案列:Lori是一所著名的法学院的教授,他使用Wireshark来查看智能手机上的医疗和健身应用程序将数据发送到哪里。她将笔记本电脑和电话连接到同一无线网络。当她这样做时,Wireshark让她看到无线网络上的所有流量,而不仅仅是笔记本电脑上的流量。这样她就可以看到电话在哪里发送数据。她发现了很多在各种应用程序的使用协议和隐私政策中没有披露的信息。但是,这些使用条款协议和隐私政策禁止使用wireshark等技术监控数据流。(使用条款协议和隐私政策位于与应用程序相关的网站上,而不是应用程序本身)。
其中一个应用程序,对象,它给Lori发了一封信,声明她不再被授权监视进出Befit的数据流。洛里在收到信后继续监视befit。在此之前,根据《计算机欺诈和滥用法》(CFAA),18 USC 1030(a)(2)(c)起诉Lori。本节规定:(1)未经授权故意访问计算机(2),(3)从而获取信息是违法的。假设监控应用程序的数据流被视为根据《计算机欺诈和滥用法》对其进行访问(以及对计算机的访问)。
1给出你认为最有力的理由来证明Lori违反了CFAA。
2给出你认为最有力的论据,证明Lori没有违反CFAA。
3评估哪个论点更好。
1. Give what you take to be the strongest argument for the claim that Lori violates the CFAA. 给出你认为最有力的理由来证明洛里违反了CFAA。
Lori使用Wireshark查看智能手机上的医疗和健身应用程序发送数据的位置。然而,Wireshark让她可以看到无线网络上的所有流量。这不是一个预期的事件。其中一个应用程序,befit,反对并向lori发送一封声明反对意见的信,最后根据《计算机欺诈和滥用法》(以下简称“CFAA”),18 USC 1030(a)(2)(c),起诉lori,该法案规定“任何人故意未经授权或超过授权访问计算机,从而从任何受保护的计算机获取信息“…“应按照本节第(c)小节的规定处罚。”CFAA将Lori的行为视为非法行为,因为她“(1)未经授权故意访问计算机(2),(3)由此获取信息”。
Lori uses Wireshark to see where medical and fitness apps on smart phones send their data. However, Wireshark lets her see all traffic over the wireless network. And this was not an anticipated event. One of the apps, BeFit, objects and sends Lori a letter stating the objection, and finally sues Lori under the Computer Fraud and Abuse Act (hereinafter “CFAA”), 18 USC 1030 (a)(2)(C), which states “Whoever intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains information from any protected computer”... “shall be punished as provided in subsection (c) of this section.” CFAA makes Lori’s conduct illegal as she “(1) intentionally access a computer (2) without authorization, and (3) thereby obtain information”.
If I defend Befit, I will take “without authorization” to be the strongest argument for the claim that Lori violates the CFAA. “Without authorization” means lack of consent, it is unauthorized access and undesirable intrusions, which are indictable cyber intrusions under CFAA.
如果我辩护得当,我将以“未经授权”为最有力的论据,主张洛里违反CFAA。“未经授权”是指未经同意,是未经授权的访问和不受欢迎的入侵,根据CFAA,这是可起诉的网络入侵。
在美国,未经他人同意而不受欢迎地侵入他人的计算机系统受到计算机访问法(如CFAA)的限制,因此,原告给予被告的许可范围直接关系到入侵是否是非法的。更改或构成“未经授权的访问”。
根据合同的一般规则,限制个人访问网页、数据库、软件或其他无形的有价值信息可以通过合同机制(如点击有效合同)来执行。个人或其他自动搜索程序可以查看、下载、编辑和参与与网页、数据、计算机程序以及基于与网站或数据库所有者或管理员签订的合同授予行为范围相关的行为。法院可据此决定授权范围,原告的技术过滤或阻拦推定其不同意。
In the United States, undesirable intrusions into the other person's computer systems without the consent of others are restricted by computer access laws, such as CFAA.Therefore, the scope of the plaintiff's permission granted to the defendant is directly related to whether the intrusion was infringing or constituted "unauthorized access".
According to the general rules of the contract, limiting personal access to a web page, a database, a software, or other intangible valuable information can be carried out through a contract mechanism (such as click on the effective contract). Individuals or other automated search programs may be allowed to view, download, edit, and engage in acts related to web pages, data, computer programs, and the range of granting behaviors based on contracts with the owner or administrator of a Web site or database. The court may accordingly determine the scope of the authorization.The plaintiff's technical filtering or blocking inferred that he did not agree.
In this case, even BeFit did not conduct technical filtering or blocking, it sends Lori a letter, stating that she is not authorized to monitor data flows in or out of BeFit. And the Terms of Use Agreements and Privacy Policies prohibit monitoring data flows using technologies like Wireshark. Therefore, the strongest argument for the claim that Lori violates the CFAA might be “unauthorized access”.
