Hacking - FYI
Hacking (or more formally, “unauthorized computer access”) is defined in California state
law/ and law in other states generally , as knowingly accessing any computer, computer system or network without permission. It's usually a misdemeanor, punishable by
up to a year in county jail.
The three federal laws most relevant to hacking:
Federal Hacking Laws
The Stored Communications Act (SCA); The Electronic Communications Privacy Act (ECPA); and. The Defend Trade Secrets Act (DTSA).May 2, 2019
Most federal computer hacking offenses are pursued under
18 U.S.C. § 1030 which covers a wide variety of illegal computer crimes. This statute makes it a federal crime to access a protected computer without consent with intent to cause harm or commit a fraud crime.
The punishments under these provisions are different based upon the gravity of the committed cybercrime. Section 419 carries a punishment
up to 3 years of imprisonment or fine and Section 420 carries up to 7 years of imprisonment or fine
Federal law and state law both hold as a general rule of thumb that any act that would be a crime in the tangible world is also a crime in the virtual one.
File charges against the computer hacker. ... Although not all hacker violations deemed criminal by any particular state may constitute a federal crime, they often do.
How to File Charges Against a Computer Hacker -
And - from Wikipeida - a more extensive review:
https://en.wikipedia.org/wiki/Comput..._and_Abuse_Act
Computer Fraud and Abuse Act
From Wikipedia, the free encyclopedia
Jump to navigation Jump to search The
Computer Fraud and Abuse Act of 1986 (
CFAA) is a
United States cybersecurity bill that was enacted in 1986 as an amendment to existing
computer fraud law (
18 U.S.C. § 1030), which had been included in the
Comprehensive Crime Control Act of 1984. The law prohibits accessing a computer without
authorization, or in excess of authorization.
[1] Prior to computer-specific criminal laws, computer crimes were prosecuted as
mail and wire fraud, but the applying law was often insufficient
[2].
The original 1984 bill was enacted in response to concern that computer-related crimes might go unpunished.
[3] The House Committee Report to the original computer crime bill characterized the 1983 techno-thriller film
WarGames—in which a young teenager (played by
Matthew Broderick) from
Seattle breaks into a U.S. military
supercomputer programmed to predict possible outcomes of
nuclear war and unwittingly almost starts
World War III—as "a realistic representation of the automatic dialing and access capabilities of the
personal computer."
[4]
The CFAA was written to extend existing
tort law to
intangible property, while, in theory, limiting
federal jurisdiction to cases "with a compelling federal interest—i.e., where computers of the
federal government or certain
financial institutions are involved or where the crime itself is interstate in nature.", but its broad definitions have spilled over into
contract law. (see "Protected Computer", below). In addition to amending a number of the provisions in the original
section 1030, the CFAA also criminalized additional computer-related acts. Provisions addressed the distribution of
malicious code and
denial-of-service attacks. Congress also included in the CFAA a provision criminalizing trafficking in
passwords and similar items.
[1]
Since then, the Act has been amended a number of times—in 1989, 1994, 1996, in 2001 by the
USA PATRIOT Act, 2002, and in 2008 by the Identity Theft Enforcement and Restitution Act. With each amendment of the law, the types of conduct that fell within its reach were extended.
In January 2015, then-President
Barack Obama proposed expanding the CFAA and the
RICO Act in his
Modernizing Law Enforcement Authorities to Combat Cyber Crime proposal.
[5] DEF CON organizer and
Cloudflare researcher Marc Rogers, Senator
Ron Wyden, and Representative
Zoe Lofgren have stated opposition to this on the grounds it will make many regular Internet activities illegal, and moves further away from what they were trying to accomplish with
Aaron's Law.
[6][7][
needs update]
Contents
Protected computers
The only computers, in theory, covered by the CFAA are defined as "
protected computers". They are defined under section
18 U.S.C. § 1030(e)(2) to mean a computer:
- exclusively for the use of a financial institution or the United States Government, or any computer, when the conduct constituting the offense affects the computer's use by or for the financial institution or the government; or
- which is used in or affecting interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States ...
In practice, any ordinary computer has come under the jurisdiction of the law, including cellphones, due to the interstate nature of most Internet communication.
