Anonymous Indictment Raises Serious Question: Is It Really A CFAA Violation To DDoS A Website?

from the questions dept

... knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Way back in the fall of 2010, we wrote about how it was a really dumb idea for people associating themselves with Anonymous to run a series of DDoS attacks, under the name "Operation Payback," focused on the RIAA, MPAA, US Copyright Office and other websites. The attacks were protesting attempts to take down The Pirate Bay, as well as a variety of other complaints about general acts of copyright maximalism and copyright trolling. As we noted, such attacks do a lot more harm than good. Either way, the feds have finally gotten around to indicting thirteen individuals for somehow participating in that fall spree of DDoS attacks. While the indictment tries to make it out like this is a big conspiracy, it's unclear how connected some of the various attacks are, as it appears (as is frequently the case with Anonymous) that some individuals simply chose some sites to DDoS on their own and announced they were doing it as Anonymous. It's difficult to see a conspiracy when there's no real connection.That said, there's a much bigger question here. While DDoS attacks can be a nuisance, are they really criminal? In the midst of these attacks, we questioned if they were really criminal acts or more like the equivalent of a sit-in , in which people were disrupting a business for the sake of public protest. In fact, some people arrested for DDoS attacks have been making this claim in court -- and there was even a White House petition asking it to recognize DDoSing as a valid form of protest Instead, as the indictment shows, the feds are hitting these thirteen individuals with CFAA violations -- the broad, troubling anti-hacking law that is regularly abused by the feds for any crime that involves a computer. In this case, the focus is on 1030(a)(5)(A) which targets people who:But is a DDoS really "damage"? I can see how there's a reasonable argument both for and against that. But I have trouble seeing how, as the feds claim, these DDoS attacks did more than $5,000 in damage to the various sites they took down. Furthermore, you can make an argument that these weren't done "without authorization," because all a DDoS does is point a ton of traffic at a website. If that web server is open to the public, then isn't there authorization? It's just that the web server gets flooded.Again, I'll make clear that I think DDoS attacks are dumb, counterproductive and immature. But I have trouble seeing how they'reacts, that could lead to five years in jail.Also, there's some oddities, in that one of the lawyers for one of the accused folks claims that he had been working out a settlement , which has now been "scuttled" by the indictment. I imagine that most of the accused will eventually come to some sort of plea bargain deal. The DOJ stacks the deck so that you're often crazyto plea your way out of these deals. And it's unlikely that any of the individuals will appear particularly sympathetic for their alleged actions here. But I'm still quite troubled by the idea that these actions add up to that much in damage, and a computer hacking crime deserving of significant jail time.

Filed Under: anonymous, cfaa, ddos, protest, sit-in