Anti-cybercrime laws are being weaponized to repress journalism (cjr.org)
300 points by giuliomagnifico 18 hours ago
dlcarrier 17 hours ago
US federal regulations are full of laws that take something minor or completely legal, and add huge punishments because someone used technology. All the way back in 1952, fraud punishments were worse if someone used a telephone to commit fraud. In 1982 the Computer Fraud and Abuse Act added even more punishment, if someone used a computer.
Fraud is bad, and it should be illegal, but why have different punishments based on what technology someone used?
Laws like this go outside of fraud, and often are clearly unconstitutional, like the Unlawful Internet Gambling Enforcement Act of 2006, which made lawful gambling illegal too, until it was effectively overturned with Murphy v. National Collegiate Athletic Association in 2018.
xoa 17 hours ago
>but why have different punishments based on what technology someone used?
So first as foundation, I see no reason to pretend that the law is always perfectly thought through and logical particularly when it comes to crime. And even when laws have been done for the time, that also doesn't mean circumstances haven't changed over the decades while the law remained static.
That said, in principle punishment embodies multiple components and a major aspect is deterrence. The deterrence value in turn interplays with components like barrier to entry, scaling of the potential harm and the likelihood of getting caught. Usage of technology can have a significant impact on all of this. It's significantly more challenging and expensive to prosecute crimes that stretch across many jurisdictions, technology can also have a multiplier effect allowing criminal actors to go after far more people, both in terms of raw numbers and in terms of finding the small percentage of the vulnerable, and perceived anonymity/impunity can further increase number of actors and their activity levels. It also has often implied a higher degree of sophistication.
All of that weighs towards a higher level of punishment even as pure game theory. That doesn't mean the present levels are correct or shouldn't be only a part of other aspects of fighting fraud that depressingly frequently get neglected, but it's not irrational to punish more when criminals are generating more damage and working hard to decrease the chance of facing any penalties at all.
aleph_minus_one 4 hours ago
> So first as foundation, I see no reason to pretend that the law is always perfectly thought through and logical particularly when it comes to crime.
You will of course never reach perfection, but considering that when a law is applied, a lot of violence (police, jail, ...) gets involved, a politician who does not dedicate his life towards making the laws as perfect as humanly possible (with the ideal of finding an imperfection in the laws as big of a human breakthrough as the dicovery of quantum physics or general relativity) clearly does not deserve to be elected.
coldtea 4 hours ago
ajmurmann 15 hours ago
You have to levers to enforce law. You can get better at catching lawbreakers or punish those that are caught harder. There are studies that show that catching a higher percentage of criminals and punishing them in a timely fashion leads to lower crime than punishing those you do catch harder. Europe in general has more police officers per capita and higher conviction rates that happen more timely. The US on the other hand spends more on prisons and has her officers. I think this is partially cultural and due to how responsibilities and finance are set up between local, state and federal government in the US.
Fraud via phone or computer is harder to catch. So the US follows it's established pattern and instead of hitting efforts for law enforcement increases punishment
franga2000 15 hours ago
Europe has a similar problem of over-punishing "crimes with a computer". In many EU countries, there's no punishment for trespassing, but even accessing an open network share that you found on Shodan, looking around out of curiosity, then disconnecting, is punishable with prison time.
tptacek 17 hours ago
The big problem with CFAA isn't particular to CFAA at all; it's that it shares the 2B1.1 loss table with all the other federal criminal statutes, and computers are very good and very fast at running the number on that table up. It's a real problem and I'm not pushing back on the idea that something should change about it, but I wouldn't characterize the problem the way you do, as the law singling out crimes involving computers.
Part of the history of CFAA was that it was passed because the state of the law preceding it didn't comfortably criminalize things like malicious hacking and denial of service; you can do those things without tripping over wire fraud.
AnthonyMouse 16 hours ago
> it's that it shares the 2B1.1 loss table with all the other federal criminal statutes, and computers are very good and very fast at running the number on that table up.
That's a problem with it, but another big one is that it's inherently ambiguous.
The normal way you know if you're authorized to do something with a computer is that it processes the request. They're perfectly capable of refusing; you get "forbidden" or "access denied" but in that case you're not actually accessing it, you're just being informed that you're not allowed to right now. So for there to be a violation the computer would have to let you do something it isn't supposed to. But how are you supposed to know that then?
On a lot of websites -- like this one -- you go to a page like https://news.ycombinator.com/user?id=<user_id> and you get the user's profile. If you put in your user there then you can see your email address and edit your profile etc. If the server was misconfigured and showing everyone's email address when it isn't supposed to, how is someone supposed to know that? Venmo publishes their users' financial transactions. If you notice that and think it's weird and write a post about it, should the company -- possibly retroactively -- be able to decide that the data you're criticizing them for making public wasn't intended to be, and therefore your accessing it was a crime? If you notice this by accident when it's obvious the data shouldn't be public -- you saw it when you made a typo in the URL -- should there be a law that can put you in jail if you admit to this in the process of making the public aware of the company's mistake, even if your access resulted in no harm to anyone?
