back to article CFAA latest: Supremes to tackle old chestnut of what 'authorized use' of a computer really means in America

The US Supreme Court has indicated it will finally address an issue that has been causing legal problems for nearly two decades: what exactly is “authorized use” of a computer? If someone is authorized to use a computer – to access a database, for example – is that a blanket authorization, and can they use it so long as they …

  1. Anonymous Coward
    Anonymous Coward

    Charges?

    So does a serving police officer not commit a crime in this state for giving out privileged information for monetary gain anyway? Or does that charge just attract a lower tariff or higher burden of proof?

    1. RichardB

      Re: Charges?

      Not to mention conspiring to interfere with an ongoing police investigation. But I gather that is de rigueur these days in certain circles.

    2. Anonymous Coward
      Anonymous Coward

      Re: Charges?

      So does a regtard not commit a sin on this site by commenting on a story when they clearly have not read the article and are asking questions answered therein? Or does that only apply to those with the integrity to post with a username?

    3. Mark192

      Re: Charges?

      AC asked "does a serving police officer not commit a crime in this state for..."

      Yes, and this was covered, at some length, in the article. I well recommend reading it.

      1. phuzz Silver badge

        Re: Charges?

        I think the OP was asking a rhetorical question and meant "why is there no specific law against a police officer abusing their position for financial gain?". He was charged with two types of fraud, one of which was overturned, neither of which seemed to take his job as a police officer in to account. It's not like corrupt cops are a new thing, how come he wasn't charged with something along those lines?

      2. Cederic Silver badge

        Re: Charges?

        Could you perhaps help me by quoting the part of the article that explains why he was not charged with any offences relating to misconduct in a public office, police bribery, corruption or indeed anything that isn't CFAA related?

        I appear to have missed that part.

  2. jason_derp

    "So does a serving police officer not commit a crime in this state for giving out privileged information for monetary gain anyway?"

    He likely would be, but it's probably about picking your battles. Maybe he committed too many other more-significant crimes that day for anybody to even sweat the small stuff?

  3. Henry Wertz 1 Gold badge

    CFAA?

    I'm familiar with the Computer Fraud and Abuse Act of 1986. The intent of it's clear; it's mean to prosecute for logging into a system you don't have credentials for (i.e. either stolen username/password, dictionary attack or the like, or a hack'n'crack that's bypassing the username/password entirely.) Or for having access but exceeding access (i.e. privilege escalation, you have a user account and get root on there, or another user and start snaffling through their otherwise-inaccessible files.) But, I suppose the court will decide to interpret it how they will.

    I don't think CFAA should even apply in this case; he was an authorized user of the plate system.

    1. Anonymous Coward
      Anonymous Coward

      "he was an authorized user of the plate system"

      But the use wasn't unlimited for his own purposes. And this was a database which gave access to information which should be protected under the law - even if one of the US problem is it lacks a privacy law.

      Did you mean that if I have access to medical records I can hoard them and sell them to health and pharma companies? If I work in a bank I can access at will and use for my personal gain, or give away people's financial status? If I have access to a model database I can sell their telephone numbers and addresses?

      It would be a boon for salesmen that would feel free to hoard their employer customers database and other data. Sysadmins selling web logs....

      The problem here IMHO is if someone even having access to sensitive data to perform a specific task, can access those data at will beyond the permission.

      Still, there should be a difference about one own data (Facebook asking data it does not any rights to ask), and accessing other people's data without a legal reason.

      Once again, US needs a privacy law.

      1. Down not across

        Re: "he was an authorized user of the plate system"

        Did you mean that if I have access to medical records I can hoard them and sell them to health and pharma companies? If I work in a bank I can access at will and use for my personal gain, or give away people's financial status? If I have access to a model database I can sell their telephone numbers and addresses?

        Of course not. Perhaps CFAA, as it currently stands, is not the law for that however.

        IANAL, but surely there are other laws, probably even from time before computers, specifically for disclosure of information especially for monetary gain.

        1. Mark192

          Re: "he was an authorized user of the plate system"

          A hero wrote: "IANAL, but surely there are other laws, probably even from time before computers, specifically for disclosure of information especially for monetary gain."

          This is one of those comment threads where many of the other posters (not you) demonstrate why intelligent people still need things written in a way that removes any need for common sense or a wider understanding.

          As that was kind of the point the article was making, it's amusing/depressing to me that many posters reinforced it with their complete inability to comprehend what the article was on about.

          1. Grinning Bandicoot

            Comments upon comments

            At some point a comment is made that calls for a reply to the comment, then comments but not to the article. So we get remarks relating directly to the article intermixed with debates about the comments and it is my belief that more then a few just prior to your post were those of the latter type. My read is that SCOUS is being charged with making a ruling on defining what "access" means and how to enforce the meaning under the terms of 18USC Section 1030 which on one reading seems open and clear and on the next ambiguities seem to appear. Whatever some comments are about case, some about the crime and the rest as this are about the remarks. In the meantime find a good Russian Imperial Stout and take two as needed, call in the morning if the symptoms are still troublesome.

