Hoping to pursue an exciting and lucrative career in the world of crime? These days a Harvard MBA and a solid knowledge of international banking laws is as good a qualification as it gets. If you don't have the grades or can't swing the tuition, there's always option B: Buy a weapon at a gun show, pull a stocking over your head, and head off to the nearest convenience store.
But whatever you do, don't study computer science. Don't learn about the intricacies of networking and Web servers. Don't even think about messing with the InterTubes -- then you're truly dangerous, and an example must be made of you.
[ Cash in on your IT stories! Send your IT tales to firstname.lastname@example.org. If we publish it, we'll keep you anonymous and send you a $50 American Express gift cheque. | For a humorous take on the tech industry's shenanigans, subscribe to Robert X. Cringely's Notes from the Underground newsletter. | Get the latest insight on the tech news that matters from InfoWorld's Tech Watch blog. ]
I'm not just talking about the tragic suicide of Aaron Swartz, who chose to kill himself rather than face jail time for illegally downloading academic papers. There's also Andrew "Weev" Auernheimer, sentenced last month to 41 months in prison for "hacking" AT&T's website to extract the email addresses of 114,000 iPad owners -- many of them in government agencies. How did Weev hack the site, exactly? By exploiting a stupid design flaw in AT&T's login page, flooding it with URLs containing random 20-digit numbers and watching it spit out email addresses in response.
That's barely skimming the surface. There's Barrett Brown, ex-spokesperson for the Anonymous movement, who's looking at 15 years for posting a URL in a chat session where others could find a few dozen hacked credit card numbers. Matthew Keys allegedly gave the login for his former employer's website to a member of Anonymous; he's facing a possible 10-year sentence and a $250,000 fine if convicted. The list goes on.
Why were these guys facing hard time? Two reasons: One, instead of cowering meekly and accepting their punishments, they thumbed their noses publicly at the authorities. The other is a brain-dead law originally written in 1984 and expanded several times since then called the Computer Fraud and Abuse Act, which serves up harsh penalties for mostly victimless crimes.
Nearly everyone agrees that the CFAA needs to be amended. Even the Republicans who control the House agree -- but they're trying to amend it in the opposite direction. They want to make the CFAA worse than it already is. Mike Masnick at TechDirt breaks down the proposed changes:
Apparently, the House Judiciary Committee has decided to raise a giant middle finger to folks who are concerned about abuses of the CFAA. ... , they began circulating a "draft" of a "cyber-security" bill that is so bad that it almost feels like the Judiciary Committee is doing it on purpose as a dig at online activists who have fought back against things like SOPA, CISPA and the CFAA. Rather than fix the CFAA, it expands it. Rather than rein in the worst parts of the bill, it makes them worse. And, from what we've heard, the goal is to try to push this through quickly, with a big effort underway for a "cyberweek" in the middle of April that will force through a bunch of related bills.