The wording is too vague and it criminalizes too much. "Malicious hacking" might not always be wire fraud but in other cases it could be misappropriation of trade secrets etc., i.e. whatever the actual act of malice is. The problem with the CFAA is that it's more or less attempting to be the federal computer law against burglary (i.e. unlawful entry with the intent to commit a crime) except that it makes the "unlawful" part too hard to pin down and failed to include the part about intent to commit a crime, which allows it to be applied against people it ought not to.
JumpCrisscross 16 hours ago
tptacek 16 hours ago
terminalshort 16 hours ago
There ought to just be a blanket criminal law for intentionally causing financial damages to citizens over a certain amount. Fraud is typically a civil matter, but the problem comes when someone causes $5000 of fraud to 200 people, which is made much easier by the internet. It doesn't make financial sense to sue for that amount. If we had a law that intentionally causing $1 million or more of civil damages is also a felony punishable by up to 10 years in prison this would allow DAs to apply well deserved criminal penalties without having the possibility of criminalizing harmless behavior.
tptacek 16 hours ago
terminalshort 17 hours ago
The governing bureaucrats of the post WWII period have decided that the limited government of the previous era does not give them the level of control over citizens lives that they want. They know that rolling back existing protections is difficult politically since those pesky citizens don't know what's good for them. So our ruling betters need to be a bit more clever. They stoke fear over criminals being out of control because they are using scary new technology that the police just can't handle. Therefore we need to pass harsh new laws to control it. Of course over time that "scary new technology" becomes the routine way everybody communicates, but now without the legal protections that the old system had.
hekkle 11 hours ago
At least they are disguising it. Australia has, in the state of SA the "Police Complaints and Discipline Act 2016", that expressly allows police officers to investigate their own corruption, and when they inevitably conclude they did nothing illegal, anyone who complains to anyone other including human right's organisations will be arrested and charged.
Source: I was arrested by my ex-wife's boyfriend, who denied all my human rights in detention. All his ridiculous charges were thrown out, but he, and his police partner was allowed to investigate himself as to whether he violated any laws. I then received a threatening letter from the Attorney-General telling me I would be charged if I brought it up the particulars of it with anyone.
instagraham 7 hours ago
This is why I harp about platforms needing to become decentralised and un-censorable. I was hoping the fediverse could become something in that direction but I'd also had hopes for things like IPFS, Matrix (Element I think used to host videos), DLive, SteemIT, etc. User adoption and network effects are really the only limiting factors - but as people get more disillusioned with Meta and X, there is always a space for competing platforms.
I take an Occam's Razor to the usual arguments against it - the problems these create (fake news, slander, etc) are already prominent in regulated media platforms, which also rely on community moderation as a result. The solutions it enables (space for fearless/citizen reporting, Streisand effects for censorship rather than big-tech powered banhammers) are wholly absent in regulated media.
Besides tech, and going by the press freedom index, one's only hope for good journalism today would be to incorporate in New Zealand. But you'd still have to face the odds of your content being banned in the countries they report on.
The other issue with the anti-press efforts by governments is that it weaponises the state against on-ground journalism and ends up encouraging out-of-country reporting as a result.
inglor_cz 3 minutes ago
This is why I harp about platforms needing to become decentralised and un-censorable
I wish people could handle such platforms responsibly. In practice, the first decentralised and un-censorable platform will be immediately overrun with CP and drug emporia. And I say this as someone who appreciates civic freedoms and libertarianism... Some people are genuinely shitty and have an "anti-Midas touch" which turns everything they touch to shit.
burningChrome 7 hours ago
>> but as people get more disillusioned with Meta and X, there is always a space for competing platforms.
Diaspora way back when had a chance to take hold of the flame and do some damage to Meta. Even after it was released, I moved to it immediately. Nobody from any other social platform would join me.
Its one thing to create a decentralized platform, its quite another to overcome the network effect where friends and family and have other friends and family and they can't move now because none of their friends or family will move. This is why there was a very narrow window before Meta became the juggernaut it is today to get people to move to a more decentralized platform.
Now? Close to 100% impossible to win that game - regardless of the opportunity for freedom from censorship and government overreach. There will be small pockets of people moving to them, but there's a good chance we will never see the kind of numbers that Meta, X, YouTube or other platforms have right now. They are just so entrenched at this point.
godelski 7 hours ago
Isn't Threads now federated? I just heard about it, I don't use Threads though or much outside HN
phendrenad2 16 hours ago
Why is this surprising to anyone? When the government is corrupt, the laws are just a convenient cover for doing whatever you wanted to do anyway.
