Comment by monerozcash

Comment by monerozcash 3 days ago

9 replies

View on Hacker News

>(A) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;

If your goal is to deliberately "poison" their data as suggested before, it's kind of obvious that you are knowingly causing the transmission of information in an effort to intentionally cause damage to a protected computer without authorization to cause such damage.

>Trying to tie some nebulous TOS to a situation that the manufacturer has deliberately created reeks of the same type of website-TOS shenanigans courts have (actually!) struck down.

This has very little to do with the TOS though, unless the TOS specifically states that you are in fact allowed to deliberately damage their systems.

And no, causing damage to a computer does not refer to hackers turning computers into bombs. But rather specifically situations like this.

mindslight 3 days ago

A computer being supplied with false data which it then stores is not damaging the computer - hence there being a provision about fraud. But for this case it's not fraud either, as the person supplying the data is not obtaining anything of value from the false data.

Reply View 6 replies
  • monerozcash 3 days ago

    >the term “damage” means any impairment to the integrity or availability of data, a program, a system, or information;

    Deliberately inserting bad data to mess with their analytics does in fact fit that definition.

    Reply View 5 replies
    • mindslight 2 days ago

      You are construing "integrity" to mean lining up with their overarching desires for the whole setup of interconnected systems regardless of who owns each one. By that measure, stopping the collection of data is impairing its availability on their system.

      I would read that definition as applying only to their computer system - the one you aren't authorized to access. This means the integrity of data on their system has not been affected, even if the source of that data isn't what they'd hoped.

      As I said, the law contemplates a different call out for fraud. This would not be needed if data integrity was meant to be construed the way you're claiming.

      (For reference I do realize the law is quite unjust and I'll say we'd be better off if the entire law were straight up scrapped along with the DMCA anti-circumvention provisions)

      Reply View 4 replies
      • monerozcash 2 days ago

        Why do you think the CFAA is unjust?

        What specific activities does it unjustly criminalize?

        Reply View 3 replies
Xss3 3 days ago

Any reasonable programmer (a peer) would say an unencrypted system that doesnt validate data is an unprotected system.

Reply View 1 reply
  • monerozcash 3 days ago

    It's a legal term, has nothing to do with technical protections.

    Practically any device connected to the internet is a "protected computer". The only case I can think of where the defendant prevailed on their argument that the computer in question was not a "protected computer" was US v Kane. In that case the court held that an offline Las Vegas video poker machine was not sufficiently connected to interstate commerce to qualify as a "protected computer".

    Reply View 0 replies