Connect with us

Uncategorized

The Supreme Court will hear its first big CFAA case

Published

on

The Supreme Court will hear arguments on Monday in a case that could lead to sweeping changes to America’s controversial computer hacking laws — and affecting how millions use their computers and access online services.

The Computer Fraud and Abuse Act was signed into federal law in 1986 and predates the modern internet as we know it, but governs to this day what constitutes hacking — or “unauthorized” access to a computer or network. The controversial law was designed to prosecute hackers, but has been dubbed as the “worst law” in the technology law books by critics who say it’s outdated and vague language fails to protect good-faith hackers from finding and disclosing security vulnerabilities.

At the center of the case is Nathan Van Buren, a former police sergeant in Georgia. Van Buren used his access to a police license plate database to search for an acquaintance in exchange for cash. Van Buren was caught, and prosecuted on two counts: accepting a kickback for accessing the police database, and violating the CFAA. The first conviction was overturned, but the CFAA conviction was upheld.

Van Buren may have been allowed to access the database by way of his police work, but whether he exceeded his access remains the key legal question.

Orin Kerr, a law professor at the University of California, Berkeley, said Van Buren vs. United States was an “ideal case” for the Supreme Court to take up. “The question couldn’t be presented more cleanly,” he argued in a blog post in April.

The Supreme Court will try to clarify the decades-old law by deciding what the law means by “unauthorized” access. But that’s not a simple answer in itself.

“The Supreme Court’s opinion in this case could decide whether millions of ordinary Americans are committing a federal crime whenever they engage in computer activities that, while common, don’t comport with an online service or employer’s terms of use,” said Riana Pfefferkorn, associate director of surveillance and cybersecurity at Stanford University’s law school. (Pfefferkorn’s colleague Jeff Fisher is representing Van Buren at the Supreme Court.)

How the Supreme Court will determine what “unauthorized” means is anybody’s guess. The court could define unauthorized access anywhere from violating a site’s terms of service to logging into a system that a person has no user account for.

Pfefferkorn said a broad reading of the CFAA could criminalize anything from lying on a dating profile, sharing the password to a streaming service, or using a work computer for personal use in violation of an employer’s policies.

But the Supreme Court’s eventual ruling could also have broad ramifications on good-faith hackers and security researchers, who purposefully break systems in order to make them more secure. Hackers and security researchers have for decades operated in a legal grey area because the law as written exposes their work to prosecution, even if the goal is to improve cybersecurity.

Tech companies have for years encouraged hackers to privately reach out with security bugs. In return, the companies fix their systems and pay the hackers for their work. Mozilla, Dropbox, and Tesla are among the few companies that have gone a step further by promising not to sue good-faith hackers under the CFAA. Not all companies welcome the scrutiny and bucked the trend by threatening to sue researchers over their findings, and in some cases actively launching legal action to prevent unflattering headlines.

Security researchers are no stranger to legal threats, but a decision by the Supreme Court that rules against Van Buren could have a chilling effect on their work, and drive vulnerability disclosure underground.

“If there are potential criminal (and civil) consequences for violating a computerized system’s usage policy, that would empower the owners of such systems to prohibit bona fide security research and to silence researchers from disclosing any vulnerabilities they find in those systems,” said Pfefferkorn. “Even inadvertently coloring outside the lines of a set of bug bounty rules could expose a researcher to liability.”

“The Court now has the chance to resolve the ambiguity over the law’s scope and make it safer for security researchers to do their badly-needed work by narrowly construing the CFAA,” said Pfefferkorn. “We can ill afford to scare off people who want to improve cybersecurity.”

The Supreme Court will likely rule on the case later this year, or early next.

Read more:

Continue Reading
Comments

Uncategorized

Joe Biden’s new gig

Published

on

After serving as Obama-Biden campaign manager and White House Deputy Chief of Staff and now living in San Francisco and working with the tech sector, I am hopeful about the Biden-Harris administration’s ability to put in place smart policies and regulatory stability to further unleash the industry’s vast potential — not to mention the effect their calm and measured leadership could have on our greater economy.

