https://wiki.extremist.software/api.php?action=feedcontributions&feedformat=atom&user=192.54.222.3Noisebridge - User contributions [en]2026-04-05T14:42:01ZUser contributionsMediaWiki 1.39.13https://wiki.extremist.software/index.php?title=Aaron_projects&diff=35376Aaron projects2013-11-09T22:35:02Z<p>192.54.222.3: </p>
<hr />
<div>==Continued work==<br />
First call is 11/11 at 18:30 EST. worldtimebuddy.com for time translation<br />
: (213) 493-0352 OPEN PIN 38453 <br />
Platform for continued engagement coming soon<br />
<br />
=== TOR ===<br />
* tor2web and jot2tor (virgil, SF)(oliver, BOS) : Tor2web makes it possible for internet users to view content from Tor hidden services. It's online in a (mostly) functioning form at http://tor2web.org . Jot2tor is an extension of this allowing users to use Aaron's jottit.com framework to easily create pages hosted on hidden services. Naturally, pages created via jot2tor are accessible from tor2web. Aaron and I actually worked on both of these projects until his death.<br />
*: OliverDay ('''Cambridge''')<br />
More information about what help we need is at: https://tor.jottit.com<br />
<br />
=== Access ===<br />
* Fork the Law ([[User:Christie|Christie]] ([[User talk:Christie|talk]]), SF) Fork the Law has spent the last few months working out what ordinary people need to know in order to effect legislative change. We're now working on condensing this down to a set of technical design requirements. We'd like to dig into turning the requirements into code, integrating existing open source applications and other services wherever possible. The repository for the development effort is https://github.com/fork-the-law/hancock.<br />
<br />
* [http://freelawproject.org Free Law Project] - non-profit providing free access to primary legal materials, developing legal research tools, and supporting academic research on legal corpora. Creators of CourtListener and Juriscraper. Easiest project for new contributor would be to extend juriscraper to cover another state court website not yet covered. See code on bitbucket.org. <br />
*: Free Law Machine is a virtual machine containing all dev tools and code one needs to get started.<br />
*: See also the "Free the Law" project @ HLS<br />
<br />
* [http://peerlibrary.org/ PeerLibrary] is a new open source project and a service providing collaborative reading, sharing and storing. Users can upload publications they want to read (currently in PDF format), read them in the browser in real-time with others, highlight, annotate and organize their own or collaborative library. PeerLibrary provides a search engine to search over all uploaded open access publications. Additionally, it aims to collaboratively aggregate the open layer of knowledge on top of this publications through public annotations and references user will add to publications. In this way publications would not just be available to read, but accessible to the general public as well. Currently, it is aiming at scientific community and scientific publications, but could be deployed for any other field (a StackExchange-like family is envisioned).<br />
*: [https://github.com/peerlibrary/peerlibrary source code] (build with [http://meteor.com/ Meteor])<br />
*: [https://archive.org/details/PeerLibraryPreview screencast of a prototype]<br />
*: [http://okcon.org/2013/09/12/okcon-2013-guest-post-peerlibrary-open-scientific-knowledge/ OKCon blog post about the ideas behind the project]<br />
*: [https://twitter.com/PeerLibrary @PeerLibrary]<br />
<br />
=== Aaron's writings, history, timeline ===<br />
*Archiving Aaron's writings (psawaya, '''SF'''). I think it'd be helpful to produce an archive of Aaron's writings, as the formatting on his blog isn't well-organized or good for reading on mobile devices. Some projects might include producing ePub and MOBI versions, organizing and tagging his writing, making it searchable, and perhaps even making it annotatable. It may be possible to build off of [https://github.com/joshleitzel/rawthought this project]. I recall not finding a Creative Commons declaration on Aaron's blog, though this project certainly seems to be in alignment with his ideals. Yan suggested talking about it with Noah Swartz.<br />
*: Interest: JoshL, SJ (Cambridge), JamesGrimm<br />
<br />
* Abelson Report ''TL;DR'' (Cambridge). Distillation and restating the Report to the President, such that more people can join in the conversations around the issues specific to MIT. [https://hackpad.com/TL-DR-lSAvXSwRYpH Ongoing project page]<br />
** Timeline visualization is in a state to share (still needs detail added in) : http://prezi.com/9r2agd3u8ule/aaron-swartz-timeline/<br />
<br />
* Getting related projects included where appropriate on Wikipedia<br />
*: James (user:dervorquil, Cambridge)<br />
<br />
=== Legal Fixes ===<br />
* [[/CFAA|'''Repeal the CFAA''']]: SJ, Andy (Cambridge). The CFAA is broken; noone but prosecutors like it. Building a constructive, normative replacement, and strategies for getting support at all levels: executive, policy, law, prosecution, activists, cyberwar. Cooperating with Aaron's Law and EFF work; but also tackling. <br />
