Category Archives: Reform the CFAA

Lauri Love – A Call to Action to Friends in the US

As read at the Aaron Swartz Day Evening Event, on November 5, 2016, at the request of Noah Swartz                    Free Lauri Love Website

By Mustafa Al-Bassam (friend of Lauri)

Lauri Love is a computer scientist from the UK, who was a long-time friend of Aaron Swartz. He is facing extradition to the United States for various CFAA charges, including his alleged involvement in a series of online protests that followed Aaron’s persecution and untimely death. He is being pursued by the US criminal justice system for allegedly protesting abuses of that same system, with prosecutors in three US court districts accusing Mr Love of hacking into various government websites.

In July 2015, Lauri was arrested by UK officials on the request of the US government, who had issued several indictments and corresponding extradition warrants. The FBI and Department of Justice allege that Lauri has been involved in hacking into various governmental agencies, including the US Army, NASA, the Federal Reserve and the Environmental Protection Agency. Britain’s National Crime Agency had actually arrested Lauri two years before but never found enough evidence to charge him. Now he is facing extradition to face charges in the United States.

Lauri’s case bears very close resemblance to that of Gary McKinnon’s, who fought a 10 year battle against extradition to the US. Gary was accused of hacking into US military and NASA networks. Gary ultimately won after Home Secretary Theresa May blocked the extradition due to concerns over Gary’s mental health as he was diagnosed with Asperger’s Syndrome and battled with depression and anxiety.

Like Gary, Lauri is also diagnosed with Asperger’s Syndrome and suffers from depression and anxiety; he needs to be close to his family and needs health care that he would not be able to access in the US prison system. Human Rights Watch, reporting on the state of US prison conditions, has noted “disturbing delays in providing vital medical help” and “serious concerns about the overall quality of medical help for federal inmates.” I’m sure most of you are aware of the lack of adequate care in the US prison system, and those of you who have been following Chelsea’s case know how her recent suicide attempt resulted in being sentenced to solitary confinement. In the UK a suicidal inmate would instead be offered the help they require, rather than being punished. Lauri’s family has serious concerns about this as he has a long history of suicidal tendencies. If extradited, he would be thrust into a cell an ocean away from the support system that has sustained him.

On September 2016 a British Judge ruled in favor of extradition, passing the case to Secretary of State Amber Rudd. While Lauri can appeal to the High Court, the Secretary of State no longer has power to block the extradition on human rights grounds like in Gary’s case. This means that Rudd will have no choice to approve the extradition.

In light of this, and thanks to campaigning by the Courage Foundation and friends, 114 British Members of Parliament have recently signed a letter to Barack Obama to call on him to stop Lauri’s extradition. Support from the British public and politicians has been immense, but unfortunately there has been little attention bought to this case in the US, which is much needed.

If Lauri were to be extradited, even if he survived his time in prison awaiting trial, it’s likely that a sentence given to him by a US court would destroy his life. While in the UK it’s common for convicted hackers to return to a normal life within a few years, the US justice system could easily sentence Lauri to a nearly life long prison term, or fine him for an amount large enough that he would spend the rest of his life paying it back. His US charges would land him up to 99 years in prison.

I myself was threatened with extradition to the US by the FBI in 2011 due to my involvement in hacktivism. My case ultimately ended up being heard in the UK, and I ended up relatively unscathed having spent no time in jail, compared to my co-defendants in the US, including Barrett Brown and Jeremy Hammond, who are still in jail to this day. I do not wish for anyone else to become another victim of the disproportionate US justice system, including Lauri.

We call on friends in the US who are concerned about the unjust nature of the CFAA, the overly harsh US sentencing system and the mental health limitations of the US prison system to campaign and raise awareness for Lauri’s case. The US justice system has international consequences, and it would be extremely powerful if American citizens campaign in solidarity on behalf of international citizens in recognition of these harsh laws.

Please spread the word about Lauri’s case. You can find out more at freelauri.com. I hope that some of you will spend your time tonight talking about how to raise awareness for those, like Aaron, who find themselves at risk of being crushed under the US’s overly harsh, outdated, and misused hacking laws.

Cindy Cohn at Aaron Swartz Day 2015


Download mp4       Hi-res files of entire event
CC0

Note: I’m including a full transcription at the bottom of this post. (Thanks to OpenTranscripts.org for their transcriptions of these talks.)

