August 15, 2018

Archives for May 2013

Design is a poor guide to authorization

James Grimmelmann has a great post on the ambiguity of the concept of “circumvention” in the law. He writes about the Computer Fraud and Abuse Act (CFAA) language banning “exceeding authorized access” to a system.

There are, broadly speaking, two ways that a computer user could “exceed[] authorized access.” The computer’s owner could use words to define the limits of authorization, using terms of service or a cease-and-desist letter to say, “You may do this, but not that.” Or she could use code, by programming the computer to allow certain uses and prohibit others.

The conventional wisdom is that word-based restrictions are more problematic.

He goes on to explain the conventional wisdom that basing CFAA liability on word-based restrictions such as website Terms of Use is indeed problematic. But the alternative, as James points out, is perhaps even worse: defining authorization in terms of the technical functioning of the system. The problem is that everything that the attacker gets the system to do will be something that the system as actually constructed could do.
[Read more…]

A Response to Jerry: Craig Should Still Dismiss

[Cross-posted on my blog, Managing Miracles]

Jerry Brito, a sometimes contributor to this blog, has a new post on the Reason blog arguing that I and others have been too harsh on Craigslist for their recent lawsuit. As I wrote in my earlier post, Craigslist should give up the lawsuit not just because it’s unlikely to prevail, but also because it risks setting bad precedents and is downright distasteful. Jerry argues that what the startups that scrape Craigslist data are doing doesn’t “sit well,” and that there are a several reasons to temper criticism of Craigslist.

I remain unconvinced.

To begin with, the notion that something doesn’t “sit well” is not necessarily a good indicator that one can or should prevail in legal action. To be sure, tort law (and common law more generally) develops in part out of our collective notion of what does or doesn’t seem right. Jerry concedes that the copyright claims are bogus, and that the CFAA claims are ill-advised, so we’re left with doctrines like misappropriation and trespass to chattels. I’ll get to those in a moment.
[Read more…]

Collateral Freedom in China

OpenITP has just released a new report—Collateral Freedom—that studies the state of censorship circumvention tool usage in China today. From the report’s overview:

This report documents the experiences of 1,175 Chinese Internet users who are circumventing their country’s Internet censorship—and it carries a powerful message for developers and funders of censorship circumvention tools. We believe these results show an opportunity for the circumvention tech community to build stable, long term improvements in Internet freedom in China.

The circumvention tools that work best for these users are technologically diverse, but they are united by a shared political feature: the collateral cost of choosing to block them is prohibitive for China’s censors. Our survey respondents are relying not on tools that the Great Firewall can’t block, but rather on tools that the Chinese government does not want the Firewall to block. Internet freedom for these users is collateral freedom, built on technologies and platforms that the regime finds economically or politically indispensable.

Download the full report here: http://openitp.org/?q=node/44

The study was conducted by CITP alums David Robinson and me, along with Anne An. It was managed by OpenITP, and supported by Radio Free Asia’s Open Technology Fund. We wrote it primarily for developers and funders of censorship circumvention technology projects, but it is also designed to be accessible for non-technical policymakers who are interested in Internet freedom, and for China specialists without technology background.