[8]
Criminal offenses under the Act
(a) Whoever—
(1) having knowingly accessed a computer without authorization or exceeding authorized access, and by means of such conduct having obtained information that has been determined by the United States Government pursuant to an Executive order or statute to require protection against unauthorized disclosure for reasons of national defense or foreign relations, or any restricted data, as defined in paragraph y. of section 11 of the Atomic Energy Act of 1954, with reason to believe that such information so obtained could be used to the injury of the United States, or to the advantage of any foreign nation willfully communicates, delivers, transmits, or causes to be communicated, delivered, or transmitted, or attempts to communicate, deliver, transmit or cause to be communicated, delivered, or transmitted the same to any person not entitled to receive it, or willfully retains the same and fails to deliver it to the officer or employee of the United States entitled to receive it;(2) intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains— (A) information contained in a financial record of a financial institution, or of a card issuer as defined in section 1602 (n) [1] of title 15, or contained in a file of a consumer reporting agency on a consumer, as such terms are defined in the Fair Credit Reporting Act (15 U.S.C. 1681 et seq.);(B) information from any department or agency of the United States; or(C) information from any protected computer;(3) intentionally, without authorization to access any nonpublic computer of a department or agency of the United States, accesses such a computer of that department or agency that is exclusively for the use of the Government of the United States or, in the case of a computer not exclusively for such use, is used by or for the Government of the United States and such conduct affects that use by or for the Government of the United States;(4) knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period;(5) (A) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;(B) intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage; or(C) intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage and loss.(6) knowingly and with intent to defraud traffics (as defined in section 1029) in any password or similar information through which a computer may be accessed without authorization, if— (A) such trafficking affects interstate or foreign commerce; or(B) such computer is used by or for the Government of the United States;(7) with intent to extort from any person any money or other thing of value, transmits in interstate or foreign commerce any communication containing any— (A) threat to cause damage to a protected computer;(B) threat to obtain information from a protected computer without authorization or in excess of authorization or to impair the confidentiality of information obtained from a protected computer without authorization or by exceeding authorized access; or(C) demand or request for money or other thing of value in relation to damage to a protected computer, where such damage was caused to facilitate the extortion
[9] Specific sections
Notable cases and decisions referring to the Act
The Computer Fraud and Abuse Act is both a criminal law and a statute that creates a
private right of action, allowing
compensation and
injunctive or other
equitable relief to anyone harmed by a violation of this law. These provisions have allowed private companies to sue disloyal employees for damages for the misappropriation of confidential information (
trade secrets).
Criminal cases
- United States v. Morris (1991), 928 F.2d 504 (2d Cir. 1991), decided March 7, 1991. After the release of the Morris worm, an early computer worm, its creator was convicted under the Act for causing damage and gaining unauthorized access to "federal interest" computers. The Act was amended in 1996, in part, to clarify language whose meaning was disputed in the case.[10]
- United States v. Lori Drew, 2009. The cyberbullying case involving the suicide of a girl harassed on myspace. Charges were under 18 USC 1030(a)(2)(c) and (b)(2)(c). Judge Wu decided that using 18 U.S.C. § 1030(a)(2)(C) against someone violating a terms of service agreement would make the law overly broad. 259 F.R.D. 449 [11][12][13]
- United States v. Rodriguez, 2010. The Eleventh Circuit Court of Appeals ruled that a Social Security Administration employee had violated the CFAA when he used an SSA database to look up information about people he knew personally.[14]
- United States v. Collins et al, 2011. A group of men and women connected to the collective Anonymous signed a plea deal to charges of conspiring to disrupt access to the payment website PayPal in response to the payment shutdown to WikiLeaks over the Wau Holland Foundation which was part of a wider Anonymous campaign, Operation Payback.[15][16] They later became known under the name PayPal 14.