Secondly, which countries does the article mention? Nigeria, Pakistan, Georgia, Turkey, and Jordan. Such countries strain the definition of "government" let alone "law".
MangoToupe 8 hours ago
> When the government is corrupt
Find me a government and I'll find you corruption.
alephnerd 8 hours ago
Corruption and abuses of power exists in most countries, but the degree to which these abuses of power occur in Nigeria (hybrid regime), Pakistan (hybrid regime), Georgia (illiberal democracy turned hybrid regime), Turkey (illiberal democracy turned hybrid regime), and Jordan (hybrid regime) compared to their peers let alone Western countries is fairly well known.
The EIU, V-Dem, CPI, World Bank, and various other benchmarks highlight this as well.
skopje 6 hours ago
You are oversimplifying. There are degrees of corruption. Just like there are degrees of crime: running a traffic light isn't the same as shooting someone. This is not to dismiss corruption or breaking laws, but oversimplifying is a tactic used by authoritarians to create confusion in people who don't want to think too hard abit things. Marcos and Aquino, Amin, Putin... Trump is more like Marcos, not massive slaughter but oligarchs aren't even pretending to hide in the shadows. I'm sure US's good guy Jimmy Carter had some corruption but is no where mear Marcos.
ChrisMarshallNY 12 hours ago
People will abuse any law they can.
> "Any proposal must be viewed as follows. Do not pay overly much attention to the benefits that might be delivered were the law in question to be properly enforced, rather one needs to consider the harm done by the improper enforcement of this particular piece of legislation, whatever it might be."
-Lyndon B. Johnson
sonicvroooom 12 hours ago
200 good software and marketing engineers that ignore studies and fight for a good, evolutionary rational cause ... as good as they make proxy farms for scraping ... damn ... so much after work, so much to write about, so much to critique, so. much. capital.
tptacek 17 hours ago
These aren't really cybercrime laws as such; they're cybercrime statutes that include defamation and misinformation laws; it's those speech restrictions, which are explicit and not a knock-on consequences of fighting what we consider "cybercrime", that are the root of this reporting.
8sigma 6 hours ago
I won't be surprised if governments start outlawing journalism.
walterbell 17 hours ago
"US declines to join more than 70 countries in signing UN cybercrime treaty", 200 comments, https://news.ycombinator.com/item?id=45760328
the first global framework “for the collection, sharing and use of electronic evidence for all serious offenses”.. the first global treaty to criminalize crimes that depend on the internet.. [it] has been heavily criticized by the tech industry, which has warned that it criminalizes cybersecurity research and exposes companies to legally thorny data requests. Human rights groups warned.. [it] forces member states to create a broad electronic surveillance dragnet that would include crimes that have nothing to do with technology
https://www.atlanticcouncil.org/blogs/new-atlanticist/the-un...
> states parties are obligated to establish laws in their domestic system to “compel” service providers to “collect or record” real-time traffic or content data. Many of the states behind the original drive to establish this convention have long sought this power over private firms.
tptacek 17 hours ago
So, (1) this is a dead letter because UN cybercrime isn't going to happen here, and (2) it's not a good treaty and I wouldn't support it anyways, but the UN cybercrime convention doesn't have any of the problematic terms discussed in this CJR article. It seeks to criminalize:
(7) Unlawful access to systems
(8) Interception and wiretapping
(9) Interfering with data (presumably: encrypting and ransoming databases)
(10) DOS attacks
(11) Knowlingly selling hacking tools to criminals
(12) Forging online documents
(13) Online wire fraud
(14) CSAM
(15) Solicitation and grooming
(16) Revenge porn
Articles 14-16 are the closest you get to something not "according to Hoyle" cybercrime. I wouldn't want them in my cybercrime treaty, but I'd be pretty chill about them being standalone domestic laws.
A reminder: no matter what a UN convention says, treaties don't preempt the US Constitution. We could not enforce a treaty that includes Nigeria's misinformation terms --- it would violate the First Amendment. (Also useful to know, contrary to widespread belief online, that a self-executing treaty is itself preempted by statutes passed after it).
kristjank 17 hours ago
>Well meaning
yeah, right
ugur2nd 16 hours ago
Welcome to Earth! Some people really enjoy exploiting legal loopholes.
Two years ago, I was sued for $10,000 in copyright infringement for embedding a YouTube video on my website. They filed a lawsuit by describing the word “embed” as if it were “upload.” But they are two different things. I won the case. But I realized that others didn't.
I learned that the company filed lawsuits against dozens of websites, especially Blogspot sites. I even heard a rumor.
They share content on social media and community sites in a way that entices people, focusing on areas that remain in a gray zone and where few people know it's illegal.
For example, “Embed movies from YouTube and share them on your website. You'll make a lot of money. If I knew how to program, I would do it.” This is just one example. There are many different examples. By the way, my site wasn't a movie site.
