Read

User menu

Search form

Video: Are Computer Laws Too Tough On "Hacktivists"?

Video: Are Computer Laws Too Tough On "Hacktivists"?
Wed, 10/23/2013 - by Sanya Dosani and Aaron Ernst
This article originally appeared on Al Jazeera America

Although they call themselves Anonymous, it didn’t take federal authorities long to identify members of the loosely affiliated “hactivist” network responsible for high-profile attacks on a series of corporate websites.

In July 2011, the FBI arrested 16 members of the group, accusing them of launching attacks against MasterCard, Visa and PayPal because the companies refused to process payments to Julian Assange’s whistleblower website WikiLeaks.

The attack, known as a distributed denial of service attack, or DDoS, involved using a program called the Low Orbit Ion Canon to send thousands of requests to the targeted website at a coordinated time. Overwhelmed with the volume of requests to view a page, the websites crashed.

In response, 14 members of Anonymous were indicted and charged under the Computer Fraud and Abuse Act (CFAA), a law enacted after a mid-1980s computer-hacking scare. Some of the counts carried more than a decade in prison.

Those charges, and others brought under the CFAA against “hactivists” seeking to remedy what they see as social injustice through online protest, have critics arguing that the potential punishment under the law doesn’t fit the crime.

Tor Ekeland, a New York lawyer who represents several hacktivists being charged under the CFAA, told America Tonight that he’s frustrated by the broad wording of the law.

“It prohibits unauthorized access to protected computers, and obtaining information in in one section,” he said. “So you could go to a website right now, click on a link, and the owner decides that they don’t want you to be at the website. Your access is unauthorized. Bang. You probably committed a felony under the CFAA.”

Ekeland represents Deric Lostutter, a hacktivist who helped expose the rape of a girl in Steubenville, Ohio, with this video. After reading about the case online, he recorded the video, which was then posted on Roll Red Roll, a fan site dedicated to the Steubenville High School football team. Two team members were later convicted of the rape in juvenile court. Lostutter admitted he made the video, but said someone else hacked into the site.

Lostutter’s life changed in April of this year. He had just returned from turkey hunting, he said, and was getting ready to go to work as a computer consultant, when a truck pulled into his driveway. “They jumped out with M16s and pointed them at my head and told me, ‘FBI, get the F down!’” he told America Tonight. “So, I did, and they put me in handcuffs.”

The FBI confiscated Lostutter’s computer and questioned him for hours. He says they later emailed him with a target letter, indicating that the government wanted to charge him with three felonies.

Lostutter believes that the government’s priorities are misplaced. “So you get 25 years in prison for forcibly entering your way into a computer, but one year in prison for forcibly entering your way into a female,” he said. “That’s the message that we’re sending with the Computer Fraud and Abuse Act.”

Federal officials in Ohio did not confirm whether the government plans to press ahead with charges against Lostutter. Few hactivists end up serving decades in jail, but the FBI raid on Lostutter represents a pattern of what many hacktivists told America Tonight is an overzealous crackdown by the government on people who just happen to use computers in old-fashioned protests against social injustice.

The Department of Justice and the FBI's cyber crime division refused multiple requests for an interview. Mark Rasch, a former prosecutor for the Department of Justice who helped write the CFAA, said the government doesn’t want to discourage civil disobedience, but those who break the law for the sake of protest should still face the legal consequences.

“When you do a denial of service attack on a commercial entity or government agency, you have taken it upon yourself to violate the law for a civil disobedience purpose,” he said. “When you do that you run the risk of being arrested.”

But hactivists’ protest tactics extend beyond DDoS attacks.

In December 2011, a politically motivated offshoot of Anonymous called AntiSec breached the website of global intelligence contractor Stratfor, stealing and publishing the passwords, addresses and credit card information of its clients, as well as internal e-mails – a practice known as “doxing.” Within the more than 5 million Stratfor e-mails published were “revelations about close and perhaps inappropriate ties between government security agencies and private contractors.”