- United States v. Aaron Swartz, 2011. Aaron Swartz allegedly entered an MIT wiring closet and set up a laptop to mass-download articles from JSTOR. He allegedly avoided various attempts by JSTOR and MIT to stop this, such as MAC address spoofing. He was indicted for violating CFAA provisions (a)(2), (a)(4), (c)(2)(B)(iii), (a)(5)(B), and (c)(4)(A)(i)(I),(VI).[17] The case was dismissed after Swartz committed suicide in January 2013.[18]
- United States v. Nosal, 2011. Nosal and others allegedly accessed a protected computer to take a database of contacts from his previous employer for use in his own business, violating 1030(a)(4).[19][20] This was a complex case with multiple trips to the Ninth Circuit, which ruled that violating a website's terms of use isn't a violation of the CFAA. He was convicted in 2013.[21] In 2016, the Ninth Circuit ruled that he had acted "without authorization" when he used the username and password of a current employee with their consent and affirmed his conviction.[22] The Supreme Court declined to hear the case.[23]
- United States v. Peter Alfred-Adekeye 2011. Adekeye allegedly violated (a)(2), when he allegedly downloaded CISCO IOS, allegedly something that the CISCO employee who gave him an access password did not permit. Adekeye was CEO of Multiven and had accused CISCO of anti-competitive practices.[24]
- United States v Sergey Aleynikov, 2011. Aleynikov was a programmer at Goldman Sachs accused of copying code, like high-frequency trading code, allegedly in violation of 1030(a)(2)(c) and 1030(c)(2)(B)i–iii and 2. This charge was later dropped, and he was instead charged with theft of trade secrets and transporting stolen property.[25][26]
- United States v Nada Nadim Prouty, c. 2010.[27] Prouty was an FBI and CIA agent who was prosecuted for having a fraudulent marriage to get US residency. She claims she was persecuted by a U.S. attorney who was trying to gain media coverage by calling her a terrorist agent and get himself promoted to a federal judgeship.[28]
- United States v. Neil Scott Kramer, 2011. Kramer was a court case where a cellphone was used to coerce a minor into engaging sex with an adult. Central to the case was whether a cellphone constituted a computer device. Ultimately, the United States Court of Appeals for the Eighth Circuit found that a cell phone can be considered a computer if "the phone perform[s] arithmetic, logical, and storage functions", paving the way for harsher consequences for criminals engaging with minors over cellphones.[29]
- United States v. Kane, 2011. Exploiting a software bug in a poker machine does not constitute hacking [30] because the poker machine in question failed to constitute a "protected computer" under the statute (as the poker machine in question did not demonstrate a tangential relationship to interstate commerce) and because the sequence of button presses that triggered the bug were considered held to have "not exceed[ed] their authorized access." As of November 2013 the defendant still faces a regular wire fraud charge.[31]
- United States v. Valle, 2015. The Second Circuit Court of Appeals overturned a conviction against a police officer who had used a police database to look up information about women he knew personally.[32][33]
- Van Buren v. United States, 2020. A police officer in Georgia was caught in an FBI sting operation using his authorized access to a license plate database to check the identity of a person for cash payment, an "improper purpose". The officer was convicted and sentenced to 18 months under CFAA §1030(a)(2). Though he appealed his conviction on the basis that the "improper purpose" was not "exceeding authorized access", the Eleventh Circuit upheld the conviction based on precedent. The Supreme Court ruled in June 2021 that under CFAA, that a person "exceeds authorized access" of a computer system they otherwise have access to when they access files and other content that are off-limits to the portions of the computer system they were authorized to access. Their opinion restricted CFAA from applying to cases where a person obtains information from areas they do have authorized access to, but uses that information for improper reasons.[34][35]
Civil cases
- Theofel v. Farey Jones, 2003 U.S. App. Lexis 17963, decided August 28, 2003 (U.S. Court of Appeals for the Ninth Circuit), holding that the use of a civil subpoena which is "patently unlawful," "in bad faith," or "at least gross negligence" to gain access to stored email is a breach of both the CFAA and the Stored Communications Act.[36]
- International Airport Centers, L.L.C. v. Citrin, 2006, 18 U.S.C. § 1030(a)(5)(A)(i), in which the Seventh Circuit Court of Appeals ruled that Jacob Citrin had violated the CFAA when he deleted files from his company computer before he quit, in order to conceal alleged bad behavior while he was an employee.[37]
- LVRC Holdings v. Brekka, 2009 1030(a)(2), 1030(a)(4), in which LVRC sued Brekka for allegedly taking information about clients and using it to start his own competing business. The Ninth Circuit ruled that an employee accesses a company computer to gather information for his own purposes does not violate the CFAA merely because that personal use was adverse to the interests of the employer.[38][39]
- Craigslist v. 3Taps, 2012. 3Taps was accused by Craigslist of breaching CFAA by circumventing an IP block in order to access Craigslist's website and scrape its classified ads without consent. In August 2013, US federal judge found 3Taps's actions violated CFAA and that it faces civil damages for "unauthorized access". Judge Breyer wrote in his decision that "the average person does not use "anonymous proxies" to bypass an IP block set up to enforce a banning communicated via personally-addressed cease-and-desist letter".[40][41] He also noted "Congress apparently knew how to restrict the reach of the CFAA to only certain kinds of information, and it appreciated the public v. nonpublic distinction—but [the relevant section] contains no such restrictions or modifiers."[42]
- Lee v. PMSI, Inc., 2011. PMSI, Inc. sued former employee Lee for violating the CFAA by browsing Facebook and checking personal email in violation of the company's acceptable use policy. The court found that breaching an employer's acceptable use policy was not "unauthorized access" under the act and, therefore, did not violate the CFAA.