2. Give what you take to be the strongest argument for the claim that Lori does not violate the CFAA.
Under CFAA 18 USC 1030 (a)(2)(C), it is prohibited to obtain information from any protected computer without authorization or exceeds authorized access. If I defend Lori in this case, below reason might be the strongest argument, that is, monitoring data via Wireshark is not obtaining information from any protected computer.
CFAA requires the protection of the "protected computer”. The United States is one of the few countries to ratify the system. According to CFAA, protected computers refer to computers used by financial institutions, the United States Government, or intercontinental commerce.
The CFAA regards the following acts as federal offenses: unauthorized or over-authorized intrusion into a computer and access to classified information on diplomatic relations and national defence by hacking into the computer. Unauthorized or unauthorized access to a computer, if the act involves intercontinental or national exchanges, access to information about financial or credit institutions, information about government departments or agencies, or information from protected computers. Unauthorized and wilful intrusion into any non-public computer of the United States Government, or a dedicated computer of a non-United States government department or agency, for the purpose of influencing the use of it by the United States Government. Unauthorized access to protected computers and knowingly and intentionally committing fraud of $5000 or more lasted for a year. It is an offence not to require the injury to occur if the following acts are committed: modify, destroy, or attempt to modify medical records or medical information, cause or may cause a threat to public safety, cause or may cause damage to computers used in the course of justice, national defence or national security. Buying and selling passwords or other information used to illegally invade protected computers, if such illegal transactions affect intercontinental or external commerce, or if the computers involved are used by the United States Government. Dissemination of information that causes damage to protected computers and attempts to extort money or other valuable goods.
Offending one of the above acts (or its combination), if prosecuted, will result in imprisonment for up to 20 years. In 2000, the court's decision in the case of UNITED STATES OF AMERICA v. MIDDLETON et al interpreted CFAA as requiring the offender to pay compensation to cover the victim's maintenance costs. Back to our case, though Lori monitors the data, these data can be got by anyone who visit these apps via Wireshark. Lori’s conduct did not cause any financial loss or resulted in any consequence stated above. And more importantly, BeFit’s data cannot be regarded as “protected computer” according to CFAA. Therefore, monitoring data via Wireshark is not obtaining information from any protected computer. And this argument will be the strongest argument for the claim that Lori does not violate the CFAA.
3. Evaluate which argument is better.
I go for the second argument that Lori does not violate the CFAA.
The CFAA stipulates that whoever shall bear the corresponding civil liability in the following circumstances:
(1) Anyone who intentionally accesses a computer system without authorization or beyond the authorized scope and obtains information from a protected computer system.And this action involves communications between the states of the United Statesor with foreign countries. The term "protected computer” systemrefers to a computer system connected to the Internet. However, the CFAA does not clearly define the meaning of "unauthorized access", but defines "exceeds authorized access", which refers to the person authorized to access a computer system to obtain or modify the information therein beyond the authorized scope. #p#分页标题#e#
In this case, though the Terms of Use Agreements and Privacy Policies prohibit monitoring data flows using technologies like Wireshark on the websites associated with the app, these apps themselves do not have relevant regulations. It is not proper to accuse Lori violates relevant policies of these apps, such as BeFit.
(2) Whoever knows that the intentional transmission of programs, information, codes or orders would result in damages caused by unauthorized access to a protected computer systems.
In this case, Lori does not intentional transmission any information, and her monitoring conduct on medical and fitness data does not result in any damage to a protected computer. Therefore it is not proper to accuse Lori’s conduct cause any damage to BeFit.
(3) Whoever intentionally had access to the protected computer system without authorization and the action would recklessly cause damage. If so, the injured party can claim for compensation.
In the case Intel Corp. V. Hamidi, Hamidi was fired by Intel in 1996 after a dispute with the company over working conditions. Hamidi, who is strongly dissatisfied with this, sent six emails denouncing Intel six times before 1998.The maximum number of active staff receiving this email is more than 30,000 (the e-mail address mentioned above is the address used in the work of the company). In the e-mail message sent, there is a URL with a link to the Hamidi declaration. The home page details how bad Intel's work environment is. In response, Intel sued the California primary court in 1998, demanding that Hamidi stop sending such emails. Hamidi lost the verdict, and Hamidi appealed to the high court, But it still ended in defeat. Hamidi then appealed to the California Supreme Court in 2003 to win the case. Intel accused Hamidi that the large number of emails that Hamidi sends to its employees "is like junk mail," which "infringes our mail server and causes losses to our business." The California Supreme Court upheld Hamidi's case, 1) The number of messages sent by Hamidi does not reach the level of spam messages; 2) Intel is unable to prove that its computer system functions may be burdened by Hamidi's behavior or actually damaged in any way.
That is to say, Lori shall bear the corresponding civil liability if BeFit can prove Lori’s conduct had recklessly caused damage to BeFit. To sum up, it is not proper to claim that Lori violates the CFAA, because: 1) Lori’s access does not violate the Terms of Use Agreements and Privacy Policies of BeFit directly; 2) BeFit cannot be regarded as “protected computer” according to CFAA; 3) Lori’s conduct had not recklessly cause damage to BeFit.
|