However, with new leadership comes new perspectives on many of the most critical issues facing Silicon Valley. While the bonds between the innovation economy and the Obama-Biden Administration resulted in national prosperity, the tech sector is now intertwined in nearly every facet of American life.

The resulting tension means the new Administration will take its role as regulator seriously and investors and businesses alike should not overlook how quickly President Biden will move on policy – especially as it relates to the future of work and getting the U.S. economy back on track.

There’s no question the gig companies had a banner year in 2020. Even with ride-hailing usage down dramatically, the strength of meal, grocery and just about everything else delivered combined with the victory in California of Proposition 22 has driven up market caps and positioned many startups for going public. Yet, while the West Coast may be feeling emboldened, the Beltway has another trajectory in mind.

Congress has been working on gig worker classification legislation named the PRO Act for months. The bill closely mirrors the maligned California Assembly Bill 5 that Proposition 22 mostly reversed. It’s broadly supported by labor and could see some traction this year. Labor is already working hard to line up support from the various Congressional coalitions, and at the same time gig economy companies are gearing up to fight it with their unlimited resources.

The question is – what will President Biden do? Long ago he voiced his support for AB 5 and laid out plans to solve worker misclassification during the campaign, but he’s also hiring and appointing staff to the Administration deeply experienced in tech. President Biden has been governing longer than most startup founders have been alive, he’s a master at understanding forces in Washington and how to reach a compromise. He knows that what’s rarely discussed during legislative debate is how the law will actually be implemented.

We shouldn’t be surprised if the Biden Administration convenes the Department of Labor and the industry to determine how companies actually enact worker protections.

Despite most bills being thousands of pages, they’re rarely prescriptive. Those details are left up to agencies. President Biden has oversight of the Department of Labor, which, if the PRO Act is passed, will be responsible for its implementation.

We shouldn’t be surprised if the Biden Administration convenes the Department of Labor and the industry to determine how companies actually enact worker protections. President Biden’s nominee for Labor Secretary, Boston Mayor Marty Walsh, while a staunch supporter of labor, is also well regarded by the business sector as someone they can work with and reach a compromise.

We just have to look to the states to understand why this outcome is so plausible. The gig companies already have Proposition 22 type campaigns underway in six states and are running legislation in a half dozen more. By the end of 2021 there will be law on the books codifying worker protections in nearly a third of the country, modeled on Proposition 22.

This kind of momentum is hard to ignore and labor knows it. Although labor is aligned in its support of the PRO Act, the alignment becomes blurry when considering state action. For example, many northeastern states have had a thriving black car and taxi industry for decades.

This means Labor’s position on gig laws in New York and New Jersey are quite different than places like Washington State or Illinois where gig workers are still relatively new and the ink is drying on regulations supported by Uber and Lyft just a few years ago. Labor is aligned as much as they can be and enough to support the PRO Act, but there isn’t a national movement and that leaves room for compromise.

This is all good news for the tech sector. It’s a fantasy to think that regulation wouldn’t eventually come to protect the very workers who power the gig economy. And that’s a good thing – tech has a moral responsibility to do right by its workers. However, those regulations shouldn’t and won’t be imposed on tech. Rather it will take weeks and months of campaigns and bills winding their way through the states and Congress, culminating with negotiations and compromises.

Or maybe even years of renewed regulatory processes. All of which will be overseen by a new President who has witnessed first-hand over his career how innovation can help the nation grow and recover.

After four years of Trump’s stubborn denialism, magic thinking and economic harm, Biden will promote policy rigor, public spiritedness and private sector ingenuity to work together for innovative solutions. It will be hard work and I promise you it won’t be pretty, but we should expect the dawn of a new era of U.S. tech-driven dynamism.

Continue Reading

Uncategorized

InSight’s heat probe has failed on Mars. Is the mission a failure?

