I'm slowly reading the DoJ "Cyber-Digital Task Force Report", which has good and bad bits. One of the bad bits is this description of "intentional" violation of the CFAA (the anti-hacking law) -- it doesn't always work this way in practice.
It's the "mens rea" clause that part of almost all laws, such as differentiating between "manslaughter" (an accident) vs. "murder" (premeditated). So from the lawyer point of view, this is perfectly normal and reasonable.
The problem is that technical geeks disagree with lay people what "authorized" means. A techy person assumes that if a URL ending in "?articleId=23" is authorized, then so is a URL ending in "?articleId=24", so that editing the URL in your browser's address bar is not a crime.
Indeed, the techies who designed URLs and web browsers designed it this way so that you WOULD edit URLs this way, and that to "browse a website" means doing exactly this.
Yet, the average person does not have the technical capability to do this, and would never dream of editing a URL this way. They only have the ability to click with the mouse on links, from one website to the next, or from google results.
Their view of "authorized" is that if they cannot do it, due to ignorance of how computers work, then it's "unauthorized". Thus, if techies can do it, because of their knowledge, then it's still "unauthorized".
The mens rea "intentionally" clause doesn't help, because even if the techies sincerely believed they were authorized, it doesn't mater. What maters is whether a "reasonable person" (aka. "non techy") would have believed they were authorized.
There's good reason for this "reasonable person" standard in general, as criminals will always try to escape punishment by pretending about their "intentions", but for geeks, it's a real issue.
Writing a script to spider a website is considered some unholy black magic that of course a reasonable person would consider illegal, such as in the Schwartz and Auernheimer cases. Yet, google spiders your website daily, and is obviously "auhtorized" to do so.
The Aaron Swartz case is troubling because he had good reason to believe his access of the JSTOR computers was authorized, but legal system clearly wasn't going to agree with him, and was going to punish him severely.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Robᵉʳᵗ Graham 🤔 [will be at DEF CON]
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!