ComputerFraudAndAbuseAct
Latest
DJI threatens legal action after researcher reports bug
In August, DJI announced that it was launching a bug bounty program that would give out rewards to people who could find flaws in its software. The company said it would pay between $100 and $30,000 depending on the flaw. But according to an essay written by security researcher Kevin Finisterre, and reported by the Verge, the program isn't off to a great start.
ACLU sues US over law limiting data discrimination studies
It's no secret that algorithms can be biased against certain demographics, but the American Civil Liberties Union wants more proof -- and it's willing to go to court to get it. The organization has sued the US in the belief that the Computer Fraud and Abuse Act prevents studies on algorithm-powered discrimination, allegedly violating free speech rights. As the Act makes it a crime to violate a website's terms of service, the ACLU claims, it's frequently impossible to comb through publicly available site data that would reveal racism, sexism or other biases in the code. That, in turn, hampers researchers and journalists (the ACLU is representing The Intercept's publisher in this case) who want to expose illegal behavior.
Court says violating your work's computer policy isn't a crime
Your employers might shake their fists when you check Facebook at work, but they can't have you sent to prison for it. A US appeals court has ruled that breaking corporate computer policies isn't against the law all by itself -- you have to commit a specific crime to get in trouble. Prosecutors had tried to argue that an NYPD officer was violating the Computer Fraud and Abuse Act by looking up people for non-police purposes (which violates policy), but the court thought this was an overly broad interpretation. If that's illegal, the court says, "millions of ordinary computer users" would also be breaking the law.
App developers could face US privacy investigation
Hey app, did you just send my personal data or my phone's unique electronic identification number over the internet without my permission? Federal prosecutors in New Jersey are trying to answer this question in an ongoing investigation, the Wall Street Journal reports. The federal probe aims to discover if any apps built for iOS, Android or other smartphones are illegally collecting or transmitting personally identifying information, such as the phone's unique device identifier (UDID), to app makers or third parties without consent from end users. Gathering information that can be used to personally identify an individual without adequately disclosing what data will be collected and how it will be used could violate the Computer Fraud and Abuse Act designed to prosecute hackers. The investigation, which could continue for months, appears to be in a preliminary phase. In a document filed with the Securities and Exchange Commission on Monday, the online music service Pandora revealed it had been "served with a subpoena to produce documents in connection with a federal grand jury, which we believe was convened to investigate the information sharing processes of certain popular applications that run on the Apple and Android mobile platforms." The Oakland, CA, company added that it's "not a specific target of the investigation" and believes the subpoenas were issued "on an industry-wide basis to the publishers of numerous other smartphone applications."