- Sony Computer Entertainment America v. George Hotz and Hotz v. SCEA, 2011. SCEA sued "Geohot" and others for jailbreaking the PlayStation 3 system. The lawsuit alleged, among other things, that Hotz violated 18 U.S.C. § 1030(a)(2)(c) ([by] taking info from any protected computer). Hotz denied liability and contested the Court's exercise of personal jurisdiction over him.[43] The parties settled out of court. The settlement caused Geohot to be unable to legally hack the PlayStation 3 system furthermore.
- Pulte Homes, Inc. v. Laborers' International Union 2011. Pulte Homes brought a CFAA suit against the Laborers' International Union of North America (LIUNA). After Pulte fired an employee represented by the union, LIUNA urged members to call and send email to the company, expressing their opinions. As a result of the increased traffic, the company's email system crashed.[44][45]
- Facebook v. Power Ventures and Vachani, 2016. The Ninth Circuit Court of Appeals ruled that the CFAA was violated when Facebook's servers were accessed despite an IP block and cease and desist order.[46]
- HiQ Labs v. LinkedIn, 2019. The Ninth Circuit Court of Appeals ruled that scraping a public website without the approval of the website's owner isn't a violation of the CFAA.[47] A Supreme Court appeal is pending.[48]
- Sandvig v. Barr, 2020. The Federal District Court of D.C. ruled that the CFAA does not criminalize the violation of a website's terms of service.[49]
Criticism
There have been criminal convictions for CFAA violations in the context of civil law, for
breach of contract or
terms of service violations. Many common and insignificant online acts, such as password-sharing and copyright infringement, can transform a CFAA
misdemeanor into a
felony. The punishments are severe, similar to sentences for selling or importing drugs, and may be
disproportionate. Prosecutors have used the CFAA to protect private business interests and to intimidate
free-culture activists, deterring undesirable, yet legal, conduct.
[50]
Tim Wu called the CFAA "the worst law in technology".
[51]
The CFAA increasingly presents real obstacles to journalists reporting stories important to the public’s interest.
[52] As data journalism increasingly becomes “a good way of getting to the truth of things . . . in this post-truth era,” as one data journalist told Google, the need for further clarity around the CFAA increases.
[52]
Aaron Swartz
The government was able to bring such disproportionate charges against Aaron because of the broad scope of the Computer Fraud and Abuse Act (CFAA) and the wire fraud statute. It looks like the government used the vague wording of those laws to claim that violating an online service's user agreement or terms of service is a violation of the CFAA and the wire fraud statute.
Using the law in this way could criminalize many everyday activities and allow for outlandishly severe penalties.
When our laws need to be modified, Congress has a responsibility to act. A simple way to correct this dangerous legal interpretation is to change the CFAA and the wire fraud statutes to exclude terms of service violations. I will introduce a bill that does exactly that.
—Rep.
Zoe Lofgren, Jan 15, 2013
[53]
Wikisource has original text related to this article:
Rep Zoe Lofgren Introduces Bipartisan Aaron's Law
In the wake of the prosecution and subsequent suicide of
Aaron Swartz (who used a script to download scholarly research articles in excess of what
JSTOR terms of service allowed), lawmakers proposed amending the Computer Fraud and Abuse Act. Representative
Zoe Lofgren drafted a bill that would help "prevent what happened to Aaron from happening to other Internet users".
[53] Aaron's Law (
H.R. 2454,
S. 1196[54]) would exclude
terms of service violations from the 1984 Computer Fraud and Abuse Act and from the wire fraud statute.
[55]
In addition to Lofgren's efforts, Representatives
Darrell Issa and
Jared Polis (also on the
House Judiciary Committee) raised questions[
when?] about the government's handling of the case. Polis called the charges "ridiculous and trumped up," referring to Swartz as a "martyr."
[56] Issa, chair of the
House Oversight Committee, announced an investigation of the Justice Department's prosecution.