Three months later, a man suspected of being behind the hack, Jeremy Hammond, was arrested. He pleaded guilty in May of this year for the Stratfor hack and eight other hacks of law enforcement and defense contractor websites, and faces up to 10 years in prison with his deal.

“I did this because I believe people have a right to know what governments and corporations are doing behind closed doors,” he wrote in a statement after the plea deal. “I did what I believe is right.” According to his supporters, he has been denied bail for being a flight risk and called “more dangerous than an online sexual predator” by the judge presiding his case.

Perhaps the case that has generated the most support for reforming the CFAA has been the tragic story of 26-year-old computer prodigy and Internet activist Aaron Swartz.

Swartz was a well-known figure advocating for freedom of information on the Internet. As a teenager, he helped create RSS, computer code that allows people to get automatic feeds from websites. Over time, he became an open information activist. In 2008, Swartz downloaded and released about 2.7 million public court documents from the Public Access to Court Electronic Records -- better known as PACER -- in an effort to make them available outside of the service, which charges for access to public records.

In 2010, he and Wikler founded the online group Demand Progress, which was instrumental in preventing the passage of the Stop Online Piracy Act, which was criticized for promoting censorship without adequately preventing criminal behavior. He also helped develop SecureDrop, a tool for sources to anonymously share confidential documents with journalists.

But in July 2011, Swartz was charged under the CFAA for using an unauthorized computer to download millions of academic articles from JSTOR, an online library protected by a paywall. The government alleged Swartz intended to distribute the articles to the public.

“It was like checking too many books out of the library,” his friend Ben Wikler told America Tonight. Under the CFAA, Swartz faced 13 felony charges, up to 35 years in prison and a $1 million fine.

In January, just weeks before his trial was set to begin, Swartz committed suicide. His death, which many of his friends arrtibuted directly to the government’s prosecution, raised questions about the fairness of the CFAA, triggered debates about political action in the digital age and served as a rallying point for “Aaron’s Law,” a bill to update the CFAA and narrow its scope.

Introduced by Representatives Zoe Lofgren (D-Calif.), Jim Sensenbrenner (R-Wis.) and Sen. Ron Wyden (D-Ore.) in June, the bill defines unauthorized access, decriminalizes merely violating a website's terms of service and removes a provision allowing prosecutors to bring multiple charges for one violation, among other measures.

But some security professionals, prosecutors and politicians have been critical of efforts to reform the law, fearing it would hamper its enforcement effectiveness. In testimony before the the House Judiciary Committee in 2011, Richard Downing, deputy section chief for computer crime and intellectual property at the Department of Justice, said “limiting the use of such terms to define the scope of authorization would, in some instances, prevent prosecution of exactly the kind of serious insider cases the department handles on a regular basis.” Reformers argue existing laws that cover the misuse of trade secrets address those issues.

Others contend that the poblem isn't the law, but how prosecutors choose to enforce it.

Still, many internet activists maintain that reform is badly needed. “We still need to pass Aaron's Law to stop this from happening the next time,” Swartz’s friend Wilker told America Tonight. “If this ends here, the system beat Aaron in a way. We need to change the system now."

For now, the bill remains in committee, and hacktivsts like Deric Lostutter wait in limbo to see what the future holds.

Originally published by Al Jazeera America

Sign Up

Article Tabs

gun violence, sexual harassment, fracking, universal healthcare

Check out these uplifting tales in an age of diminished expectations.

participatory budgeting, citizen decision-making, Porto Alegre, Brazil

Citizen control of spending decisions means communities decide what their city does and does not do with public funds. For 30 years the process has worked in Brazil, and now it's spreading rapidly.

Did you know that showering less will save some water—sadly, not millions of gallons that fracking operations use in a day—nor will it keep your water safe from contamination—or your house from exploding

Greek economic crisis, Greek bailout, Syriza party, Greek austerity measures, E.U. bailouts, Alexis Tsipras

Poverty, privatizations, debt – in Greece, which just officially "ended" its bailout program, the silent majority can't let go their fear that this might just be the prelude to something worse yet to come.