They apparently file lawsuits like clockwork against anyone who triggers their radar with the right keywords via Google Alerts.
Cybercrimes are just another reflection of this. If I could, I'd share more, but I don't want to go to jail. Freedom of expression isn't exactly welcomed everywhere on the internet.
terminalshort 17 hours ago
> Across the world, well-meaning laws intended to reduce online fraud and other scourges of the internet are being put to a very different use.
If only someone, anyone, could have foreseen this /s. I read so many HN comments about the "slippery slope fallacy," back when the powers that be were censoring the people that they didn't like. I bet they'll be right back where they were next time the government is going after the "misinformation" they don't like.
ThrowawayTestr 16 hours ago
Everyone is an authoritarian towards the other side.
hunterpayne 16 hours ago
No, not everyone is like that. But plenty of people are.
hsuduebc2 14 hours ago
Any instrument that can be used to repress opposition should be minimal, transparent, and tightly limited if it must exist at all. When power gets new levers, it always finds new ways to pull them.
But in this case it may be designed for that purpose.
gxs 17 hours ago
> One provision in particular—Section 24, which made it illegal to publish false information online that was deemed to be “grossly offensive,” “indecent,” or even merely an “annoyance”—has been especially ripe for abuse
I mean how is this surprising to anyone?
Grossly offensive is in the eye of the beholder
hunterpayne 15 hours ago
> Grossly offensive is in the eye of the beholder
Quite right. However, certain media outlets have knowingly published false information and when pushed on this they claim that those reports happened as part of the "opinion" part of their reporting. Before you get smug, your side does it too (as does mine). I'm am less concerned with blaming people than coming up with a mitigation of these issues.
So I think we need a 2 class system of reporting. A factual part where knowingly reporting false information has consequences. And an opinion part where it doesn't. Journalists would claim they already do this but here is the new policy. Reporting must constantly and clearly show to which class the report belongs. So maybe a change in background color on websites, or a change in the frame color for videos. Something that make it visually and immediately clear to which class this reporting belongs. That way people can more accurately assess the level of credibility the reporting should have.
gxs 15 hours ago
In a different time when different mindsets prevailed, the US government handled this about as well as you could hope
The Fairness Doctrine is irrelevant today because of the way news is published/broadcast, but was effective in my humble opinion
From Wikipedia: “ The fairness doctrine had two basic elements: It required broadcasters to devote some of their airtime to discussing controversial matters of public interest, and to air contrasting views regarding those matters.”
And without getting too political, the beginning of a lot of our media woes in terms of news correlates nicely with when the doctrine was revoked
SilverElfin 17 hours ago
What’s the principled line between journalism and crime, if there is one that isn’t just opinion? Often journalists are not just protecting sources but guiding them or encouraging them. And those sources are sometimes committing crimes like leaking trade secrets or other confidential info.
croes 17 hours ago
> Often journalists are not just protecting sources but guiding them or encouraging them.
Source?
burningChrome 6 hours ago
The Rolling Stone scandal around "A Rape On Campus" article is a good example:
Rolling Stone’s investigation: ‘A failure that was avoidable’: https://www.cjr.org/investigation/rolling_stone_investigatio...
Last July 8, Sabrina Rubin Erdely, a writer for Rolling Stone, telephoned Emily Renda, a rape survivor working on sexual assault issues as a staff member at the University of Virginia. Erdely said she was searching for a single, emblematic college rape case that would show “what it’s like to be on campus now … where not only is rape so prevalent but also that there’s this pervasive culture of sexual harassment/rape culture,” according to Erdely’s notes of the conversation"
FrustratedMonky 17 hours ago
So cajoling is a crime?
terminalshort 16 hours ago
Thankfully, no. But from reading comments on the internet it seems like "look what you made me do" is considered a valid excuse by a large percentage of so called adults in the US.
ThrowawayTestr 16 hours ago
Incitement of violence is a crime
BolexNOLA 17 hours ago
> And those sources are sometimes committing crimes like leaking trade secrets or other confidential info
I mean this with all sincerity: So what? What bearing does that have on the journalist and what they are writing?
I am also curious about that claim the other guy asked you about, “Guiding” sources and such.
SilverElfin 16 hours ago
I know it directly from first hand experience. And I liken it to jurisprudence on incitement to violence. Is incitement to theft also punishable? Does the motivation being journalism matter? Why or why not?
malcolmgreaves 14 hours ago
BolexNOLA 15 hours ago
zkmon 16 hours ago
Laws by definition are capsules of power. Some laws give more power to government and some laws give power to some sections of people, such as gender-based or cast-based laws, renter-vs-landlord rules etc. Such laws are easy to be weaponized by the party whom the law favors. Such laws actually increase crime through fake cases. In some Western countries, teen gangs create so much terror, only because they are immune to punishment by law.