[56][57]
By May 2014, Aaron's Law had stalled in committee. Filmmaker
Brian Knappenberger alleges this occurred due to
Oracle Corporation's financial interest in maintaining the status quo.
[58]
Aaron's Law was reintroduced in May 2015 (
H.R. 2454,
S. 1030[59]) and again stalled.
Amendments history
2008
[1]
- Eliminated the requirement that information must have been stolen through an interstate or foreign communication, thereby expanding jurisdiction for cases involving theft of information from computers;
- Eliminated the requirement that the defendant's action must result in a loss exceeding $5,000 and created a felony offense where the damage affects ten or more computers, closing a gap in the law;
- Expanded 18 U.S.C. § 1030(a)(7) to criminalize not only explicit threats to cause damage to a computer, but also threats to (1) steal data on a victim's computer, (2) publicly disclose stolen data, or (3) not repair damage the offender already caused to the computer;
- Created a criminal offense for conspiring to commit a computer hacking offense under section 1030;
- Broadened the definition of "protected computer" in 18 U.S.C. § 1030(e)(2) to the full extent of Congress's commerce power by including those computers used in or affecting interstate or foreign commerce or communication; and
- Provided a mechanism for civil and criminal forfeiture of property used in or derived from section 1030 violations.
See also
References
- H.R. 1918 at Congress.govS. 1030 at Congress.gov
External links
Patriot Act
Titles I ·
II ·
III ·
IV ·
V ·
VI ·
VII ·
VIII ·
IX ·
X (
History)
Acts modified
People
Government
organizations
Non-government
organizations
Categories:
<li id="cite_note-FirstEnacted-1"> Jarrett, H. Marshall; Bailie, Michael W. (2010).
"Prosecution of Computer" (PDF).
justice.gov. Office of Legal Education Executive Office for United States Attorneys. Retrieved June 3, 2013. <li id="cite_note-2">
<li id="cite_note-2">
"Who's Responsible? - Computer Crime Laws | Hackers | FRONTLINE | PBS".
www.pbs.org. Retrieved 2021-11-13. <li id="cite_note-3">
<li id="cite_note-3"> Schulte, Stephanie (November 2008). "The WarGames Scenario".
Television and New Media.
9 (6): 487–513.
doi:
10.1177/1527476408323345. <li id="cite_note-4">
<li id="cite_note-4"> H.R. Rep. 98-894, 1984 U.S.C.C.A.N. 3689, 3696 (1984). <li id="cite_note-5">
<li id="cite_note-5">
"Securing Cyberspace – President Obama Announces New Cybersecurity Legislative Proposal and Other Cybersecurity Efforts".
whitehouse.gov. January 13, 2015. Retrieved January 30, 2015 – via
National Archives. <li id="cite_note-6">
<li id="cite_note-6">
"Democrats, Tech Experts Slam Obama's Anti-Hacking Proposal".
Huffington Post. January 20, 2015. Retrieved January 30, 2015. <li id="cite_note-7">
<li id="cite_note-7">
"Obama, Goodlatte Seek Balance on CFAA Cybersecurity".
U.S. News & World Report. January 27, 2015. Retrieved January 30, 2015. <li id="cite_note-8">
<li id="cite_note-8"> Varma, Corey (2015-01-03).
"What is the Computer Fraud and Abuse Act".
CoreyCarma.com. Retrieved 10 June 2015. <li id="cite_note-9">
<li id="cite_note-9"> Legal Information Institute, Cornell University Law School.
"18 USC 1030". <li id="cite_note-usvmorris505-10">
<li id="cite_note-usvmorris505-10">
United States v. Morris (1991),
928 F.2d 504, 505 (2d Cir. 1991). <li id="cite_note-11">
<li id="cite_note-11">
U.S. v. Lori Drew, scribd <li id="cite_note-12">
<li id="cite_note-12">
US v Lori Drew, psu.edu Kyle Joseph Sassman, <li id="cite_note-13">
<li id="cite_note-13"> Staff, Ars (2009-07-02).
"'MySpace mom' Lori Drew's conviction thrown out".
Ars Technica. Retrieved 2020-03-31. <li id="cite_note-14">
<li id="cite_note-14">
"FindLaw's United States Eleventh Circuit case and opinions".
Findlaw. Retrieved 2020-03-31. <li id="cite_note-15">
<li id="cite_note-15"> David Gilbert (December 6, 2013).
"PayPal 14 'Freedom Fighters' Plead Guilty to Cyber-Attack".