Quotes from Cindy’s Talk:

The Internet is going to be the means by which we do all the rest of the change that we need to do so badly in this world. And that I think there’s enough people now that we really have a movement, and we need to start thinking of ourselves as a movement, and we have to figure out what our next steps are…

Sitting here and listening to all the presentations tonight, seeing the amazing activity out there, seeing the tentacles of what Aaron was a part of in the early days, and in some ways the heart of, in the early days, become a movement. You guys, you’re a movement and thank you so much for doing this. So let’s figure out what our next fights are together and our work is together…

I think if people who want to honor Aaron Swartz do one thing with regard to Congress and then go back to coding, the one thing you should do is say “That law goes no further. It doesn’t get any worse and it doesn’t take any lives.”…

There is some good news in the state of California. We just passed, and we got Governor Brown to sign, a law called CalECPA, which requires the cops, the California state cops, to get a warrant before they go after your information stored with service providers…

It’s time for the legislature and the FBI to get over it. Crypto is here to stay, and all of the tools that we’ve talked about here tonight depend on the ability for people to have strong unbreakable crypto, and we need to stand up for it again. Watch the EFF web site. We’re going to keep talking about this, and you’ll see some causes…

I think we need to send a strong message to the White House that President Obama needs to come out and take a strong stand on crypto, not just say “we’re not going to come after crypto right now, but we may do something later” but to say, “No. Hell no. Americans deserve to have locks on their doors that don’t have backdoor entries for law enforcement.”…

And while the folks in Washington DC like to just wave their hands and say, “You geeks sort it out. Find a way to have a backdoor that only good guys can go in and bad guys can’t,” those of us who know about technology, and more importantly those of us who know about math, know that this is impossible…

I’m so happy to see so many projects being celebrated here that were created or inspired or legally defended by EFF. We’re going to continue to be the support for this community. One of the things that John Perry Barlow taught me years ago is that your rights aren’t given to you, your rights have to be taken. And we’re here today to continue to take our rights.

*** Complete Transcription Below***

Thanks so much for inviting me. When I took over as Executive Director of the EFF in April [2015], many people asked me, “Well, what do you want to do? How do you want to be different than your predecessor, the amazing Shari Steele” who has her own little statue. She’s the only non-Archive person who has a statue in the Archive, and Brewster did that to honor her and the work that we’ve done together.

What I said was, you know I think that there are enough people who care about the Internet, who understand, as my friend Cory Doctorow said, that whatever other issue draws you, if the Internet isn’t free this is the place. The Internet is going to be the means by which we do all the rest of the change that we need to do so badly in this world. And that I think there’s enough people now that we really have a movement, and we need to start thinking of ourselves as a movement, and we have to figure out what our next steps are.

And I have to say, sitting here and listening to all the presentations tonight, seeing the amazing activity out there, seeing the tentacles of what Aaron was a part of in the early days, and in some ways the heart of, in the early days, become a movement. You guys, you’re a movement and thank you so much for doing this. So let’s figure out what our next fights are together and our work is together. But, this has just been very exciting to see, and to see the growth. And, ya know, we lost our dear friend as a result of some really horrible laws and some really horrible policies, but seeing the green shoots that’ve grown as a result of this just does my heart good.

Lisa wanted me to talk a little about CISA, the cybersecurity act. I think that at this point the best thing that this community can do about CISA is first of all continue to talk about how rotten it is, because it’s a really rotten idea. We have a terrible cybersecurity problem. This is the a cybersecurity act that was recently passed out of the Senate.

We have a terrible problem with security on the Internet, as Brewster pointed out, and Congress just passed a bill that doesn’t make anything better and makes several things significantly worse, in the fine tradition of our Congress.

I don’t know that there’s too much we can do in terms of public activism on the bill right now, realistically, because it’s in a conference committee time, which isn’t the time when there are very many members of Congress who are going to pay attention to it. There’s one thing, though, that we have to keep watching on and that you’ll hear EFF and others rally the troops on, and that is the effort to try to put some horrible changes to the Computer Fraud and Abuse Act into this bill. We expect it’s going to come up again, and when it does you’ll hear the rallying cry. And I think if people who want to honor Aaron Swartz do one thing with regard to Congress and then go back to coding, the one thing you should do is say “That law goes no further. It doesn’t get any worse and it doesn’t take any lives.”

