure from the DOJ to take a plea deal as a felon, even as Swartz was sure he had done nothing illegal or wrong. Since then, there have been a few attempts to update the CFAA to block this kind of abuse, but they have been blocked at every turn by a DOJ that actually wants to make the law even worse. This includes the White House's latest proposal for CFAA reform, which would actually make more things a felony under the CFAA, and could drastically increase sentencing for things that many of us don't think should be a crime at all -- such as tweeting out a list of worst passwords on the internet.

Outgoing Attorney General Eric Holder has done his best to ignore or downplay any suggestion that his Justice Department abused the CFAA in going after Swartz. And it looks like his likely replacement is trying to do the same.

Senator Al Franken questioned nominee Loretta Lynch about Swartz and the CFAA and got back a response that is basically her avoiding the question. She doesn't say anything about Swartz, but goes off on some FUD about the dangers of malicious hackers and how the DOJ needs the tools to fight spyware. She then claims that the newly proposed CFAA changes are okay because they only increase the possible maximum sentences, but not the minimums, leaving things up to the discretion of judges (and prosecutors):
Question 1. The Computer Fraud and Abuse Act (CFAA) has received attention for its potentially harsh penalties. In 2013, I wrote a letter to the Department of Justice expressing my concern about the way in which Aaron Swartz was aggressively prosecuted under the CFAA, and associating myself with a similar letter by Senator Cornyn. The Department’s response was, in short, that the prosecution of Swartz was consistent with the Act. Since then we have heard many people – from all over the political spectrum – call for reform of the CFAA. Recently, the White House announced a proposal to amend the Act. Some have characterized the proposal as a step in the wrong direction, noting – for example – that it would increase certain sentences. What is your assessment of these criticisms, and what is your opinion of the proposal?

RESPONSE: I believe that the Department of Justice has a responsibility to protect Americans from invasions of their privacy and security by prosecuting and deterring computer crimes. Accordingly, we must ensure that the CFAA, like all of our tools, remains up-to-date and reflects the changes in the way that cybercrimes are committed, changes that have occurred in the decades since it was first enacted. For example, I understand that the Administration’s proposals include provisions designed to facilitate the prosecution of those who traffic in stolen American credit cards overseas, to enable the Department to dismantle botnets that victimize hundreds of thousands of computers at a time, and to deter the sale of criminal “spyware.”

With respect to the sentencing provisions contained in those proposals, I believe it is appropriate to ensure that, in the event a defendant is convicted of a hacking offense, the sentencing court has the authority to impose a sentence that fits the crime. For example, the enormous harm caused by the massive thefts of Americans’ personal financial data from retailers illustrates the need to ensure that the maximum sentences available are adequate to deter the worst offenders. As the level of harm caused by the worst cybercrimes increases, I support increasing the maximum penalties available to punish those crimes to a level commensurate with similar crimes, such as mail fraud or wire fraud.

It is also important to understand that these statutory maximum sentences do not control what sentence is appropriate for less significant offenses under the CFAA. In many criminal prosecutions, including prosecutions under the CFAA of all but the most serious offenses, the statutory maximum penalty has little or no impact on the sentencing of convicted defendants. Instead, in each case, prosecutors make individualized sentencing recommendations, and judges make individualized decisions, based on such factors as the facts of the case, the offender’s history, and the U.S. Sentencing Guidelines.

Finally, I note that the Administration’s 2015 proposal does not include any new mandatory minimum sentences, and I support the decision not to seek any such new sentences in the CFAA at this time.
This, of course, misses the point. First, it assumes that longer sentences are somehow going to do anything to diminish the likelihood of malicious attacks. It won't. This is such a total braindead law enforcement view of things: that if only there were greater punishment it would scare the "bad people" out of doing what they're going to do. That's never really worked, and especially not in this area, where the law is being abused to go after people who don't think they're actually doing anything wrong.