International Business Times. <li id="cite_note-16">
<li id="cite_note-16"> Alexa O'Brien (December 5, 2013).
"Inside the 'PayPal 14' Trial".
The Daily Beast. <li id="cite_note-17">
<li id="cite_note-17"> See
Internet Activist Charged in M.I.T. Data Theft, By NICK BILTON New York Times, July 19, 2011, 12:54 PM, as well as the
Indictment <li id="cite_note-18">
<li id="cite_note-18"> Dave Smith,
Aaron Swartz Case: U.S. DOJ Drops All Pending Charges Against The JSTOR Liberator, Days After His Suicide,
International Business Times, January 15, 2013. <li id="cite_note-19">
<li id="cite_note-19">
U.S. v. Nosal, uscourts.gov, 2011 <li id="cite_note-20">
<li id="cite_note-20">
Appeals Court: No Hacking Required to Be Prosecuted as a Hacker, By David Kravets,
Wired, April 29, 2011 <li id="cite_note-21">
<li id="cite_note-21"> Kravets, David (April 24, 2013).
"Man Convicted of Hacking Despite Not Hacking".
Wired. <li id="cite_note-22">
<li id="cite_note-22">
"Nos. 14-10037, 14-10275" (PDF). <li id="cite_note-23">
<li id="cite_note-23">
"Docket for 16-1344".
www.supremecourt.gov. Retrieved 2020-03-31. <li id="cite_note-24">
<li id="cite_note-24">
US v Adekeye Indictment. see also
Federal Grand Jury indicts former Cisco Engineer By Howard Mintz, 08/05/2011, Mercury News <li id="cite_note-25">
<li id="cite_note-25">
US v Sergey Aleynikov, Case 1:10-cr-00096-DLC Document 69 Filed 10/25/10 <li id="cite_note-26">
<li id="cite_note-26">
Ex-Goldman Programmer Described Code Downloads to FBI (Update1), David Glovin and David Scheer. July 10, 2009, Bloomberg <li id="cite_note-27">
<li id="cite_note-27">
Plea Agreement, U.S. District Court, Eastern District of Michigan, Southern Division. via debbieschlussel.com <li id="cite_note-frogs1-28">
<li id="cite_note-frogs1-28">
Sibel Edmond's Boiling Frogs podcast 61 Thursday, 13. October 2011. Interview with Prouty by Peter B. Collins and Sibel Edmonds <li id="cite_note-us_v_neil_scott_kramer-29">
<li id="cite_note-us_v_neil_scott_kramer-29">
"United States of America v. Neil Scott Kramer" (PDF). Archived from
the original (PDF) on 2011-08-16. Retrieved 2012-03-18. <li id="cite_note-30">
<li id="cite_note-30"> Poulsen, Kevin (May 7, 2013).
"Feds Drop Hacking Charges in Video-Poker Glitching Case".
Wired. <li id="cite_note-31">
<li id="cite_note-31">
No Expansion of CFAA Liability for Monetary Exploit of Software Bug | New Media and Technology Law Blog <li id="cite_note-32">
<li id="cite_note-32">
"United States v. Gilberto Valle".
Electronic Frontier Foundation. 2015-03-06. Retrieved 2020-03-31. <li id="cite_note-33">
<li id="cite_note-33">
"Second Circuit Adopts Narrow Construction of Federal Computer Fraud Statute, Joins Circuit Split".
Jackson Lewis. 2015-12-10. Retrieved 2020-03-31. <li id="cite_note-34">
<li id="cite_note-34"> Marks, Joseph (April 24, 2020).
"The Cybersecurity 202: There's finally a Supreme Court battle coming over the nation's main hacking law".
The Washington Post. Retrieved July 15, 2020. <li id="cite_note-35">
<li id="cite_note-35"> Fung, Brian; de Vogue, Ariane; Cole, Devan (June 3, 2021).
"Supreme Court sides with police officer who improperly searched license plate database".
CNN. Retrieved June 3, 2021. <li id="cite_note-36">
<li id="cite_note-36"> Gelman, Lauren (September 22, 2003).
"Ninth Circuit Court of Appeals: Stored Communications Act and Computer Fraud and Abuse Act Provide Cause of Action for Plaintiff".