*: Most discussions of "CFAA reform" have been incremental, in a framework of discussing what changes to current law are possible and would help fix recent problems; as opposed to describing why CFAA is broken and what proportionate and moral laws in that space wold look like. <br />
*: We're trying to describe what effective policy would look like, starting from scratch. Policy, Legal, Social, Tech/Security, and Prosecutorial norms which make sense. <br />
*: [[/CFAA|Project details]] and analysis<br />
<br />
* Prosecutorial Overreach/Underreach: The DOJ turns a blind eye to war criminals and Wall St crooks yet throws the book at activists like Aaron. I've registered 14 domains that are variations of the three main prosecutors in Aaron's trail (i.e. carmenortiz.org, stephenheymann.org, etc.) The names Carmen Ortiz and Stephen Heymann are already synonymous with abuse of power. Let's cement that while drawing attention to other activists/whistleblowers who are being prosecuted for non-crimes. While we're at it, let's give prosecutors something useful to do by highlighting well documented but unprosecuted crimes (I'm looking at you John Yoo/Jamie Dimon/James Clapper).<br />
<br />
* Restore the Fourth placeholder. We'll know more closer to the date about which of our projects would benefit the most from this. Options include the various encrpytion/meshnet/other coding aspects, blog posts and other content development, or drafting policy documents and researching for coalition-building.<br />
<br />
=== Privacy and other software tools ===<br />
* Mailpile (brennan, Berlin): https://github.com/pagekite/mailpile<br />
<br />
* Indie Box: Set up our own web applications on cheap Linux devices (like the Raspberry Pi) in our own homes: http://indieboxproject.org/<br />
<br />
* Client-side encryption (Daniel, SF): a library for creating web apps that encrypt user data before sending it to the server. This is an attempt at keeping the convenience of cloud storage while retaining data privacy.<br />
<br />
=== Transparency ===<br />
* '''SecureDrop''' (yan/micah/garrett?/james?, SF, samthetechie, Berlin): a platform for whistleblowers to transfer documents to newspapers directly. See [https://pressfreedomfoundation.org/securedrop Press Freedom page] + [https://github.com/freedomofpress/securedrop GitHub trunk].<br />
*: Our ongoing documentation / q&a site is https://securedrop.hackpad.com. You can also find us on oftc #securedrop-dev.<br />
*: Is there a place for people to publish already? <br />
<br />
* Transparency Toolkit (shidash, ?): Unfortunately Shidash is unavailable, but maybe someone else could do it?<br />
<br />
* Overview Project (Ian, SF): an open-source tool to help journalists (or anyone!) find stories in large sets of documents, by automatically sorting them according to topic and providing a fast visualization and reading interface. It's a way to quickly make sense of huge leaks, FOIA responses, and document dumps using a combination of clever algorithms and human intuition. Remember, transparency is meaningless if nobody's watching. Homepage: http://overview.ap.org/ Source: https://github.com/overview<br />
<br />
=== Activism tools ===<br />
* Taskforce (Sina, SF): https://taskforce.is are a group of developer volunteers working on a range of different activism tools and campaigns, aiming to improve the tools available to citizens and organizations advocating for better technology policy.<br />
** Two projects we'd love to collaborate on are: <br />
*** '''An SMS campaigning tool''' - Similar to MobileCommons, but open source. We have funding from Twilio that will enable this to exist as a "warning broadcast system" for people interested in tech advocacy. How it should work: The system would allow a user to sign up (either via SMS or via a web form) to receive SMS updates about tech advocacy projects. When a user signs up they immediately receive a text confirming their signup, and they can opt out any time. Admins can send messages to all subscribers via an admin interface. <br />
*** '''Crowdsourced anti-apathy platform''' - There's quite a bit of apathy with regards to surveillance in both the tech community and in the general public. We've been brainstorming to try and figure out how we can effectively convince people that it matters. Our best proposal thus far is to create a system to crowdsource the most convincing content, videos, photos and articles from around the web. Users would then be able to upvote the things that they found the most convincing.<br />
**Feel free to hack away. If you have any questions, feel free to email me (Email: [mailto:sina.khanifar@gmail.com], SMS: 949-878-8202). Also see https://github.com/tfrce and https://taskforce.is<br />
<br />
=== Mozilla: Essence ===<br />
* Mozilla is working on many new projects (Webmaker, FirefoxOS, Firefox Accounts, etc) that together are greater than the sum of their parts and will (hopefully) help the web leapfrog traditionally native platforms in ways that restore sovereignty to users. There's but one major thing missing in Mozilla's current tech roadmaps: an approach to wrangling control of personal data across the web back into the hands of users. <br />