Second, it just plays up the FUD that "bad stuff is happening" so "something must be done." But it ignores how vague the law is and how it's wide open to abuse. A good law enforcement official would ask for clearer laws that more narrowly target actual bad behavior, rather than celebrating a broad and vague law that can be, and is, widely abused just to rack up more DOJ headlines and "victories."
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: aaron swartz, al franken, attorney general, cfaa, doj, loretta lynch


Reader Comments

Subscribe: RSS

View by: Thread


  • identicon
    Anonymous Coward, 18 Feb 2015 @ 11:37am

    Bad reasoning

    "We must do something."
    "This is something."
    "Therefore, we must do this."

    reply to this | link to this | view in chronology ]

  • identicon
    JD, 18 Feb 2015 @ 11:49am

    TL;DR summary

    "What do you say to those who think you're abusing the CFAA and leveraging overly-hash penalties to prosecute non-crimes?"

    "SIT BACK AND WATCH BECAUSE YOU AIN'T SEEN NOTHIN' YET!! WE ARE GOING TO LIGHT. UP. SOME NON-VIOLENT MOFOS!! WOOOOOO!!!"

    reply to this | link to this | view in chronology ]

  • identicon
    Nigel, 18 Feb 2015 @ 11:59am

    "I believe that the Department of Justice has a responsibility to protect Americans from invasions of their privacy and security by prosecuting and deterring computer crimes."

    She got my attention at hello.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 18 Feb 2015 @ 12:36pm

      Re:

      I cant believe she could write that with a straight face considering whom SHE works for..........now maybe she's being truthfull, maybe she actually means to CHANGE things, then again, maybe she has no real conviction to do so

      And you know, its difficult to believe anyone who opens up with their understanding of rights, who then completely dismisses when they proceed to write about things that completely tramples them.......its like an obligatory mention that holds no meaningfull value to them, a lie to not make them seem so bad after expressing the opinions that make the lie..............i find myself thinking now as i have many times in the past, is it on purpose, do they not care, or is it some sort of sub concious lie, ........mmmmm, a conditioned lie maybe.......peer pressure, knowing if you dont toe the line, the environment being built the way it is, you'd be spit you out i.e. ridicule, fired, lawsuit, finance sabotage, arrest, prison, violence, death...........god dammit, thats not freedom

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 18 Feb 2015 @ 12:41pm

        Re: Re:

        ridicule, fired, lawsuit, finance sabotage, arrest, prison, violence, death

        I forgot threatening

        All of those things are the unsaid threat of what will eventually happen if you dont do as your told even if you know its wrong........that does not make an atmosphere of freedom, quite the fukin opposite........invisible chains are still chains

        reply to this | link to this | view in chronology ]

  • icon
    Mason Wheeler (profile), 18 Feb 2015 @ 12:00pm

    The MIT campus network gave anyone -- even guests -- full access to the JSTOR archives if you were on the university network. Swartz took advantage of that to download many files -- leading to his arrest, and a whole bunch of charges against him.

    ...

    Swartz was sure he had done nothing illegal or wrong.

    As has been pointed out before when you've posted articles about the supposed "persecution" of Aaron Swartz, this is nowhere near the whole story. IIRC the relevant part is the bit where--before getting arrested--his network access had been revoked for previous shenanigans.

    MIT was running a network that, as you point out, was open to the public, even guests. In the real world, if you run a business that is open to the general public, but one specific person causes trouble and management tells them to leave because they aren't welcome, and then they come back, no one would find it unreasonable to call the police and have them arrested for trespassing.

    Why is it that when Aaron Swartz does something that is exactly equivalent to this crime, except on a computer, that everyone tries to defend him and say he did nothing wrong?

    reply to this | link to this | view in chronology ]

    • identicon
      Nigel, 18 Feb 2015 @ 12:11pm

      Re:

      Not a ton of room for nuance in your position there.

      I will simply posit that the looming threat of inordinate amounts of prison time is not at all a just response to what amounts to a sit-in or a protest.

      He didn't flounder into a closet and plant a bomb.

      reply to this | link to this | view in chronology ]

      • icon
        Mason Wheeler (profile), 18 Feb 2015 @ 12:16pm

        Re: Re:

        How does what he did "amount to a sit-in or a protest"? One of the distinguishing characteristics of a sit-in or a protest is that, being a political act, it is highly visible and designed to attract attention. This is the exact opposite of Swartz's hacking, which was stealthy and designed to evade attention.

