Charges?
So does a serving police officer not commit a crime in this state for giving out privileged information for monetary gain anyway? Or does that charge just attract a lower tariff or higher burden of proof?
The US Supreme Court has indicated it will finally address an issue that has been causing legal problems for nearly two decades: what exactly is “authorized use” of a computer? If someone is authorized to use a computer – to access a database, for example – is that a blanket authorization, and can they use it so long as they …
I think the OP was asking a rhetorical question and meant "why is there no specific law against a police officer abusing their position for financial gain?". He was charged with two types of fraud, one of which was overturned, neither of which seemed to take his job as a police officer in to account. It's not like corrupt cops are a new thing, how come he wasn't charged with something along those lines?
"So does a serving police officer not commit a crime in this state for giving out privileged information for monetary gain anyway?"
He likely would be, but it's probably about picking your battles. Maybe he committed too many other more-significant crimes that day for anybody to even sweat the small stuff?
I'm familiar with the Computer Fraud and Abuse Act of 1986. The intent of it's clear; it's mean to prosecute for logging into a system you don't have credentials for (i.e. either stolen username/password, dictionary attack or the like, or a hack'n'crack that's bypassing the username/password entirely.) Or for having access but exceeding access (i.e. privilege escalation, you have a user account and get root on there, or another user and start snaffling through their otherwise-inaccessible files.) But, I suppose the court will decide to interpret it how they will.
I don't think CFAA should even apply in this case; he was an authorized user of the plate system.
But the use wasn't unlimited for his own purposes. And this was a database which gave access to information which should be protected under the law - even if one of the US problem is it lacks a privacy law.
Did you mean that if I have access to medical records I can hoard them and sell them to health and pharma companies? If I work in a bank I can access at will and use for my personal gain, or give away people's financial status? If I have access to a model database I can sell their telephone numbers and addresses?
It would be a boon for salesmen that would feel free to hoard their employer customers database and other data. Sysadmins selling web logs....
The problem here IMHO is if someone even having access to sensitive data to perform a specific task, can access those data at will beyond the permission.
Still, there should be a difference about one own data (Facebook asking data it does not any rights to ask), and accessing other people's data without a legal reason.
Once again, US needs a privacy law.
Did you mean that if I have access to medical records I can hoard them and sell them to health and pharma companies? If I work in a bank I can access at will and use for my personal gain, or give away people's financial status? If I have access to a model database I can sell their telephone numbers and addresses?
Of course not. Perhaps CFAA, as it currently stands, is not the law for that however.
IANAL, but surely there are other laws, probably even from time before computers, specifically for disclosure of information especially for monetary gain.
A hero wrote: "IANAL, but surely there are other laws, probably even from time before computers, specifically for disclosure of information especially for monetary gain."
This is one of those comment threads where many of the other posters (not you) demonstrate why intelligent people still need things written in a way that removes any need for common sense or a wider understanding.
As that was kind of the point the article was making, it's amusing/depressing to me that many posters reinforced it with their complete inability to comprehend what the article was on about.
At some point a comment is made that calls for a reply to the comment, then comments but not to the article. So we get remarks relating directly to the article intermixed with debates about the comments and it is my belief that more then a few just prior to your post were those of the latter type. My read is that SCOUS is being charged with making a ruling on defining what "access" means and how to enforce the meaning under the terms of 18USC Section 1030 which on one reading seems open and clear and on the next ambiguities seem to appear. Whatever some comments are about case, some about the crime and the rest as this are about the remarks. In the meantime find a good Russian Imperial Stout and take two as needed, call in the morning if the symptoms are still troublesome.
The problem is computers make particularly easy to commit such illegal actions. They put people in the position to access quickly far more information than was previously available. Their misuse can create far more damages than without. We can't ignore that and pretend it was like before. And people having legal access to such information must bear responsibility for their misuse.
Why armed robbery is a specific crime? Because a lethal weapon makes far easier to rob someone? Shouldn't a law against robbery be enough?
Is someone at a bank or hospital access my information without any reason but personal gain, it's not enough it gets fired or even fined - I want him or her prosecuted.
For the matter once I helped investigating a case when a mail administrator was illegally accessing email of a woman he was infatuated with to know what she was writing to who, and then letting her to know he knew - should this be allowed?
It's still "accessing and abusing the information" that is the crime, not "using the computer".
It's like if someone drove a car down a pedestrian precinct, heedless of the damage and distress as people leap out of their way. You don't prosecute them for "driving the car", you prosecute them for "driving it dangerously".
Good analogy - in fact there is a whole bunch of law that prescribes how you should use a car in a proper way and how you are punished if you don't, that don't apply if you just walk, because a car with its speed, size and weight is far more dangerous than a pedestrian.
Same way abusing and misusing a computer can create far bigger damages than without. So why there should not be a specific law to make it a specific crime?
BTW, would you like a computer license to be able to use one, and without being unable to touch a screen or a keyboard?
Did you mean that if I have access to medical records I can hoard them and sell them to health and pharma companies? If I work in a bank I can access at will and use for my personal gain, or give away people's financial status? If I have access to a model database I can sell their telephone numbers and addresses?
Whataboutism worthy of any Fox Noise commentard. What about we stick to the subject at hand?
Let's wait someone access your data illegally and damages you, just because he can because he got computer access. Then tell me what you think again.
I had helped investigate many idiots who accessed data they should not without a specific reason just because they had some kind of access to them. Sometimes just for fun or because the feeling to be those with the "power", sometimes for nasty reasons. And believe me, you would not like to be one of their targets.
Or maybe you're one of them, and don't want they take your toy away, and risk to caught and face the consequences.
They went after the corrupt cop using the CFAA, but there are lots of other public graft and obstruction of justice statutes that the prosecutors could have used. Perhaps the issue is that they KNOW that he logged into the computer to run the fake license plate, but the actual mechanics of the corrupt quid-pro-quo that he received for running the plate is probably harder to prove in court.
(I don't remember Sherlock ever having to deal with this stuff. Things were so much simpler back in his day.)