Center for Internet and Society. Stanford University. <li id="cite_note-37">
<li id="cite_note-37">
US v Jacob Citrin, openjurist.org <li id="cite_note-38">
<li id="cite_note-38">
U.S. v Brekka 2009 <li id="cite_note-39">
<li id="cite_note-39">
Kravets, David, Court: Disloyal Computing Is Not Illegal,
Wired, September 18, 2009. <li id="cite_note-40">
<li id="cite_note-40"> Kravets, David (August 20, 2013).
"IP Cloaking Violates Computer Fraud and Abuse Act, Judge Rules".
Wired. <li id="cite_note-41">
<li id="cite_note-41">
Craigslist v. 3taps |Digital Media Law Project <li id="cite_note-42">
<li id="cite_note-42">
3Taps Can't Shake Unauthorized Craigslist Access Claims – Law360 <li id="cite_note-43">
<li id="cite_note-43">
See the links to the original lawsuit documents which are indexed here <li id="cite_note-44">
<li id="cite_note-44">
techdirt.com 2011 8 9, Mike Masnick, "Sending Too Many Emails to Someone Is Computer Hacking" <li id="cite_note-45">
<li id="cite_note-45">
Hall, Brian, Sixth Circuit Decision in Pulte Homes Leaves Employers With Few Options In Response To Union High Tech Tactics, Employer Law Report, 3 August 2011. Retrieved 27 January 2013. <li id="cite_note-46">
<li id="cite_note-46"> Farivar, Cyrus (2016-07-12).
"Startup that we all forgot gets small win against Facebook on appeal".
Ars Technica. Retrieved 2020-03-31. <li id="cite_note-47">
<li id="cite_note-47"> Lee, Timothy B. (2019-09-09).
"Web scraping doesn't violate anti-hacking law, appeals court rules".
Ars Technica. Retrieved 2020-03-31. <li id="cite_note-48">
<li id="cite_note-48">
"Docket for 19-1116".
www.supremecourt.gov. Retrieved 2020-03-31. <li id="cite_note-49">
<li id="cite_note-49"> Lee, Timothy B. (2020-03-30).
"Court: Violating a site's terms of service isn't criminal hacking".
Ars Technica. Retrieved 2020-03-31. <li id="cite_note-50">
<li id="cite_note-50"> Curtiss, Tiffany (2016),
"Computer Fraud and Abuse Act Enforcement: Cruel, Unusual, and Due for Reform",
Washington Law Review,
91 (4) <li id="cite_note-51">
<li id="cite_note-51"> Christian Sandvig;
Karrie Karahalios (2006-07-01).
"Most of what you do online is illegal. Let's end the absurdity".
The Guardian. <li id="cite_note-Baranetsky-52">
<li id="cite_note-Baranetsky-52"> Baranetsky, Victoria.
"Data Journalism and the Law".
Columbia Journalism Review. Retrieved 2020-10-16. <li id="cite_note-huffingtonpost.com-53">
<li id="cite_note-huffingtonpost.com-53"> Reilly, Ryan J. (January 15, 2013).
"Congresswoman Introduces 'Aaron's Law' Honoring Swartz".
Huffington Post. <li id="cite_note-54">
<li id="cite_note-54">
H.R. 2454 at
Congress.gov;
H.R. 2454 at
GovTrack;
H.R. 2454 Archived November 12, 2013, at the
Wayback Machine at
OpenCongress.
S. 1196 at
Congress.gov;
S. 1196 at
GovTrack;
S. 1196 Archived November 12, 2013, at the
Wayback Machine at
OpenCongress. <li id="cite_note-55">
<li id="cite_note-55"> Musil, Steven (15 January 2013).
"New 'Aaron's Law' aims to alter controversial computer fraud law".
CNET News. Retrieved 19 Oct 2021. <li id="cite_note-Hill-56">
<li id="cite_note-Hill-56"> Sasso, Brendan (2013-01-16).
"Lawmakers slam DOJ prosecution of Swartz as 'ridiculous, absurd'".
The Hill. Retrieved 2013-01-16. <li id="cite_note-57">
<li id="cite_note-57"> Reilly, Ryan J. (January 15, 2013).
"Darrell Issa Probing Prosecution Of Aaron Swartz, Internet Pioneer Who Killed Himself". Huffingtonpost.com. Retrieved 2013-01-16. <li id="cite_note-58">
<li id="cite_note-58"> Dekel, Jonathan (May 1, 2014).
"Swartz doc director: Oracle and Larry Ellison killed Aaron's Law".
Postmedia. <li id="cite_note-59">
Hacking - FYI