        Just because you like what he was trying to accomplish does not mean that how he was going about accomplishing it should be justified. Otherwise, you are literally arguing that the ends justify the means... when it's ends you agree with.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 18 Feb 2015 @ 12:42pm

          Re: Re: Re:

          *sigh*
          a glacier has more self-awareness than a wheeler...

          so-o-o-o, you *would* (i mean you WOULD, richtig?) excoriate gummint institutions who argue that the ends justify the means, right ? ? ?
          right ? ? ?

          no, you do not, you are an abject authoritarian through and through; gummints can (and do) do a thousand times worse than aaron, and you won't open your yap...

          reply to this | link to this | view in chronology ]

        • identicon
          Nigel, 18 Feb 2015 @ 12:46pm

          Re: Re: Re:

          Step 3: Add to Shelf
          Add the article to your “reading shelf” to read the full text.

          Save up to 3 articles on your shelf at a given time. After 14 days, you can remove articles and replace them with new ones. (That's up to 78 articles a year, FREE!)

          Not to get all meta about shit but that sounds like a Verizon add to me lol...

          And, that is not funded by the public and publicly available either.

          It may be the 80+ dead shows under my belt but if a bunch of hippies can figure out how to archive literally everything I think MIT can sort out how to not be entirely disingenuous.

          Shit, I would gladly house a gig of that stuff on my home computer and just farm it out over P2P to whoever needs whatever.

          If folks can make games to fold freaking proteins I think we can publicly make available stuff that by law, or at least edict, is supposed to be readily available in the first place.

          reply to this | link to this | view in chronology ]

        • icon
          orbitalinsertion (profile), 18 Feb 2015 @ 9:09pm

          Re: Re: Re:

          "hacking"

          ROFL

          reply to this | link to this | view in chronology ]

    • identicon
      PRMan, 18 Feb 2015 @ 12:23pm

      Re:

      Trespassing:

      http://www.criminaldefenselawyer.com/crime-penalties/federal/Tresspassing.htm

      While state laws allow judges the ability to impose a jail sentence for trespassing, convictions that result in jail time are uncommon. The potential jail sentences for most trespassing convictions range from several days to several months in jail. However, some states allow for up to a year or more in jail for the most serious trespassing crimes.

      Note that trespassing in a public place is also not a felony, but a misdemeanor.

      Contrast that with a 35-year felony... because of "on a computer".

      reply to this | link to this | view in chronology ]

      • icon
        sigalrm (profile), 18 Feb 2015 @ 1:18pm

        Re: Re:

        Well, that's just the prison piece. Never mind the potenial for financially ruinous fines (As if the legal costs weren't substantial punishment in and of themselves) and
        Ramifications post-conviction. A person with a felony conviction may lose the right to vote and may also be barred from serving on a jury. Certain professional licenses may become off-limits, and convicted felons may find it difficult to obtain jobs and housing. By contrast, those with a misdemeanor conviction will not face such serious consequences.

        (from http://www.criminaldefenselawyer.com/resources/criminal-defense/felony-offense/felony-classes-charge s-penalties)

        Remember, with felonies, the punishment doesn't end when you leave prison.

        All for a crime that, as Mason Wheeler so neatly summarized it, "is exactly equivalent to this crime", where "this crime" is strongly implied to be "misdemeanor trespassing".

        All I can say is, that certainly seems to fall into the category of "Fair & Balanced" - in the Fox News sense of the phrase, at least.

        reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 18 Feb 2015 @ 12:25pm

      Re:

      Yes he may have been told to stay off the network, and what should have happened was for them to slap him on the wrist and say bad boy. But going all out ass hat on him? Well that shows us the laws there in the USA are worse for logging onto a public network that they asked you to stay off of than Killing someone.

      So yes he does not have to say that MIT told Aaron to stay off their network, its sorta the same as walking on the grumpy old mans lawn and him yelling at you to get off the lawn. It should be a talking to not a possible 35 year sentence.

      If the grumpy old man killed the guy for walking on it do you not think people would be outraged? Its sorta the same thing here the DOJ made the punishment worse than the crime.

      If you think downloading a bunch of papers that anyone can get access to is worse than murder, I think you are one of the problems in this world.

      reply to this | link to this | view in chronology ]

      • icon
        Mason Wheeler (profile), 18 Feb 2015 @ 1:10pm

        Re: Re:

        If the grumpy old man killed the guy for walking on it do you not think people would be outraged?

