Tag Archive for: supreme

The Supreme Court Is Ruling On an Anti-Hacking Law

/in


The US Supreme Court heard arguments on Monday for a case that could change how the nation treats hacking and cybercrime.

The ruling will come sometime later this year or early next year, and it could be either way. Best case scenario: We’ll start being more fair to white-hat hackers who locate and warn of major security vulnerabilities. Worst case? Lying about your height on Tinder becomes a federal crime.

That’s right, the stakes are high on this one. Here’s what to know about the last 30-plus years of US hacking law.

The Computer Fraud and Abuse Act

Since 1986, the Computer Fraud and Abuse Act (CFAA) has been the single biggest cybercrime law in the US. It’s widely considered outdated, as you might expect from a law about the internet that was passed just a year after the last season of Stranger Things was set.

Because it’s so old and vaguely worded, the law can be used to prosecute any hackers. But a “hacker” is anyone who exploits an online security bug or flaw, and exploiting a flaw is pretty much the only way to determine that one exists. So, under the CFAA, anyone who helps an existing site strengthen its security — potentially protecting the private data of millions in the process — could be prosecuted for a federal crime.

This isn’t a hypothetical, either. Take the massive 2017 Equifax data breach, which saw the credit reporting company expose its data on 143 million U.S. consumers, from names and Social Security numbers, to addresses, birth dates, and even drivers license numbers. A security researcher had actually spotted the vulnerability months earlier, and had warned Equifax, but didn’t go public with the information due to the legal and professional risk.

The Van Buren v. United States Case

The case in question here is Van Buren v. United States. The defendant is Nathan Van Buren, a former Georgia police sergeant, who was convicted under CFAA of taking a bribe and using his access to a police license plate database to look up an individual without authorization. He was prosecuted on two counts — for getting a kickback for accessing the database and for violating the CFAA — but only the CFAA violation stuck. If Van Buren v. United States goes his…

Source…

Supreme Court Expresses Skepticism Over 1986 Computer Crime Law

/in


Illustration for article titled Supreme Court Skeptical About Law That Could Have a Chilling Effect On Security Research

Photo: Drew Angerer / Staff (Getty Images)

The Supreme Court on Monday expressed skepticism about the sweeping nature of the 1986 Computer Fraud and Abuse Act, claiming that the cybercrime law — the only one of its kind in the United States — could lead to a slippery slope where average Americans are criminalized for innocuous transgressions like checking Facebook at work.

The reexamination of the law comes during arguments for a case involving a Georgia police officer convicted of violating the Act after he accessed a license plate database in during an attempt to obtain information on a strip club dancer in what lawyers argued was an improper manner. Lawyers for the officer, Nathan Van Buren, say that he had not violated the CFAA and had, in fact, had legitimate access to the database through the course of his work.

The case — the first significant challenge to the scope of the CFAA to reach the nation’s highest court — spurred a string of amicus briefs from a wide range of technology, privacy and cybersecurity experts, many of whom argued that the law could discourage computer researchers and good-faith hackers from uncovering and disclosing security flaws.

“Under the government’s broad interpretation of the CFAA, standard security research practices — such as accessing publicly available data in a manner beneficial to the public yet prohibited by the owner of the data — can be highly risky,” one group of experts wrote.

Despite arguments from the government’s lawyer, Deputy Solicitor General Eric Feigin, that anxieties about overzealous enforcement of the law were overhyped, many of the Justices seemed concerned about the law’s broad scope.

G/O Media may get a commission

According to Justice Neil Gorsuch, the DOJ’s argument threatened to “[make] a federal criminal of us all.” Justice Sonia Sotomayor argued that the government was “…asking us to write definitions to narrow what could otherwise be viewed as a very broad statute, and dangerously vague.”

Other members of the bench raised concerns about the key terms outlined in the statute.

“What is this statute talking about when it speaks of information in the computer?” Justice Samuel Alito asked…

Source…

The Supreme Court will hear its first big CFAA case – TechCrunch

/in


The Supreme Court will hear arguments on Monday in a case that could lead to sweeping changes to America’s controversial computer hacking laws — and affecting how millions use their computers and access online services.