We have a couple other policy opportunities that I thought I’d mention to you guys. We just got a really amazing ruling out of the European Court of Justice in the last couple weeks that really points out what a global problem the NSA’s overreach and the surveillance overreach is. It’s got some complicated stuff having to do with the safe harbors and how American companies get to process information related to people all around the world. But the important part for us is to keep a close eye on what happens next, because the old rules have been crossed out and the American companies and the European regulators and the American government are in an intense negotiation about what happens next.

So we’ve got an inflection point opportunity here and we ought to be talking about this European Court of Justice opinion and what it means, because what the European Court of Justice said is the NSA surveillance is not appropriate. For the legal geeks, this is surveillance under Section 702 of the FISA Act and Executive Order 12333. What that means is the American government’s view that it can spy on the rest of the world with impunity, that it can do mass spying of people around the world who are not suspected of any crimes, who aren’t targets, who aren’t foreign spies, is unacceptable under European law. It’s a really excellent decision. You guys should all thank Max Schrems, who brought that case.

And there’s a moment now, for the next few months, and I think to the extent that you guys are blogging, writing, tweeting, you should be paying attention to this because we’ve the American companies are really scared. They want to be able to continue to serve Europe, and we need to give them a backbone to say “enough with the surveillance. It’s hurting our business.” And if we could have that argument plus “it’s actually just plain wrong.” We might be able to get somewhere. So please, if you’re watching the policy debates, that’s something to watch.

There is some good news in the state of California. We just passed, and we got Governor Brown to sign, a law called CalECPA, which requires the cops, the California state cops, to get a warrant before they go after your information stored with service providers. This is completely consistent with the values— it’s California taking the lead in a place where frankly the U.S. Congress is unwilling to go, and we’re hoping to spread this across the country. So, for people who are not Californians this is a law to look at if you want to do something locally and try to match or even do one better than California did with that. So we’ve got some good news as well.

And of course one of the other things that we’re going to have to keep an eye on in the policy things is the cryptowars are back. Now, I had the honor of being deeply involved in getting crypto free from government regulation when we did it the first time in the 90s and frankly I’d like to do something else now. So it’s time for the legislature and the FBI to get over it. Crypto is here to stay, and all of the tools that we’ve talked about here tonight depend on the ability for people to have strong unbreakable crypto, and we need to stand up for it again. Watch the EFF web site. We’re going to keep talking about this, and you’ll see some causes.

We just got 100,000 people to sign our savecrypto.org petition, which is going to go to the President now, and the President has to respond to it. It’s not too late, though. If people want to still sign it, I think it’s still available to sign. I think we need to send a strong message to the White House that President Obama needs to come out and take a strong stand on crypto, not just say “we’re not going to come after crypto right now, but we may do something later” but to say, “No. Hell no. Americans deserve to have locks on their doors that don’t have backdoor entries for law enforcement.”

And while the folks in Washington DC like to just wave their hands and say, “You geeks sort it out. Find a way to have a backdoor that only good guys can go in and bad guys can’t,” those of us who know about technology, and more importantly those of us who know about math, know that this is impossible. So we need to make sure that that message starts here from the West Coast and makes it all the way to the East Coast. I hear they know about math out there, too, so it shouldn’t be that hard to explain it. But I think we’re going to have to continue to do some explaining.

So that’s just a quick update of what we’re doing at EFF. I’m so happy to see so many projects being celebrated here that were created or inspired or legally defended by EFF. We’re going to continue to be the support for this community. One of the things that John Perry Barlow taught me years ago is that your rights aren’t given to you, your rights have to be taken. And we’re here today to continue to take our rights.

Thanks.

How Universities Can Lead The Way For Legal Reform and Protection of Student Innovators

This article sets out a straight forward plan for how universities can support student innovation and protect their students from unnecessary prosecution (see very bottom of this post).

Students Who Push Tech Boundaries Should Be Encouraged, Not Punished

By April Glaser for Wired

From the article:

Notably, after faculty members and students circulated an open letter, MIT President Rafael Reif announced plans to support the Tidbit innovators, and MIT sent a formal letter to New Jersey’s Attorney General, asking it to withdraw the subpoena. The open letter stated that the subpoena from the New Jersey Attorney General will have, “a chilling effect on MIT teaching and research.” Soon after, MIT faculty and MIT students wrote additional letters of support, asking New Jersey to withdraw the subpoena. Over 800 members of the MIT community signed onto these letters.