        Please bear in mind that the only person involved in this case who "killed a guy" was Aaron Swartz.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 18 Feb 2015 @ 1:47pm

          Re: Re: Re:

          So, what your saying is that you don't understand depression at all?

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 18 Feb 2015 @ 1:55pm

            Re: Re: Re: Re:

            No, that's not what he was saying.

            Swartz was indoctrinated by a well-known idiot, Lawrence Lessig. He thought that he could break the law and not be punished. When faced with the everyday reality of having consequences for his actions, he killed himself. Smooth.

            And this is the guy Techdirt tries to hold up as its hero. Figures.

            reply to this | link to this | view in chronology ]

            • icon
              Gwiz (profile), 18 Feb 2015 @ 2:18pm

              Re: Re: Re: Re: Re:

              He thought that he could break the law and not be punished.


              Personally, I doubt that Aaron thought he was breaking law in this instance (with the possible exception of the physical trespassing - but even there I'm not sure - was there a "No Admittance" sign on the door or was it locked?)

              Aaron would have learned from his previous encounter with the DOJ concerning PACER.

              reply to this | link to this | view in chronology ]

          • icon
            Mason Wheeler (profile), 18 Feb 2015 @ 2:16pm

            Re: Re: Re: Re:

            What I'm saying is that slapping a label like "depression" on someone (in the complete absence of any clinical diagnosis as far as I'm aware, I should add) does not magically absolve them of the fundamental concept of "responsibility for one's own actions"--which seems to be the basic turning point of this entire kerfuffle.

            reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 18 Feb 2015 @ 12:27pm

      Re:

      no one would find it unreasonable to call the police and have them arrested for trespassing.


      Your analogy works, but you need to extend it a bit. Most people WOULD find it unreasonable if the penalty for trespassing was 35 years in prison. The punishment should have some relation to the harm done.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 18 Feb 2015 @ 12:42pm

      Re:

      Only in the US does the electronic version of trespassing come with the threat of ruining someone's life.

      reply to this | link to this | view in chronology ]

    • icon
      Gwiz (profile), 18 Feb 2015 @ 2:02pm

      Re:

      MIT was running a network that, as you point out, was open to the public, even guests. In the real world, if you run a business that is open to the general public, but one specific person causes trouble and management tells them to leave because they aren't welcome, and then they come back, no one would find it unreasonable to call the police and have them arrested for trespassing.


      MIT didn't "ask a person to leave", they blocked his MAC address. A MAC address doesn't equal a person any more so than an IP address does. Aaron simply spoofed his MAC address, like any computer literate person would do when a device isn't connecting to a network.

      Would you see it differently if Aaron had purchased a dozen laptops and used those instead of spoofing his MAC address? To me they are one and the same.

      The physical trespassing charge for entering the wiring closet was the only legit charge against Aaron, if you ask me.

      reply to this | link to this | view in chronology ]

      • icon
        Mason Wheeler (profile), 18 Feb 2015 @ 2:11pm

        Re: Re:

        Aaron simply spoofed his MAC address, like any computer literate person would do when a device isn't connecting to a network.

        As a computer literate person, I take exception to this. If my computer wouldn't connect to the network, I would attempt to troubleshoot the issue, and if was unable to resolve it on my own I would speak with the network administrators. If they told me that I was blocked, I would attempt to resolve the issue like a civilized human being, by reasoning with someone with the authority to remove the block... or just find a different network. Instructing my computer to lie about its identity in order to break into a network that someone in authority had deliberately locked me out of would never even cross my mind; that is the act of a criminal, not "a computer-literate person".

        reply to this | link to this | view in chronology ]

        • icon
          Gwiz (profile), 18 Feb 2015 @ 2:23pm

          Re: Re: Re:

          Instructing my computer to lie about its identity in order to break into a network that someone in authority had deliberately locked me out of would never even cross my mind; that is the act of a criminal, not "a computer-literate person".


