Tuesday, January 29, 2013
Hack of government's USSC calls attention to outdated computer crime laws, bit also to ordinary site safety
Reports continue to appear trying to explain the hack of the United States Sentencing Commission last week. A good account, with the statement from Anonymous, occurs on Zdnet, here.
As of Tuesday afternoon, the site “ussc.gov” was not reachable. As of Jan. 26, according to zdnet, the original IP address still showed the defaced site’s contents.
Many people feel that the DOJ was bullying Internet activist Aaron Swartz with what amounts to a facetious prosecution. The USSC recommends sentences, and apparently these can be used to force plea bargains. In practice, it would take over a million dollars for a blogger to defend himself (herself) against even a frivolous or groundless formal indictment. Hence, the government (as any government overseas) can maintain a chilling effect against dissent when it wants to, even when there are constitutional protections.
I once faced a situation on 2005 where I did not pursue possible (First Amendment based) litigation against a school system (when I was a substitute teacher) because there were hints of a legal theory by which I could have been prosecuted under Virginia law, which can make it illegal to post material for an “illegal purpose” if no legitimate “purpose” is apparent (that’s the implicit content doctrine that I have discussed on other blogs). However, actual prosecution would require corroborating evidence of criminal intent from an independent source other than the website itself. That sort of technicality in interpretation also occurs with the Second Amendment in the gun control debate. One can see my main blog July 27, 2007 for more details.
Business Insider has another account (here) of the ussc hack. That article also links to a discussion of the 1986 Computer Fraud and Abuse Act, (Wiki link )which when it was passed was motivated by the 1983 movie “War Games” – where it’s illegal to “exceed authorized access” to an interstate computer network, a law badly outdated in the context of the Internet and obviously open to abuse.
Webmasters will want to review the tips at “Stop Badware”, which are laid out pretty well among several links here. Some of the suggests include using encrypted file transfer procedures (I suppose the old Microsoft Front Page wouldn't be well thought of now), and making sure the computer you work from is clean, and being wary of ad or third party networks you work with. It’s possible for a site to get “blacklisted” by Google or other companies, but some of the warnings from website rating services (like MyWOT) seem to be incorrect and can be triggered by certain ads or third-party ad-ons.
It is always a good idea to use the site, do searches on it and monitor statistics (and sometimes log files) to see if activity is "normal". It is also a good idea, if you use shared hosting, to know how often your provider backs up sites. And it's a good idea to keep physical copies of the content of your site, backed up in more than one physical location (even in a bank vault), and on optical as well as magnetic media.
I had a hack of two HTML text files on an old site in 2002, based on a discussion of nuclear weapons and Al Qaeda. A friend investigated the ISP and found that the Unix server had left the SITE command open. I had copies of the files and simply re-exported them, and the problem never recurred.