In the law as it exists, doing something "anonymously" for the purpose of committing a crime is itself a crime. It's not the act of changing the MAC address that is illegal by itself. That was the point.
Your point, I think, is that that "extra" crime is a silly law. Which I think many of us agree with. But it's still the law, and it's not unreasonable for a prosecutor to enforce it. In fact, they have a duty to do so.
Turning around and claiming that "the gubmint wants to lock up MAC randomizers!", however, is just dumb. That's not what the law in this case says at all.
What, then, was the underlying crime, if not this unauthorized access nonsense where access was allegedly unauthorized only because he was supposedly hiding his identity? Keep in mind that it wasn't copyright infringement (which normally isn't criminal anyway), because it wasn't JSTOR pressing charges, it was MIT.
>Your point, I think, is that that "extra" crime is a silly law. Which I think many of us agree with. But it's still the law, and it's not unreasonable for a prosecutor to enforce it.
But there are two issues here: There is what prosecutors did, and what the law allowed them to do. Even if you don't have a problem with the prosecutors, we can still have a problem with the law and work to have it changed.
>In fact, they have a duty to do so.
No they don't. They have prosecutorial discretion. If the application of the law in a particular case is ridiculous, they have no legal or professional obligation to press those charges.
You either break the law, or you don't. The law should be the same for everybody and should NOT be applied selectively. It's actually outrageous that you imply otherwise.
Because this happens it's precisely the reason for why we have ridiculous laws in the first place. If this goes on pretty soon everybody will be a criminal, but the world will still turn for you, until you manage to upset somebody you shouldn't have.
And since we are on the subject, that's how the law works in totalitarian states.
This viewpoint is incredibly naive, and also wrong.
The law is not black or white, it is selectively enforced all the time, and context does matter in its application.
It depends on how the selection is done. If a prosecutor declines to prosecute because the law breaker is of a particular race, rich, politically powerful, etc. then that is an abuse of discretion.
However, we want prosecutors to be selective when it comes to saying that someone might have been justified even if the law as written doesn't explicitly acknowledge the justification (or acknowledges it but as a factor for the judge to consider). Speeding and running red lights because you are impatient and reckless is a different matter than speeding and running a red light because your passenger is bleeding profusely.
We also need to give prosecutors some discretion just to manage the case load. Unless we are willing to spend a lot more on both prosecutors and the court systems, we want them to be able to say "I will focus my time and attention on this murderer even if it means letting that shoplifter go with an extremely favorable plea bargain or even unpunished."
I'm not implying anything. That is actually how it works now. If you don't like it, change it. But good luck, because first you're going to have to fix all of the laws before you try to force prosecutors to prosecute all of them or we'll all be going to trial at the same time and the entire world will grind to a halt.
>If this goes on pretty soon everybody will be a criminal
There is no "pretty soon" about it.
Actually, we're well past that point. Until the past few years, only tiny special interest groups ever heard about things like this. Now, it has the potential to blow up into national news. Maybe this is progress.
I definitely don't think he was implying that the law be selectively applied to different people. However, law is not black and white. Law interpretation is up to a judge (in countries with a Common Law system) and is based on precedent. AnthonyMouse was simply saying that if the application of a certain law in a certain situation is ill-fitting, the judge/attorneys have no reason to pursue those charges.
I still don't see what it has to do with locking up MAC randomizers.
are you actually asking? read section II of this article: http://www.volokh.com/2013/01/14/aaron-swartz-charges/
the charges were wire fraud, computer fraud, unauthorized access, and computer damage.
> because it wasn't JSTOR pressing charges, it was MIT
when the charges are federal crimes, prosecutors decide whether or not to press charges. not wanting to press charges does not magically make criminal acts not criminal. if a guy beats the crap out of his girlfriend, and his girlfriend does not want to press charges, the prosecutor can still press charges.
No, it was rhetorical. The point is the charge that MAC spoofing was relevant to was unauthorized access, but if MAC spoofing is sufficient to prove "unauthorized" then MAC spoofing would virtually always be unauthorized access to whatever you're accessing with a spoofed MAC. That interpretation would make MAC spoofing illegal without any underlying crime.
>when the charges are federal crimes, prosecutors decide whether or not to press charges. not wanting to press charges does not magically make criminal acts not criminal.
I'm not sure that's always true. If one of the elements of the crime is that what the defendant did was unauthorized (as was the case here) then if every victim authorized the behavior that element of the crime wouldn't be satisfied, no?
Even if he had changed his MAC address by buying a new laptop / NIC and connecting it, they probably would have still tried to charge him with the same thing.
The wording of what is alleged from the indictment is: "He sought to defraud MIT and JSTOR of rights and property by: ... b. Repeatedly taking steps to change his and his computer's apparent identities and conceal his and his computers' true identities".
For that same argument to be applied to someone else, there would have to be several aspects:
* The change of MAC would have to be repeated (although obviously they could construct a similar argument if you just did it once to clone a white-listed MAC).
* The 'intent' behind changing the MAC address would have to be to obtain something that could not be obtained otherwise. This could be by spoofing a white-listed MAC address, or changing away from your black-listed MAC address that was blacklisted to stop you doing something the network owner doesn't want you to do with their network.
That is exactly what the law says in this case. The government has declared that MAC randomization is the creation of fraudulent identities for the purposes of authentication, not unlike creating fraudulent photo identification.
You can say that randomizing a MAC address is not a crime, just as one can say that creating a fake passport for a movie is not a crime. The crime is in using that fake identification for authentication, which is obvious when customs asks for your passport, but undetectable when a network is using MAC addresses to enforce policy. If subverting that network policy is a felony, then MAC randomization is, by law, sometimes an involuntary felony.
While MAC addresses are obviously not a form of identification to technical folks, this stance would not be unprecedented as the US has also made it a felony to forge another trivially forged pseudo identify, Caller ID[1]. Enforcement of CNID spoofing is much easier given the nature of the phone system, since only a few providers bridge from VoIP to POTS.
[ 1 https://en.wikipedia.org/wiki/Caller_ID_spoofing#Legislation... ]
This doesn't mean "oh noes! fake mustaches are against the lawz!!!11 they are going to lock up all the actors!"
I've changed my MAC/moustache plenty of times to "deceive some guards". Actually I'm doing it right now, this Comcast modem is a utter pain in the ass...
Or, if it is the "something valuable" part, would gaining access to that "something valuable" have been an issue if there was no deceit? Was Aaron's curl script A-okay right up until the point that he deceived?
It's more akin to wearing a fake mustache, than using a fake id.
Technically. Yes, I think that anyone who understands the technology agrees with this. The problem is that the courts are enforcing it as if it were the digital equivalent of a photo id, and this is not a small problem.
If changing your MAC is not itself an issue, how do we determine what (normally legal) things you cannot do after (legally) changing your MAC?
Orders to do something obviously wrong should be followed, because the law is the law. Nice thinking there.