Context is important in law. It's not illegal to change your mac address or wear a ski mask. It can be illegal to do both of these things while committing other crimes.<p>I'm really sick of these sensational posts/comments showing up on HN. I know, I'm not supposed to complain about quality of posts or comments but the past week has really changed my view on the current state of HN. Witch hunts, sensational stories, jumping to conclusions, hating the law/government, etc. Let's go back to technical news.
Under the CFAA, it might in fact be illegal to randomize your MAC address depending on the terms of use for the network you are accessing. It is not illegal for this guy to access his home network in this way, because he owns the network. However, the danger of the CFAA is that it makes it a crime to violate user agreements - which can say anything that the network or site owner wants them to. It effectively allows anyone to author and implement their own criminal laws and have them be enforced by the full power of the federal government.<p>As for the wire fraud implications (which are separate from the CFAA), if you cause a false statement to be transmitted for the purpose of obtaining money or property, you have committed wire fraud and face a potential 20 year sentence. Spoofing MAC addresses to exceed access limits, for example, would qualify. You are causing your device to mask its true identity for the purpose of obtaining "property" that you wouldn't otherwise have access to.
<i>Besides taking the "civil liberty" angle, I'm trying to get to the "witchcraft" angle. As Arthur C Clarke puts it, "Any sufficiently advanced technology is indistinguishable from magic". Here is my corollary: "Any sufficiently technical expert is indistinguishable from a witch". People fear magic they don't understand, and distrust those who wield that magic. Things that seem reasonable to technical geeks seem illegal to the non-technical.</i><p>Excellent insight.
I am not a lawyer, and neither is the author. But I suspect that there's nothing illegal about randomizing your MAC address or concealing your online identity. It's the combination of those things and committing some other "crime" (ie accessing data or systems for which you don't have permission) that becomes a problem, in that it shows intent to deceive the other party.<p>But again, I am not a lawyer.
Why should we even be trying to sugarcoat what he did? His intention was right but perhaps means weren't and thats how every rebel goes about doing their stuff. They aren't too much concerned about "confirming", and ,duh, not for nothing they are a rebel. The moment the society and the government start treating A Rebel With a Cause for the means they take than read the message they are trying to convey, it invariably shows the rot in the system. A system that doesnt like mirror being shown at. Lets please stop finding reasons for Aaron's action, instead lets accept what he did was not confirming to the system, we also need people who question and challenge the system not just those who confirms!
As I understand it, the problem was that he continued to connect to the network after being kicked off. It's unauthorized access.<p>I don't really know how to explain how I feel about it, but that's my understanding.
The author has not bothered to read the indictment. Maybe he should talk with MIT's sysadmins, who were attempting to block Swartz's MAC address as he changed them when the MIT sysadmins found out about them. They were trying to block Swartz. It's their network. The author's blog post doesn't mention any of this. What the author should do is block his own access based on his MAC address, change his MAC address to get around his own block, and then blog about it. He could wear a bike helmet to conceal his identity and run away when he attempts to apprehend himself, for extra realism. Then he could think about the implications for the case, as a "security" expert.
I always wonder at these sort of tinfoil hat articles. It seems to me that someone who has the skills and access to the internet but does not leave much of a trace is a huge red flag for what ever the tinfoil hatter fears. A better strategy would be to boot in to your original MAC address then have a covert switch that randomizes it for doing things out of the ordinary, then returns it to normal once they are done. If you fear you are being tracked, it would be better to leave a completely normal, boring footprint that is easy to find. Normal boring Facebook page, tweets, etc. All the way down to a cache of vanilla porn on your hard drive with just a hint of kink for that ah ha moment. Then anything that goes beyond what you want that footprint to look like then moves to randomized MAC addresses, TOR networks and all the other tricks…
I once did a test on my own network to see what would happen if I assigned two computers the same MAC address (but different IP addresses). You know what happened? Nothing. Despite my best efforts (for all of 30 seconds), I couldn't see any meaningful difference in the behavior of the computers. I was expecting tons of dropped packets as my switches tried to figure out what port that address was really on, but it didn't happen.
You do know that being the only iPhone user in the world who tells that he is using HTC One X is actually a pretty lead on you? :)<p>Sometimes the very acts that you do when trying to conceal your identity can be used to reveal it.
The charges are most likely not for <i>how</i> he did (spoof MAC addresses), but <i>what</i> he did (redistribute material he obtained without permission). A crime exists if it can proved there's intention.
This argument goes towards the DMCA, as well as what is considered under the CFAA..<p>"Intentionally accessing a computer without authorization to obtain: ....Information from any protected computer."<p>What does 'without authorization' mean, and what does 'protected' mean?<p>Does without authorization mean you violate a click-through license? Or is there some nebulous authentication chit you are handed? Is it a felony to fake your name on a website demanding your name?<p>And with that keyword 'protected', how do we know it is indeed protected? What steps one must take to protect, and what steps one must go through to understand that it is indeed protected computer/data?<p>In other words, we are all felons-on-standby. The laws are so vague as to entrap all by default.
You can carry a concealed handgun and shoot it at a shooting range, but if you murder someone with it - you will not only be charged with murder, but also with unlawful use of a handgun. This is common sense stuff here people sheesh.