• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

9th Circuit Court of Appeals Makes CFAA Law More Confusing

September 12, 2019 By Trevor Collins

Guy under arrest

In an area of law that worries many white hat hackers, the Computer Fraud and Abuse Act (CFAA) makes testing websites and vulnerabilities somewhat risky. In 1986 the CFAA amended the Comprehensive Crime Control Act of 1984, to cover unauthorized access to a computer.

Now , it seems that anyone can scrape public data from a website without violating the CFAA. Previously, companies like Craigslist, Facebook and LinkedIn tried to use the CFAA in a civil context when suing individuals and organizations who were scraping data from their services. While scraping data may still violate terms of service, the courts in this case have decided that criminal and civil charges through CFAA law don’t apply, at least in this specific instance. As it turns out, the same court also ruled in that the CFAA does apply when accessing private content, even authorized by the user,  given that in both cases a cease and desist letter was sent.

Between these two cases, the courts cases don’t make a clear distinction of what the CFAA covers so further court cases may overturn either decision. Perhaps we can interpret the outcome of both cases to mean that if access to the data is possible without a login then the CFAA doesn’t apply. But, the CFAA covers password-protected company data even if it’s available through other public means, including template data like HTML, even if the end user allows access.

We will watch this closely because we rely on CFAA to protect us from hackers. But when abused, a company could use this law could prevent other companies from competing. It also could prevent white hat hackers from calling out companies with weak security leaving the internet less secure. Hopefully This will not happen.

Share This:

Related

Filed Under: Editorial Articles Tagged With: Infosec news

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • Cybersecurity’s Toll on Mental Health

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use