California, privatization, PG&E, investor-owned utilities, energy utilities, fire risk, fire damage, Global Climate Action Summit, public banks, energy prices, consumer fees

Oil companies heat and dry up the planet, power companies start fires on the dried up land – and we pay the bills.

gun violence, sexual harassment, fracking, universal healthcare

Check out these uplifting tales in an age of diminished expectations.

A 2016 demonstration in Manhattan's Zuccotti Park, where the Occupy Wall Street movement started five years earlier. (Corinne Segal / pbs.org)

We live in a new feudalism. We have been stripped of political power. Workers are trapped in menial jobs, forced into crippling debt and paid stagnant or declining wages. Where will this end?

participatory budgeting, citizen decision-making, Porto Alegre, Brazil

Citizen control of spending decisions means communities decide what their city does and does not do with public funds. For 30 years the process has worked in Brazil, and now it's spreading rapidly.

bank bailouts, criminal executives, bank crimes, foreclosure crisis, subprime mortgages, derivatives market, too big to fail

Here's Why No One Went to Jail After the 2008 Financial Crisis. To many people, this is the single most frustrating post-crisis question.

Did you know that showering less will save some water—sadly, not millions of gallons that fracking operations use in a day—nor will it keep your water safe from contamination—or your house from exploding

California, privatization, PG&E, investor-owned utilities, energy utilities, fire risk, fire damage, Global Climate Action Summit, public banks, energy prices, consumer fees

Oil companies heat and dry up the planet, power companies start fires on the dried up land – and we pay the bills.

Posted 6 days 7 hours ago
participatory budgeting, citizen decision-making, Porto Alegre, Brazil

Citizen control of spending decisions means communities decide what their city does and does not do with public funds. For 30 years the process has worked in Brazil, and now it's spreading rapidly.

Posted 3 days 8 hours ago
“We just want to be able to take care of ourselves as men and women, in this Department of Corrections,” a strike participant from a South Carolina prison said.Photograph by David Paul Morris / Bloomberg / Getty

Wages for incarcerated workers are typically cents per hour, and several states—Alabama, Arkansas, Mississippi, Texas, and South Carolina—use prisoner labor without paying them at all.

Posted 5 days 8 hours ago
Occupy Wall Street, OWS, Occupy protests, Zuccotti Park, wealth inequality, Occupy anniversary

How a movement that eschewed electoral politics is now showing up everywhere in the 2018 progressive resurgence.

Posted 6 days 7 hours ago
too big to fail, public banks, public banking, Bank of North Dakota, financial crisis

When the next crisis hits, the public will once again be called upon to step in and bail out Wall Street. We need to start seriously preparing an alternative response: public banks.

Posted 6 days 7 hours ago
bank bailouts, criminal executives, bank crimes, foreclosure crisis, subprime mortgages, derivatives market, too big to fail

Here's Why No One Went to Jail After the 2008 Financial Crisis. To many people, this is the single most frustrating post-crisis question.

Greek economic crisis, Greek bailout, Syriza party, Greek austerity measures, E.U. bailouts, Alexis Tsipras

Poverty, privatizations, debt – in Greece, which just officially "ended" its bailout program, the silent majority can't let go their fear that this might just be the prelude to something worse yet to come.

FISA warrants, surveillance programs, monitoring journalists, journalist surveillance, FISA court, Freedom of Information Act,

The U.S. government can monitor journalists under a foreign intelligence law that allows invasive spying and operates outside the traditional court system, according to newly released documents.

participatory budgeting, citizen decision-making, Porto Alegre, Brazil

Citizen control of spending decisions means communities decide what their city does and does not do with public funds. For 30 years the process has worked in Brazil, and now it's spreading rapidly.

Occupy Wall Street, OWS, Occupy protests, Zuccotti Park, wealth inequality, Occupy anniversary

How a movement that eschewed electoral politics is now showing up everywhere in the 2018 progressive resurgence.