New hacking legislation could make criminals of us all, say insiders

J. Bradley Smith of Arnold & Smith, PLLC answers the question “Can I be arrested without evidence against me?”

 

Tech industry insiders are guffawing at new cybersecurity initiatives unveiled by the Obama administration. According to insiders familiar with the proposals, new cybersecurity-targeted criminal laws will make criminals of us all.

Man on laptop Mecklenburg DWI Lawyer Charlotte Criminal AttorneyAccording to Paul Wagenseil of Tom’s Guide US, the proposed changes to the 1984 Computer Fraud and Abuse Act would “make many commonplace security research practices—and media reporting on those practices—federal crimes.”

Nate Cardozo, an attorney with the Electronic Frontier Foundation in San Francisco, California, told researchers and intellectual property professionals at a Washington, D.C. conference that sharing passwords for online accounts or even sharing an HBO “GO” password with a friend could constitute felonies under the proposed legislation. HBO—short for “Home Box Office”—is a cable-television based distributor of movies and entertainment programs.

In sum, the proposals “broaden the definition of computer crime and stiffen penalties for existing crimes,” with maximum penalties for violations being pushed from ten years to twenty years.

In addition, the proposal seeks to link the Computer Fraud and Abuse Act with the Racketeer Influenced Corrupt Organizations Act of 1970. That act has been used ostensibly to target Mafia organizations in the United States. The linkage between the two acts appears designed to give investigators and prosecutors the ability to target organized hacking groups “from Russia and other former Soviet-bloc countries,” but given the broad language of the acts, the criminal statutes “could just as easily be applied to anyone affiliated with any kind of suspected hacking group.”

Robert Graham, Chief Executive Officer of Errata Security in Atlanta, Georgia, said that just hanging out in an internet-relay chat room and “giving advice to people now makes you a member of a ‘criminal enterprise,’ allowing the [Federal Bureau of Investigators] to sweep in and confiscate all your assets without charging you with a crime.”

Many of the proposals are aimed at cracking down on “spying devices,” but the legal language of the proposed act does not define with any detail the nature of the “intercepting devices” that would be prohibited. The broad language of the proposed act is such that an ordinary laptop computer running a so-called “cookie-sniffing program” that can intercept and, potentially, unpack cookies with user name and password login credentials, could be considered in the same category as terrorist and chemical weapons.

Many companies ask security employees or consultants to employ cookie-sniffing software to test the efficacy and reliability of internal anti-hacking measures. These “test” hacks would violate the letter of the anti-hacking law, subjecting businesses that offer cyber-security services to criminal liability.

Graham also illustrated how individuals and companies not connected to a data breach but who report on or link to the same can be swept up into the ambit of the proposed criminal legislation.

Graham tweeted that the New York Times had accidentally posted its employee database online, complete with social security numbers of employees, their passwords and other sensitive information. Graham included a link to the post in his tweet. Tweets are short, public posts that people make on the website Twitter.

In reality, the New York Times did not accidentally post its employee database. But if it had, and if Graham had linked to the accidental post, he would have been subject to criminal charges and ten years in federal prison.

Cardozo linked to a real story on TechCrunch listing the “worst passwords of 2014.” Under the administration’s “insane proposal,” he wrote, he too could be subject to a ten-year federal prison sentence.

Arnold & Smith, PLLC is a Charlotte based criminal defense, traffic violation defense and civil litigation law firm servicing Charlotte and the surrounding area. If you or someone you know need legal assistance, please contact Arnold & Smith, PLLC today at (704) 370-2828   or find additional resources here.

 

 

About the Author

jbradley.jpgBrad Smith is a Managing Member of Arnold & Smith, PLLC, where he focuses on the areas of criminal defense, DUI / DWI defense and traffic defense.

Mr. Smith was born and raised in Charlotte. He began his legal career as an Assistant District Attorney before entering private practice in 2006.

In his free time, Mr. Smith enjoys traveling, boating, golf, hiking and spending time with his wife and three children.

 

 

Sources:

http://www.tomsguide.com/us/obama-cfaa-revisions-infosec,news-20330.html

http://www.irchelp.org/irchelp/chanlist/

http://codebutler.com/firesheep/

 

 

Image Credit

http://commons.wikimedia.org/wiki/File:Computer_hacking.jpg

 

 

See Our Related Video from our YouTube channel:

https://www.youtube.com/user/ArnoldSmithPLLC/videos

 

 

See Our Related Blog Posts:

Constitutional Crisis?

Businesses face civil and criminal penalties for refusing same-sex business

Contact Information