President Reif appears to get it. In response to the outcry over the Tidbit controversy, Reif announced that MIT plans to create a new legal resource for students threatened by legal challenges as a result of their innovative work and entrepreneurial pursuits. “In the case of someone creating an innovative new product and then getting into legal trouble doing something that was a part of their classwork — then, MIT absolutely does have a legal interest to be involved,” Ethan Zuckerman, director of MIT’s Center for Civic Media, told the press.

Also from the article:

Now is the time for students and campus communities that want to vitalize innovation to speak up and demand university support. There are some simple steps that universities can take to foster inventiveness in their campus communities:

1. Create a legal intake mechanism or program for students who receive subpoenas and are threatened by computer crime laws. Student innovators need to know where to go to receive help.

2. Publish a guide on CFAA and in-state computer crime laws so that students and researchers can better understand the contours of the laws that may be leveraged against them.

3. Universities should be pushing for computer crime legal reform and come out with strong institutional support for reform efforts on the federal and state level.

Just as laws are frequently outdated by the accelerated pace of technology, campus policies often lag behind in addressing the potential legal needs of their most innovative students exploring the frontiers of digital invention. Yet universities don’t have to move at the slothful pace of legal change.

References for Takepart.com Article About CFAA Reform

Reference Links for TakePart.com Article on the CFAA:
  “7 Things You Might Be Doing Online That Could Get You Arrested”:

1. The EFF’s Computer Fraud And Abuse Act Reform https://www.eff.org/issues/cfaa

2. Farewell to Aaron Swartz, an Extraordinary Hacker and Activist
By Peter Eckersley
https://www.eff.org/deeplinks/2013/01/farewell-aaron-swartz

3. Rebooting Computer Crime Law Part 1: No Prison Time For Violating Terms of Service
By Marcia Hoffman and Rainey Reitman
https://www.eff.org/deeplinks/2013/01/rebooting-computer-crime-law-part-1-no-prison-time-for-violating-terms-of-service

4. Aaron Swartz’s Father: My Son Was ‘Killed by the Government’
By Matthew Fleischer for TakePart.com
http://www.takepart.com/article/2013/01/16/aaron-swartzs-father-government-killed-my-son

5. The Truth about Aaron Swartz’s “Crime” By Alex Stamos
http://unhandled.com/2013/01/12/the-truth-about-aaron-swartzs-crime/

6. This Is the MIT Surveillance Video That Undid Aaron Swartz
By Kevin Poulsen for Wired
http://www.wired.com/2013/12/swartz-video/

7. Booking Video: Aaron Swartz Jokes, Jousts With Cops After MIT Bust
By Kevin Poulsen for Wired
http://www.wired.com/2014/04/aaron-swartz-booking-video/

8. Until Today, If You Were 17, It Could Have Been Illegal To Read Seventeen.com Under the CFAA
By Dave Maass and Kurt Opsahl and Trevor Timm
https://www.eff.org/deeplinks/2013/04/until-today-if-you-were-17-it-could-have-been-illegal-read-seventeencom-under-cfaa

9. Today, we save the Internet (again): fix the CFAA!
by Cory Doctorow for BoingBoing
http://boingboing.net/2013/04/08/today-we-save-the-internet-a.html

10. Swartz didn’t face prison until feds took over case, report says
By Declan McCullagh for CNET
http://www.cnet.com/news/swartz-didnt-face-prison-until-feds-took-over-case-report-says/

7 Things You Might Be Doing Online That Could Get You Arrested

7 Things You Might Be Doing Online That Could Get You Arrested By Lisa Rein for TakePart.com                                                                              June 2, 2014

From the article:

For instance, in Swartz’s case, his “crime” was having a script download the journal articles rather than sitting there and downloading them one at a time himself. Yet it’s not clear that such automation even violates MIT and JSTOR’s terms of service. As computer expert Alex Stamos describes it: “[Aaron] was an intelligent young man who found a loophole that would allow him to download a lot of documents quickly. This loophole was created intentionally by MIT and JSTOR, and was codified contractually” in documents revealed during the discovery phase of the government’s case against Swartz.

This vaguely defined law with strict penalties means that an overly ambitious prosecutor can imprison someone for doing things most Internet users consider routine, allowing law enforcement to go after people for violating a contract, even when the violated party isn’t encouraging prosecution.