          I spoof a random MAC address every time my laptop boots on general privacy principles. I guess that makes me "criminal" in your mind.

          reply to this | link to this | view in chronology ]

        • icon
          John Fenderson (profile), 18 Feb 2015 @ 3:01pm

          Re: Re: Re:

          "if was unable to resolve it on my own I would speak with the network administrators"

          In all fairness, talking with the network administrators is a step I take only when literally everything else I've tried has failed. Theoretically, this would include MAC spoofing if I suspected that the problem was related to my MAC address.

          reply to this | link to this | view in chronology ]

          • icon
            sigalrm (profile), 18 Feb 2015 @ 4:31pm

            Re: Re: Re: Re:

            In all fairness, talking with the network administrators is a step I take only when literally everything else I've tried has failed

            Indeed. And in a large campus environment (of which MIT is one) the network administrators are often intentionally heavily shielded from the general user base, much less the guest user base. This is to allow them to remain productive.

            It's easy to say "I'd just get a hold of a network admin for a guest network in a large environment." It's another thing to actually do it. Want to know how hard it is to get to someone who knows what they're doing on a guest network? Go to a largish venue with a guest network. Say, a MLB stadium, or a NHL Arena. A big convention center - during a convention - might work. If you've got a college campus with open wifi near by, use that. Pretend you're having trouble getting online, and try to figure out how to get a hold of tech support - much less a network admin - for the guest network at the venue. The results are probably going to be enlightening.

            reply to this | link to this | view in chronology ]

        • icon
          JMT (profile), 18 Feb 2015 @ 3:35pm

          Re: Re: Re:

          "Instructing my computer to lie about its identity in order to break into a network that someone in authority had deliberately locked me out of would never even cross my mind; that is the act of a criminal..."

          Before you so casually through out the 'criminal' accusation from up on your high horse, why don't you explain what harm his actions were causing that could possibly justify the harshness of the punishment he was facing.

          reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 18 Feb 2015 @ 3:12pm

      Re:

      >exactly equivalent

      1) You don't get felony prosecution for trespassing.

      2) JSTOR was the "injured" party not MIT.

      reply to this | link to this | view in chronology ]

      • icon
        tqk (profile), 19 Feb 2015 @ 11:03am

        Re: Re:

        JSTOR was the "injured" party not MIT.

        JSTOR was not injured. Their stuff was free to take. They didn´t like how he did it. They´d no right to complain.

        MIT was injured, but only as much as any of their students could injure it any day. They didn´t want to press charges.

        reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 18 Feb 2015 @ 6:04pm

      Re:

      Trespassing is a misdameanor with max 1000$ fine or 30 days in jail. If thats how you propose treating non violent non criminal acts like this im all for it. Makes a lot more sense than felony charges and extradion hearings for poking around unsecure networks.

      reply to this | link to this | view in chronology ]

    • icon
      saulgoode (profile), 18 Feb 2015 @ 6:08pm

      Re:

      IIRC the relevant part is the bit where--before getting arrested--his network access had been revoked for previous shenanigans.
      IIRC, his wireless access was blocked because he was using too much bandwidth. He then did what some might deem the courteous thing: he connected through a high-bandwidth landline so as to avoid causing problems for wifi users.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 19 Feb 2015 @ 12:26am

        Re: Re:

        Also by doing so, he changed the MAC used by his computer to connect to the network, as wifi and ethernet interfaces have different MACs.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 19 Feb 2015 @ 1:59am

          Re: Re: Re:

          Badly phrased wifi and wire are seperate network interfaces and get seperate mac numbers (even if on same bit of PCB)

          reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 18 Feb 2015 @ 8:42pm

      Re:

      In the real world, if you run a business that is open to the general public, but one specific person causes trouble and management tells them to leave because they aren't welcome, and then they come back, no one would find it unreasonable to call the police and have them arrested for trespassing.

      And if he had just been charged with trespassing, or the digital equivalent, you'd be right, and very few people would have had a problem with it. That however, is not how the case went. Instead, he was facing felony charges, even if he agreed to a plea deal, and decades of jail time. All for what you yourself compare to 'trespassing'.

      That doesn't seem a little excessive to you?

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 19 Feb 2015 @ 4:29am

      Re:

      35 years in prison for trespassing?

      reply to this | link to this | view in chronology ]

  • icon
    Pronounce (profile), 18 Feb 2015 @ 12:05pm

    T.U. Deletes Your FB Post

    The U.S. government deletes your life. Which would you rather have?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 Feb 2015 @ 12:16pm

    Im sorry america, it looks like when they had the opportunity to apoint someone new to do good things, ..........they didnt.............sorry to hear that it looks like your getting much the same for god knows how long

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Hero, 18 Feb 2015 @ 12:19pm

    Too big to fail

    > This, of course, misses the point. First, it assumes that longer sentences are somehow going to do anything to diminish the likelihood of malicious attacks. It won't.

