Post Van Buren, the legal concern in Sandvig (that doing "audit" studies that would require signing up for a bunch of accounts in ways that violate the ToS of commercial sites) is dead anyways everywhere in the US. The idea that mere violation of ToS is per se a violation of CFAA is off the table.

▲

AnthonyMouse 4 days ago | parent | next [-]

And we had to live under the ambiguity for more than three decades because the law was so poorly considered, and it's still not clear exactly what it covers.

Suppose some researchers are trying to collect enough data to see if a company is doing something untoward. They need a significant sample in order to figure it out, but the company has a very aggressive rate limit per IP address before they start giving HTTP 429 to that IP address for the rest of the day. If the researchers use more than one IP address so they can collect the data in less than 20 years, is that illegal? It shouldn't require a judge to be able to know that.

▲

JumpCrisscross 4 days ago | parent | next [-]

> we had to live under the ambiguity for more than three decades

Reality is infinitely complex. The law, meanwhile, is a construct.

One can always come up with anxious apparitions of hypothetical lawbreaking. (What if I’m murdered by a novel ceramic knife. The killer might get away!)

> If the researchers use more than one IP address so they can collect the data in less than 20 years, is that illegal? It shouldn't require a judge to be able to know that

It doesn’t. It requires a lawyer.

	▲	coldtea 4 days ago \| parent [-]
		>Reality is infinitely complex. The law, meanwhile, is a construct We managed to make the law more complex than actual reality.

▲

tptacek 4 days ago | parent | prev | next [-]

It doesn't. The fact pattern you've just presented is settled law: it might be a tort, it might be some other violation of state law, but it's not a CFAA violation.

	▲	AnthonyMouse 4 days ago \| parent [-]
		I feel like I purposely chose a fact pattern that couldn't meaningfully be distinguished from a DDoS except by the rate, which wasn't specified. I get that there are cases where someone exceeded a rate limit by a moderate amount and that was fine -- although it's still bad that figuring that out required them to go to court to begin with -- but it seems like we're missing the thing that tells you where the line is. Unless it's really not a violation to just permanently render someone's site inaccessible because you have a lot more bandwidth than them and constantly want the latest version of whatever's on it? Which is the problem with doing it this way. You don't have anyone working things through to come up with a good rule and give people clarity from the start, so instead it all gets decided slowly over time through expensive litigation.

▲

mrguyorama 3 days ago | parent | prev [-]

>And we had to live under the ambiguity for more than three decades because the law was so poorly considered, and it's still not clear exactly what it covers.

No, we lived with that ambiguity because the US system of laws purposely chooses to let Judges in the court system decide those ambiguities (and create "precedent") but only after something has happened, only after that happening leads to a court case, and only if that court case is not settled or dismissed.

That means everyone can just settle cases that would lead to a precedent they don't want.

US law ambiguity is purposeful. The solution is that we should have judges and courts that emphasize the outcome to normal people, and endeavor to improve justice to normal people, but all the people who get law degrees seem to be somewhat sociopathic and prefer instead to waste millions setting precedents on what individual words mean (that don't match at all what a normal and reasonable person would understand) and police syntax.

Judges who try to do just that are labelled "Activist" by politicians.

Meanwhile, when we have agencies who take it upon themselves to take a vague law and turn it into much less vague rules and clear recommendations, they are accused of being unelected bureaucrats writing laws.

If you want less ambiguity, you need to elect people that don't punish agencies for putting out clear documentation, and you need to reform the entire justice system to prioritize clear readings of plain language law over our stupid system of treating english as a programming language for law, which it can never be.

Human language is ambiguous. Law will always be ambiguous. If you suggest instead we should use more strict language in law on a forum full of programmers, you should hopefully understand how that is a cure far worse than the disease. You will end up with law exactly as unambiguous as it can be to an army of specialized lawyers and nobody else.

▲

adgjlsfhk1 4 days ago | parent | prev [-]

the problem is it's only off the table until the Trump DOJ decides that they want to charge ex FBI members who investigated Trump with felonies for using an add blocker, and the supreme Court changes their mind since apparently the new law is that Trump can do whatever he wants

	▲	tptacek 4 days ago \| parent [-]
		No? It's a Supreme Court precedent, established under Trump judges. At the point where you're saying that doesn't matter, you might as well just go the final rhetorical millimeter and say none of the law matters.