Published

on

For two years now, NASA’s InSight probe has sat on the surface of Mars, attempting to dig 5 meters (16 feet) deep in order to install the lander’s heat probe. The instrument was going to effectively take the planet’s temperature and tell scientists more about the internal thermal activity and geology of Mars. 

InSight never even got close to realizing that goal. On January 14, NASA announced that it was ending all attempts to place the heat probe underground. Affectionately referred to as “the mole,” the probe is designed to dig underground with a hammering action. But after the first month of its mission, it  was unable to burrow more than 14 inches into the ground before getting stuck. NASA has been working since to come up with some kind of solution, including using InSight’s robotic arm to pin the mole down with added weight to help it loosen up some dirt and get back to burrowing.

It never really worked. The Martian dirt has proved to be unexpectedly prone to clumping up, diminishing the sort of friction the mole needs to spike its way deeper and deeper. Ground crews came up with a last-ditch effort recently to use InSight’s arm to scoop some soil onto the probe to tether it down and provide more friction. After attempting 500 hammer strokes on January 9, the team soon realized there was no progress to be had. 

It’s discouraging news, given that NASA just recently decided to extend InSight’s mission to December 2022. During that time, there won’t be much of a role for the heat probe. Bruce Banerdt, the InSight principal investigator, says that the planet’s temperature could still be measured at the surface and a few inches below the surface using some of the instruments on InSight that still work. “This will allow us to determine the thermal conductivity of the near surface, which might vary with season due to changing atmospheric pressure,” he says.

An illustration of how InSight’s mole was supposed to be deployed on Mars.
DLR

And while the mole was unable to accomplish what was expected, it’s not accurate to see this as a failure. “We have encountered new soil properties that have never before been encountered on Mars, with a thick, crusty surface layer that decreases its volume substantially when crushed,” says Banerdt. “We do not yet understand everything we have seen, but geologists will be poring over this data for years to come, using it to tease out clues to the history of the Martian environment at this location.”

InSight will continue on with some of its other investigations, especially the measurement of seismic activity on Mars. It turns out the Red Planet is rocked by quakes all the time.

Continue Reading

Uncategorized

Fintech startups and unicorns had a stellar Q4 2020

Published

on

The fourth quarter of 2020 was as busy as you imagined, with super late-stage startups reaching new valuation thresholds at a record pace, and total venture capital funding in the United States recording its second-best result of all time.

That’s according to data released recently by CB Insights, which complements our look back at 2020’s venture capital year in America from yesterday.

At the time, we noted that American startups raised an average of $428 million each day last year, a sum that helps illustrate how rapid the private markets moved during the odd period.


The Exchange explores startups, markets and money. Read it every morning on Extra Crunch, or get The Exchange newsletter every Saturday.


But a peek at aggregate results for the world’s largest VC market provides only part of the picture. We need to narrow our lens and peer more deeply into standout categories to understand how the U.S. venture capital market managed to post its biggest year ever in terms of dollars invested, despite seeing deal volume slip for a second consecutive year.

This morning, we’re scraping data together to better understand.

First, we want to how unicorns performed in Q4 2020. This column noted in late December that it felt like unicorn creation was rapid in the quarter; how did that hold up?

And then we’ll take a look dig into PitchBook data concerning the fintech sector, a huge recipient of venture capital time, attention and money.

Fintech’s 2020 is a good perspective to view both the year and its wild final quarter. So this morning, as America itself resets, let’s take a moment to understand last year just a little bit better as we get into this new one.

Unicorns

One of the most curious things about the unicorn era is the rising bet it represents. I’ve written about this before so I will be brief: Nearly every quarter, the number of unicorns — private companies worth $1 billion or more — goes up.

The private market is able to create more unicorns than it has been historically able to exit them.

Some of these companies exit, sometimes in group fashion. But, quarter after quarter, the number of unexited unicorns rises. This means that the bet on expected future liquidity from venture capitalists and other private investors keeps ratcheting higher.

Continue Reading

Trending