The Hacker Manifesto lauds the world of the electron and the switch, where the talented are treated equally and the values of curiosity and exploration reign supreme. Yet studying computers, network security, and programming flaws can be a crime or civil offense. Just two examples: In Sony v. Hotz (2011), a case that eventually settled, Sony claimed that researchers who studied the way their own game consoles worked violated the CFAA. And in 2009, the Boston MBTA got a court order to muzzle MIT undergraduates who had discovered flaws in the transit system's payment system and were about to give a talk on their research.
Because of the tragic and untimely death of Aaron Swartz, who committed suicide while awaiting trial on charges he violated the Computer Fraud and Abuse Act (CFAA) by mass downloading academic journal articles, we have an opportunity to amend the CFAA, a federal law that interferes with important and socially beneficial computer security research. We want to revise the CFAA to decriminalize the computer security profession.
How can you help? Have you ever been sued, threatened, or investigated because of security research you performed? We want to hear and share your stories. Tell us How You Almost Went to Prison, so we can learn from your experiences and use them to educate lawmakers about the problems with the CFAA, and suggest a fix.
You can submit your story to us here.
We plan to present your experiences and stories from well-known computer science professors and research professionals at a Center for Internet and Society event to be held the evening of February 19th at 6:00 PM. Hear first hand stories of inappropriate limitations on security work, suggest changes to the law that will protect legitimate security research from legal threats and learn what you can do to help fix the CFAA. Save the date and stay tuned for more details on the event, or sign up for our mailing list.