Network Security, Threat Management

Almost jailed? Stanford wants researchers to recall the story

The Center for Internet and Society (CIS) at Stanford Law School has a question for security researchers: What caused you to nearly go to prison?

Jennifer Granick, the center's director of civil liberties, said in a blog post Tuesday that CIS wants to lead the push to amend the federal anti-hacking law, called the Computer Fraud and Abuse Act (CFAA), with the goal of decriminalizing potential penalties for members of the computer security industry. Critics have called the legislation too broad and severe.

"Have you ever been sued, threatened, or investigated because of security research you performed?" Granick wrote. "We want to hear and share your stories. Tell us 'how you almost went to prison,' so we can learn from your experiences and use them to educate lawmakers about the problems with the CFAA and suggest a fix."

The campaign was launched following the death of Aaron Swartz, 26, the programmer and information activist from Brooklyn, N.Y. who hanged himself just a few months before he was set to stand trial for downloading millions of academic journals. He faced 13 felony counts and up to 50 years in prison.

CIS was founded by Lawrence Lessig, Swartz's mentor and close friend, who recently wrote a touching and impassioned tribute to the man, expressed disappointment in Carmen Ortiz, the U.S. attorney in Massachusetts who many believe overreached in her office's aggressive prosecution of Swartz.

Rep. Zoe Lofgren, D-Calif., has introduced a proposal (PDF), nicknamed "Aaron's Law," that would amend the CFAA to "exclude certain violations of agreements or contractual obligations, relating to internet service, from the purview of certain criminal prohibitions..." 

In 2011, Swartz was charged under a provision of the CFAA when he accessed the network of the Massachusetts Institute of Technology to allegedly download more than four million articles from JSTOR, a database of academic journals. He never intended to sell them, only to make them freely available as part of an act of civil disobedience.

A number of non-lawmakers have offered suggestions to reform the CFAA, most notably Orin Kerr, a law professor at George Washington University, and the Electronic Frontier Foundation, a nonprofit digital rights advocacy group.

CIS wants to help as well. The program plans to compile the stories it receives and present them to the public 6 p.m. Feb. 19 at a special event. Security professionals can share their experiences, such as how the law limited their work, by clicking here.

Related

New Muddled Libra attacks set sights on cloud

Attacks by the Muddled Libra threat operation — also known as UNC3944, Scattered Spider, Scatter Swine, and Starfraud — have been redirected at cloud service providers and software-as-a-service apps as part of efforts to bolster its data extortion efforts, reports The Hacker News.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.