' Olivia Wheeling | MTTLR

Stretched Beyond the Breaking Point: The CFAA and iPhone Batteries

Did Apple hack users’ devices? That is the allegation in a class action lawsuit filed late last year. Specifically, the plaintiffs in In re Apple Inc. Device Performance Litig., 347 F. Supp. 3d 434, 451 (N.D. Cal. 2018) allege that Apple’s battery-slowing iOS updates violated a federal hacking statute, the Computer Fraud and Abuse Act (CFAA). This is the latest effort to stretch a broad, vague, and inconsistently-enforced law to cover new circumstances. This case illustrates the urgent need to write a statute that reflects today’s technological reality. The CFAA, passed in 1986, makes it a federal felony to gain “unauthorized access” or to “exceed authorized access” to any “protected computer” and either take data or cause damage. The law was constructed when computers were relatively rare and could be defined as any “high speed data processing device” that was not an automated typewriter or a handheld calculator. It is no secret that technology has progressed significantly since the 1980s invention of the Nintendo Entertainment System or in-car stereo. In fact, modern smartphones, in-home devices, and wearable technology are all high-speed data processors that are a part of the daily lives of a significant number of Americans. However, the CFAA has not kept in tune with the technological times. Usually, the CFAA is deployed for civil actions by employers or competitors against individuals or small companies. The CFAA has also been used to prosecute a variety of people, including a terminated employee who accessed his former employer’s data via another employee’s password, and Aaron Swartz, who released JSTOR articles. Prosecutors and companies can, and have, used it as a...

Online Harassment IRL: Legislation in the Wake of the First Deadly Swatting

Swatting is “the action or practice of making a hoax call to the emergency services in an attempt to bring about the dispatch of a large number of armed police officers to a particular address.” Many kinds of online disputes end in swatting: causing a videogame participant to lose a game, being a legislator working on anti-cyber harassment legislation, or expressing political opinions. The results of a successful swatting are uniformly dangerous for the target, family or friends who live with the target, and the law enforcement officers themselves. While the obvious danger is that someone could end up being injured or killed in the confusion, the less obvious problem is that swatting can draw law enforcement resources away from real emergencies. Recently, some police departments have taken to accepting notices of online rivalries from active gamers so they know whether to be skeptical of emergency calls received. Even so, the response of law enforcement officers in the wake of a swatting incident is often to recommend the target stop gaming or going online—an unrealistic suggestion that minimizes the impact of this issue. Earlier this year, Tyler Barriss, a Twitter user infamous for orchestrating the first deadly instance of “swatting,” was charged with involuntary manslaughter and extradited to Kansas for his role in the 2017 death of Andrew Finch. Barriss has now been charged with an additional 46 crimes in California for calling in bomb threats to a variety of organizations and running a paid swatting system through Twitter. Barriss maintains that the consequences of his calls to Wichita are not his fault, but rather merely unfortunate and the...