Some laws are like hidden trap doors—everyone walks through them at some point, but only a few actually fall. For the rich, it’s the law against insider trading; for the wealthy, it’s the law against insider trading; for the rest of us regular folk, it’s the Computer Fraud and Abuse Act.
Federal law enforcement arrested journalist Tim Burke on Thursday and arraigned him in handcuffs. Twelve of the 14 charges against him in the unsealed indictment were brought under the Computer Fraud and Abuse Act (CFAA), a federal anti-hacking statute.
The story begins with Tucker Carlson’s extremely damning 2022 interview with Kanye West. Most interviews have been edited for clarity; in this case, the interview was cut to exclude rambling anti-Semitic rants.That unaired clip and other clips have gone in vice Burke downloaded them from LiveU, a streaming service used by media companies to share video files. The FBI raided Burke’s home last year and seized cellphones, laptops, hard drives and notes.
This indictment is an incredible example of how the CFAA tortures the English language.It accused Burke of “repeatedly exploiting[ing] Compromised credentials gain unauthorized access to a victim entity’s protected computer. ” Burke and his attorneys maintain that he discovered the video clips after using demo login credentials posted publicly on the Internet and that the files could be shared via unsecured public URLs.
If so, this may not be the ideal IT setup for a media organization using LiveU. In fact, they may object very strongly to strangers accessing their content. But is this enough to establish “unauthorized access”? Should it be?
It’s been unclear for a long time whether violating a website’s terms of service constitutes a felony
The scope of outlandish CFAA prosecutions is rich and varied because CFAA can easily be weaponized. The statute relies on “unauthorized” access or access “exceeding authorization.” It doesn’t really specify what a “protected computer” is. (A better question might be: What is an unprotected computer?) For a long time, the question of whether violating a website’s terms of service could constitute a felony punishable by serious prison terms has been murky. Supreme Court Judgments 2021 Van Buren v. United States The scope of the CFAA is small enough that this is no longer an issue. (Timing was unintentionally key; it wasn’t long before Netflix began cracking down on password sharing and Everyone is starting to get mad about AI companies crawling websites against the operators’ wishes. )
Since Burke is a journalist, the first thing that comes to mind might be the case against journalist Matthew Keys, who was convicted in 2015 of posting his former employer’s content management system credentials to a public chat room while urging others to deface the site. Keys’ actions neither resemble hacking nor news reporting, but are being prosecuted under the CFAA’s provision prohibiting “unauthorized causing harm.” This is a different part of the law, although the same thorny issue of what “authorization” means arises again.
But Burke’s case is no different from the much-mourned and admired Aaron Swartz (sometimes called “the Internet’s own boy”) or the unmourned and less-admired Andrew “Wiff” O. Andrew “weev” Auernheimer, often referred to as the “notorious troll” and “terrible human being,” were both charged by the CFAA for stealing readily available information.
Auernheimer’s conviction stemmed from a script that automatically accessed a series of public URLs that unfortunately contained AT&T customer information. Swartz was indicted for stealing JSTOR, a paid academic database that was freely accessible on MIT’s campus network. The theory is that his access began to “exceed authorization” when he logged into the network as Gary Host (G. Host or Ghost), and then deceived him when campus IT tried to prevent his computer from handling too many server requests. his DNS.
Swartz and Auernheimer are not journalists, although both are associated with media publications—Swartz is a contributing editor at a left-leaning magazine deluder, Auernheimer sometimes writes for The Daily Stormer, a white supremacist website he helps run on the technical side. Their respective prosecutions reflected this side of their characters. Swartz took down JSTOR in hopes of liberating academia around the world; Auernheimer didn’t write any of the code that landed him in jail, but he served as the official hype man for the AT&T data breach because he liked attract attention.
In 2014, an appeals court overturned Auernheimer’s conviction on a technicality; Swartz’s case never went to trial because he died in 2013. Aaron’s Law, a bill to reform the CFAA, was introduced after his suicide but has stalled in Congress.
If these two men were written into novels, their characters would be derided as clumsy symbols of the noble and base instincts that drive journalism. In fact, it is shocking that journalists are not consistently prosecuted. Journalists of course end up in trouble when you define “authorization” so loosely – modern journalism is the act of using your computer in a way that someone really wants you not to.
The case against Tim Burke is an almost bizarre throwback to history. People on all sides—the Legislature, the courts, even the Department of Justice—seemed to know something was wrong with the CFAA. It’s a law that can be adapted to a dizzying array of circumstances and can bring down progressive idealists and bona fide neo-Nazis equally effectively. Again we squinted at the site and asked, “Is this a protected computer?”