The Computer Fraud and Abuse Act was signed into federal law in 1986 and predates the modern internet as we know it, but governs to this day what constitutes hacking — or “unauthorized” access to a computer or network. The controversial law was designed to prosecute hackers, but has been dubbed as the “worst law” in the technology law books by critics who say it’s outdated and vague language fails to protect good-faith hackers from finding and disclosing security vulnerabilities.

At the center of the case is Nathan Van Buren, a former police sergeant in Georgia. Van Buren used his access to a police license plate database to search for an acquaintance in exchange for cash. Van Buren was caught, and prosecuted on two counts: accepting a kickback for accessing the police database, and violating the CFAA. The first conviction was overturned, but the CFAA conviction was upheld.

Van Buren may have been allowed to access the database by way of his police work, but whether he exceeded his access remains the key legal question.

Orin Kerr, a law professor at the University of California, Berkeley, said Van Buren vs. United States was an “ideal case” for the Supreme Court to take up. “The question couldn’t be presented more cleanly,” he argued in a blog post in April.

The Supreme Court will try to clarify the decades-old law by deciding what the law means by “unauthorized” access. But that’s not a simple answer in itself.

“The Supreme Court’s opinion in this case could decide whether millions of ordinary Americans are committing a federal crime whenever they engage in computer activities that, while common, don’t comport with an online service or employer’s terms of use,” said Riana Pfefferkorn, associate director of surveillance and cybersecurity at Stanford University’s law school. (Pfefferkorn’s colleague Jeff Fisher is representing Van Buren at the Supreme Court.)

How the Supreme Court will determine what…

Source…

Woof: Jack Daniels Takes Fight Over Doggy Chew Toy To The Supreme Court

/in

Back in April, we wrote about a trademark dispute between Jack Daniels and VIP Products LLC. At issue was a doggy chew toy made as clear parody of the Jack Daniels bottle, with the branding changed to “Bad Spaniels”, along with other parody references. While Jack Daniels had initially won in court when VIP sought declaratory judgement that its use was non-infringing, upon appeal to the U.S. Court of Appeals for the 9th District, that decision was reversed. Key to that ruling was the court’s assessment that, due to the parody nature of the product, it was an “expressive work”, and the lower court ought to therefore have applied the Rogers test, and vacated an injunction the lower court had applied.

Accordingly, the court held that, as a threshold matter, the Rogers test needed to be applied. Under that test, a trademark infringement plaintiff must show that the defendant’s use of the mark either (1) is “not artistically relevant to the underlying work” or (2) “explicitly misleads consumers as to the source or content of the work.”  Id. at 9 (quoting Gordon, 909 F.3d at 265). The Ninth Circuit vacated the district court’s finding of infringement and remanded for a determination, in the first instance, of whether Jack Daniel’s can satisfy either element of the Rogers test.

But instead of proceeding along those lines, it seems that Jack Daniels instead wants to have a fight at the U.S. Supreme Court over whether a parody dog chew toy truly is expressive. The appeal takes particular umbrage at the lower court’s sense of humor.

Because the court of appeals thought [VIP Products’] notorious copying was funny, it held that the company has a First Amendment interest in confusing consumers into believing that Jack Daniel’s sponsors a dog toy spotlighting poop.

The more serious aspects of the filing focus on just where and how Fair Use can be applied in trademark law.

The Lanham Act provides that certain categories of use “shall not be actionable” as dilution. One excluded category is “[a]ny fair use . . . other than as a designation of source for the person’s own goods or services.” 15 U.S.C. § 1125(c)(3)(A) (emphasis added). The Act identifies parody as a permitted fair use, but it excludes the parodist from liability only so long as the parodist does not use a trademark as its own designation of source. Id. § 1125(c)(3)(A)(ii). The Ninth Circuit did not apply that exclusion here, presumably because it had no basis to reverse the district court’s conclusion that VIP Products used Jack Daniel’s trademarks as a designation of source.

Which is one hell of a presumption. What the court actually did, instead, is recognize the product as parody, deem it expressive because of that, and then indicated that the use of any trade dress or marks therefore didn’t act as a source identifier. In other words, the lower court indicated that this ought to be a fight over customer confusion rather than how closely the parody’s branding compared with the subject of that parody.

Which is exactly the correct arena for this to be fought in. Because of the clear parody nature of the product, the proper question is will the public be confused into thinking it was buying a product that has any actual association with Jack Daniels. That Jack Daniels doesn’t want to have this fight on those grounds should tell you everything you need know.

Techdirt.