Connect with us

Hi, what are you looking for?

Tech & Science

Should privacy act terms of service violations be a crime? (Includes interview)

A brief has been filed at the U.S. Supreme Court from the digital rights group Electronic Frontier Foundation (EFF). The brief, as NBC reports, is based on a study which concludes that if violations of a company’s “terms of service” are deemed to be illegal, then this will counter key research into digital data processing and analysis.

The primary issue relates to the U.S. Computer Fraud and Abuse Act (CFAA,. This is law instigated in 1986 used to prosecute people who break into computers. Legal experts and cybersecurity researchers have long complained that the law could be abused to target altruistic researchers who are breaking systems in order to make them more secure.

When its next term begins in October 2020, the Supreme Court is set to consider whether corporate terms of service can be considered an inviolable boundary under the CFAA. The EFF activists are supported by Bugcrowd and other cybersecurity companies and researchers in its amicus brief.

Looking at the issue from one of the supporting partners, Casey Ellis, CTO and founder of Bugcrowd sets out why the filing to the Supreme Court is so important.

Ellis notes that: “Congress originally passed the Computer Fraud and Abuse Act in response to growing threats from malicious actors in 1986, when the Internet as we know it today was still a nascent concept.”

So with things moving on rapidly, the law does not appear to be fit-for-purpose, according to Ellis. He says: “The law is so broadly written that it criminalizes acts that ethical security researchers take to identify cybersecurity vulnerabilities that could cause significant economic and societal harm.”

Ellis notes that “While organizations need to be able to prosecute malicious attackers, it’s important to ensure that the increasing importance of ethical researchers working to make the digital world safer isn’t chilled by the threat of prosecution, as it has been in the past.”

Adding further caution to the mix, Ellis states: “Speed is the natural enemy of security, and even organizations with in-house security teams still rely on the findings from outside researchers to provide continuous security feedback. By working independently of, or in-tandem with both private and government institutions, researchers have disclosed serious vulnerabilities in widely-used software and devices.”

Highlighting the good work that cybersecurity researchers undertake, Ellis explains how such teams “have identified countless security threats in voting systems, medical devices, critical infrastructure and vehicle software. Bugcrowd is proud to stand with the EFF in support of altering the CFAA so that ethical researchers can continue their socially beneficial work.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:


Jazz musician Courtney Pine gave a superb performance at the Union Chapel in London.


With 1 in 3 Americans impacted by data breaches, modernizing these systems and enhancing cybersecurity measures are essential in protecting patient data.

Tech & Science

Social media platforms should feature tobacco-style health warnings for adolescents, a top US government health official said Monday.


R.E.M. and Jason Isbell chatted at the red carpet of the 2024 Songwriters Hall of Fame induction ceremony.