    Hmm, so in other words, are you suggesting that these malicious attackers are too big to fail?

    reply to this | link to this | view in chronology ]

    • identicon
      PRMan, 18 Feb 2015 @ 12:26pm

      Re: Too big to fail

      No. Maybe he is suggesting that companies that handle money be required to have a government audit done of their security systems before putting new software and hardware designs in place.

      That would be much cheaper than the billions they are currently losing and also doesn't require making it possible to charge the next Aaron Schwartz with life in prison.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 Feb 2015 @ 12:24pm

    I believe that the Department of Justice has a responsibility to protect Americans from invasions of their privacy and security by prosecuting and deterring computer crimes.
    Great! Please imprison every NSA agent who took part in LOVEINT.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Hero, 18 Feb 2015 @ 12:25pm

    Missing the point

    On a more practical note, I think the question somewhat misses the point. The Attorney General is a lawyer, not a legislator. We must rely on our elected representatives (ugh) to propose laws to fairly handle computer fraud and abuse.

    The question should be more aimed at figuring out the type of people that the DoJ plans to prosecute under the CFAA. Will she continue to go after the low-hanging fruit to make headlines (just so they can remove them later?) or will she focus her attention on the far more damaging attackers?

    Unfortunately, prosecutors are prosecutors. If they decide to go after someone, whether they are a harmless kid or a black-market kingpin doesn't matter; prosecutors go all-in. Once they decide to press charges, they will press any and all possible charges.

    reply to this | link to this | view in chronology ]

    • icon
      John Fenderson (profile), 18 Feb 2015 @ 3:05pm

      Re: Missing the point

      "We must rely on our elected representatives (ugh) to propose laws to fairly handle computer fraud and abuse."

      When it comes to stuff that the legislature is ignorant of (like things related to networking), they have this nasty standard practice of passing laws that allow for egregiously draconian action and saying that it's OK because law enforcement will use appropriate discretion in applying the law. Something that has, as far as I know, never actually held true.

      So we have the cops pointing to the lawmakers and saying "but they said we could!" and the lawmakers saying "we trust the cops to do the right thing". It's a recipe for tyranny.

      reply to this | link to this | view in chronology ]

    • icon
      orbitalinsertion (profile), 18 Feb 2015 @ 9:16pm

      Re: Missing the point

      Yes, I think you are missing the point.

      These are the kinds of questions one asks job candidates to see how they would behave. There is a wide range of behaviors available to prosecutors given the exact same potential cases crossing their desks.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 Feb 2015 @ 1:24pm

    American justice seems to be that as long as someone is convicted, it doesn't matter if that person committed the crime (or any crime) or not. add in that the harshest of sentences must then be passed on completes the total fuck up and the lack of anything other than to complete the two actions above! no one is really investigated properly, or so it seems. any evidence found seems to be used to try to get a conviction only, never used to dispel guilt. the prosecutors only want to get a 'win' and are never interested in ensuring the correct person gets charged let alone convicted for committing the crime in question. not much of a JUSTICE SYSTEM really! and dont forget that those with the deepest pockets can get exonerated when actually guilty, if they ever get accused or taken to court that is!

    reply to this | link to this | view in chronology ]

  • identicon
    Ambrellite, 18 Feb 2015 @ 1:25pm

    It's the Laffer Curve fallacy of crime prevention. We're always on the side of the curve that demands more punishment, no matter how far we've gone past the point of adding injustice to injury.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 Feb 2015 @ 1:33pm

    Why doesn't the DOJ increase the maximum sentence for Wall St. banksters who crashed the world economy? Oh that's right, there hasn't been a single prosecution of any bankster committing investment fraud in the stock market using other people's 401k money. Yet the DOJ drove Aaron to suicide over downloading publicly available learning material and threatening him with 35 years in prison.