        2. Anonymous Coward
          Anonymous Coward

          Re: "he was an authorized user of the plate system"

          The problem is computers make particularly easy to commit such illegal actions. They put people in the position to access quickly far more information than was previously available. Their misuse can create far more damages than without. We can't ignore that and pretend it was like before. And people having legal access to such information must bear responsibility for their misuse.

          Why armed robbery is a specific crime? Because a lethal weapon makes far easier to rob someone? Shouldn't a law against robbery be enough?

          Is someone at a bank or hospital access my information without any reason but personal gain, it's not enough it gets fired or even fined - I want him or her prosecuted.

          For the matter once I helped investigating a case when a mail administrator was illegally accessing email of a woman he was infatuated with to know what she was writing to who, and then letting her to know he knew - should this be allowed?

          1. veti Silver badge

            Re: "he was an authorized user of the plate system"

            It's still "accessing and abusing the information" that is the crime, not "using the computer".

            It's like if someone drove a car down a pedestrian precinct, heedless of the damage and distress as people leap out of their way. You don't prosecute them for "driving the car", you prosecute them for "driving it dangerously".

            1. Anonymous Coward
              Anonymous Coward

              "It's like if someone drove a car down a pedestrian precinct"

              Good analogy - in fact there is a whole bunch of law that prescribes how you should use a car in a proper way and how you are punished if you don't, that don't apply if you just walk, because a car with its speed, size and weight is far more dangerous than a pedestrian.

              Same way abusing and misusing a computer can create far bigger damages than without. So why there should not be a specific law to make it a specific crime?

              BTW, would you like a computer license to be able to use one, and without being unable to touch a screen or a keyboard?

            2. Jamie Jones Silver badge

              Re: "he was an authorized user of the plate system"

              Indeed. And if the car you were driving was a company car, you don't get prosecuted for stealing the car just because you used the car outside the terms the company expects.

      2. Someone Else Silver badge

        Re: "he was an authorized user of the plate system"

        Did you mean that if I have access to medical records I can hoard them and sell them to health and pharma companies? If I work in a bank I can access at will and use for my personal gain, or give away people's financial status? If I have access to a model database I can sell their telephone numbers and addresses?

        Whataboutism worthy of any Fox Noise commentard. What about we stick to the subject at hand?

        1. Anonymous Coward
          Anonymous Coward

          Re: "he was an authorized user of the plate system"

          Let's wait someone access your data illegally and damages you, just because he can because he got computer access. Then tell me what you think again.

          I had helped investigate many idiots who accessed data they should not without a specific reason just because they had some kind of access to them. Sometimes just for fun or because the feeling to be those with the "power", sometimes for nasty reasons. And believe me, you would not like to be one of their targets.

          Or maybe you're one of them, and don't want they take your toy away, and risk to caught and face the consequences.

        2. fidodogbreath

          Re: "he was an authorized user of the plate system"

          Whataboutism worthy of any Fox Noise commentard. What about we stick to the subject at hand?

          Um, using authorized data access in an unauthorized way is exactly the subject at hand.

    2. Wade Burchette

      Re: CFAA?

      I believe the district attorney messed up and charged the police officer with the wrong crime. He should have been charged with bribery and not under CFAA.

  4. Anonymous Coward
    Holmes

    Lazy prosecution

    They went after the corrupt cop using the CFAA, but there are lots of other public graft and obstruction of justice statutes that the prosecutors could have used. Perhaps the issue is that they KNOW that he logged into the computer to run the fake license plate, but the actual mechanics of the corrupt quid-pro-quo that he received for running the plate is probably harder to prove in court.

    (I don't remember Sherlock ever having to deal with this stuff. Things were so much simpler back in his day.)

  5. Allan George Dyer
    Joke

    GDPR?

    There's a failure to protect the personal data of the car owner, so the EU should fine the USA for 4% of its global turnover.

    1. Anonymous Coward
      Anonymous Coward

      Given the US's current economic trajectory ...

      ... they should offer to settle all turnover based claims in about 3 months.

  6. AlgernonFlowers4

    Book 'em Danno!

    'He was charged with two cases: committing computer fraud for financial gain (violating the CPAA) and honest services fraud and violating the CFAA. '

    Three 'and' clauses do not make 2 cases or am I reading it wrong?

  7. Cuddles

    Does anyone else feel old?

    "has been causing legal problems for nearly two decades"

    "the CFAA ever since it was enacted back in 1986"

    Much as I hate to admit it, the '80s may have been slightly more than two decades ago.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like