Wyden and Lofgren Introduce Aaron’s Law to Reform the CFAA

aarons law - lofgren - 061913

Download Full Text (PDF) | Source


Aaron’s Law further articulates that a violation of a Terms of Service shouldn’t be considered Wire Fraud, however no place in the law does it state that a Terms of Service violation can be considered as such, in fact it’s very vaguely defined as “any scheme”.

We shouldn’t be relying upon laws to protect networks, when they can be accessed across the Internet internationally. I’m concerned that the laws are not doing enough, and that more attention needs to be given to look at the “laws of computing” and the source code of the software in daily use.

The CFAA isn’t stopping brute force attacks upon many WordPress websites. Preventative actions, hardening the system, and limiting login attempts do a much better job at securing the system. I’ve installed several security plugins to let me know how many times this happens on websites I administrate, and on a weekly basis I’ll receive emails about too many successive login attempts, and an IP address becomes blocked. The software has its own law enforcement.

I’m thankful that many government websites are actually quite friendly and do not need to worry about copyright, since it’s public domain.

There is such hypocrisy with Terms of Service and a large gap between lawyers and software engineers, and anything that bridges that gap will help the most. Websites can make available many RSS feeds to be subscribed to and in their terms of service make it a violation to subscribe, as every feed reader would be storing these feeds into a database. This makes subscribing to any feed, a potential legal liability, except for websites that are free culturally licensed or are public domain, such as government websites.