    That's all I need to know about the DOJ. They don't care about cracking down on high impact criminals. They only go after small potatoes while totally ignoring serious fraud happening by the heads of corporations on a global scale.

    reply to this | link to this | view in chronology ]

    • icon
      Padpaw (profile), 18 Feb 2015 @ 1:42pm

      Re:

      probably because the DoJ got paid off to ignore their crimes.

      The current American government is considered the most openly corrupt one in a long time

      reply to this | link to this | view in chronology ]

      • icon
        sigalrm (profile), 18 Feb 2015 @ 2:40pm

        Re: Re:

        probably because the DoJ got paid off to ignore their crimes.

        "Paid off" has such ugly connotations. Upstanding US Citizens prefer the term "Campaign Contribution".

        reply to this | link to this | view in chronology ]

  • icon
    Padpaw (profile), 18 Feb 2015 @ 1:41pm

    Ask me no questions and I will tell you no lies

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 18 Feb 2015 @ 1:52pm

    First, it assumes that longer sentences are somehow going to do anything to diminish the likelihood of malicious attacks. It won't.

    Funny, back in the day- driving while intoxicated got you a slap on the wrist. Now it'll get you hefty fines and/or jail time. Serious sentences are in store for repeat offenders. Fast forward to today and per capita drunk driving has plummeted. Seems like the likelihood of a severe punishment has many people refraining from that sort of conduct.

    reply to this | link to this | view in chronology ]

    • icon
      John Fenderson (profile), 18 Feb 2015 @ 3:10pm

      Re:

      I think that the social shunning and shaming people who drive drunk get is probably a greater deterrence than the severity of the legal punishment.

      However, I think this is a complex thing. Sometimes increasing severity can have a deterrent effect. Sometimes it obviously does not. I suspect that it might be that for any given offense, there is a maximum effective punishment severity level. As you increase severity, deterrence increases as well, but once a threshold is reached, ratcheting the punishment up even further no longer increases deterrence (and begins to have the opposite effect if the severity is raised high enough). Where that threshold is depends on the crime.

      reply to this | link to this | view in chronology ]

      • icon
        sigalrm (profile), 18 Feb 2015 @ 4:08pm

        Re: Re:

        John: All good points, but don't forget jurisdiction.

        The vast majority of laws on the books today work on the (unstated) underlying premise assume that some sort of physical presence within a jurisdiction is required to commit a crime.

        The internet breaks this premise...

        reply to this | link to this | view in chronology ]

      • identicon
        Archillies, 18 Feb 2015 @ 6:18pm

        Re: Re:# 43 John Fenderson

        Excellent observation - I would think the marijuana laws to be a good example of this. Huge consequences but extremely wide spread use anyway.

        reply to this | link to this | view in chronology ]

    • icon
      JMT (profile), 18 Feb 2015 @ 3:41pm

      Re:

      Actually this is far more likely because of a huge shift in societal attitudes towards drunk driving. People better understand the dangers to both their health and others, and they also know that most of their friends, family and colleagues will have a very low opinion of their actions. This is why smoking is far less popular now, despite being perfectly legal.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 18 Feb 2015 @ 6:15pm

      Re:

      So your suggesting we give a warning civil action like a fine and temporary license suspention beford considering low to moderate jail time?

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 19 Feb 2015 @ 4:40am

      Re:

      It could have got you that back in the day too, just now they enforce the law, then they didn't.

      reply to this | link to this | view in chronology ]

  • icon
    Spaceman Spiff (profile), 18 Feb 2015 @ 3:08pm

    Best of the bad?

    All things considered, Lynch is probably the "best of the bad" to become the new USAG. Gah! What a situation we are living in! Honesty in government? Wouldn't that be nice? And FWIW, nice is from the Latin nicere - meaning young and ignorant!

    reply to this | link to this | view in chronology ]

  • identicon
    Alo, 18 Feb 2015 @ 5:19pm

    I am still pissed off at Stephen Heymann. As far as I'm concerned, the man's a serial murderer. Horrible pissant. I still hold out hope that the DoJ will kick him out eventually.

    reply to this | link to this | view in chronology ]

  • icon
    Binko Barnes (profile), 18 Feb 2015 @ 5:42pm

    One thing people tend to forget when talking about Aaron Schwartz is that MIT did NOT want to prosecute him for anything.

    But the Federal Government wanted to make a big show out of this minor case. Federal Prosecutors got their ego involved and decided to show how tough they are.

    No big show or toughness for Wall St bankers. No big show or toughness for banks laundering drug money. No big show for corporate bribery or influence peddling or anything else done by the privileged executive class.

    The big show and the toughness are reserved for the little guy who steps out of line. It shows all of us who's the boss.

    reply to this | link to this | view in chronology ]

  • icon
    orbitalinsertion (profile), 18 Feb 2015 @ 9:22pm

    facilitate the prosecution of those who traffic in stolen American credit cards overseas


    ...Or take down botnets, or the markets where such criminal tolls and services are sold.

    Problem is they never do this. No, they go after someone downloading academic papers. Or internet services where some infringing material might be indexed by search, or even hosted. Heaven forfend they ever do anything about scammers, spammers, and actual criminals who crack into systems and copy stuff like credit card data.

    Beat that low-hanging fruit with a bat, guys. Never mind the carnivorous predators hiding up in the tree. Too hard.

    reply to this | link to this | view in chronology ]

  • identicon
    Nibblethorpe The Condiment, 19 Feb 2015 @ 3:05am

    I don't think the maximum sentences are really a problem

    The law should be that plea deals reflect a reasonable proportion of the final sentence, irrespective of the maximum sentence. If a plea deal is offered of 3 months, then the court must infer that 3 months is a calculated acceptable minimum and use that baseline to derive the maximum - maybe 9 months. The maximum sentence can therefore only be considered if a plea deal is not offered - and we all know that the state loves its plea deals.

    Maximum sentences are already published, so the only reason for the prosecution to reiterate them to the court, the defence, or the media is to threaten the defence - a practice that should be frowned upon by the court.

    reply to this | link to this | view in chronology ]

    • icon
      John Fenderson (profile), 19 Feb 2015 @ 7:55am

      Re: I don't think the maximum sentences are really a problem

      "The law should be that plea deals reflect a reasonable proportion of the final sentence"

      The law should be that plea deals aren't allowed, period. They subvert the entire process and reduce what "justice" remains in the justice system.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Feb 2015 @ 3:24am

    the enormous harm caused by the massive thefts of Americans’ personal financial data from retailers illustrates the need to ensure that the maximum sentences available are adequate to deter the worst offenders.
    Yes. Because if banks all refuse to put their money in vaults, put locks on their doors, or hire security guards, the obvious thing to do is increase the penalty for bank robbery.

    reply to this | link to this | view in chronology ]

  • identicon
    David, 19 Feb 2015 @ 5:49am

    Uh, you miss the whole point

    First, it assumes that longer sentences are somehow going to do anything to diminish the likelihood of malicious attacks. It won't. This is such a total braindead law enforcement view of things: that if only there were greater punishment it would scare the "bad people" out of doing what they're going to do.

    That isn't the point. The point is that activities in those areas are increasing while the courts do not have more time to deliver justice available.

    The further the gap between minimum and maximum sentences gets, the more power prosecutors have for blackmailing even innocent persons into a plea deal. This does not only mean that rather expensive court cases can be avoided but it also means that there is no such ineffectual thing as an acquittal to be feared.

    So if a prosecutor wants to get twice the number of cases hauled through court than his competitors, it is rather essential that there are large maximum sentences. It's rather an advantage than a disadvantage when the minimum sentences remain small: that way you'll get more customers for your bargain plea deals even among the obviously innocent.

    reply to this | link to this | view in chronology ]

  • identicon
    is Aaron part of the nail-gun suicide list?, 19 Feb 2015 @ 10:45am

    is Aaron part of the nail-gun suicide list?

    is Aaron part of the nail-gun suicide list?
    ,too?

    reply to this | link to this | view in chronology ]

  • icon
    Okasis (profile), 19 Feb 2015 @ 6:33pm

    AG Nominee

    There is an in-depth report about the qualifications of this Nominee on blackagendareport.com

    They do not support her, and compare her to Susan Rice. I would recommend reading the assessment, altho I doubt if my opinion will change any votes.

    At least it gives a different view than that of the NYT or WaPo.

    I am still bemused that Obama wants us to move from Hold'er to Lynch!

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Recent Stories
.

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.