* We're proposing to fill this gap with an extensibility model for Mozilla's [https://developer.mozilla.org/en-US/docs/WebAPI WebAPI project] that would enable RESTful API ecosystems to align with Mozilla's user-centric values. We are calling this extensibility model "[https://jwilde.hackpad.com/Essence-Project-Summary-b9vSK8NkuQ9 '''Essence''' (project details)]"<br />
* In nutshell, we are Mozilla volunteers aiming to influence the Firefox development roadmap. To do so, we are building a prototype that demonstrates the UX of Essence that also acts as a forward polyfill for future potential prototypes that can demonstrate the implications of a WebAPI extensibility model for products across Mozilla as well as the API ecosystems across the web.<br />
* Needs: Developers interested in creating Firefox Add-ons, modeling APIs using [http://raml.org/ RAML], or hacking the about:permissions UI in Firefox.</div>192.54.222.3https://wiki.extremist.software/index.php?title=Aaron_projects&diff=35375Aaron projects2013-11-09T22:34:46Z<p>192.54.222.3: /* Aaron's writings, history, timeline */</p>
<hr />
<div>==Continued work==<br />
First call is 11/11 at 18:30 EST. worldtimebuddy.com for time translation<br />
: (213) 493-0352 OPEN PIN 38453 <br />
Platform for continued engagement coming soon<br />
<br />
=== TOR ===<br />
* tor2web and jot2tor (virgil, SF)(oliver, BOS) : Tor2web makes it possible for internet users to view content from Tor hidden services. It's online in a (mostly) functioning form at http://tor2web.org . Jot2tor is an extension of this allowing users to use Aaron's jottit.com framework to easily create pages hosted on hidden services. Naturally, pages created via jot2tor are accessible from tor2web. Aaron and I actually worked on both of these projects until his death.<br />
*: OliverDay ('''Cambridge''')<br />
More information about what help we need is at: https://tor.jottit.com<br />
<br />
=== Access ===<br />
* Fork the Law ([[User:Christie|Christie]] ([[User talk:Christie|talk]]), SF) Fork the Law has spent the last few months working out what ordinary people need to know in order to effect legislative change. We're now working on condensing this down to a set of technical design requirements. We'd like to dig into turning the requirements into code, integrating existing open source applications and other services wherever possible. The repository for the development effort is https://github.com/fork-the-law/hancock.<br />
<br />
* [http://freelawproject.org Free Law Project] - non-profit providing free access to primary legal materials, developing legal research tools, and supporting academic research on legal corpora. Creators of CourtListener and Juriscraper. Easiest project for new contributor would be to extend juriscraper to cover another state court website not yet covered. See code on bitbucket.org. <br />
*: Free Law Machine is a virtual machine containing all dev tools and code one needs to get started.<br />
*: See also the "Free the Law" project @ HLS<br />
<br />
* [http://peerlibrary.org/ PeerLibrary] is a new open source project and a service providing collaborative reading, sharing and storing. Users can upload publications they want to read (currently in PDF format), read them in the browser in real-time with others, highlight, annotate and organize their own or collaborative library. PeerLibrary provides a search engine to search over all uploaded open access publications. Additionally, it aims to collaboratively aggregate the open layer of knowledge on top of this publications through public annotations and references user will add to publications. In this way publications would not just be available to read, but accessible to the general public as well. Currently, it is aiming at scientific community and scientific publications, but could be deployed for any other field (a StackExchange-like family is envisioned).<br />
*: [https://github.com/peerlibrary/peerlibrary source code] (build with [http://meteor.com/ Meteor])<br />
*: [https://archive.org/details/PeerLibraryPreview screencast of a prototype]<br />
*: [http://okcon.org/2013/09/12/okcon-2013-guest-post-peerlibrary-open-scientific-knowledge/ OKCon blog post about the ideas behind the project]<br />
*: [https://twitter.com/PeerLibrary @PeerLibrary]<br />
<br />
=== Aaron's writings, history, timeline ===<br />
*Archiving Aaron's writings (psawaya, '''SF'''). I think it'd be helpful to produce an archive of Aaron's writings, as the formatting on his blog isn't well-organized or good for reading on mobile devices. Some projects might include producing ePub and MOBI versions, organizing and tagging his writing, making it searchable, and perhaps even making it annotatable. It may be possible to build off of [https://github.com/joshleitzel/rawthought this project]. I recall not finding a Creative Commons declaration on Aaron's blog, though this project certainly seems to be in alignment with his ideals. Yan suggested talking about it with Noah Swartz.<br />
*: Interest: JoshL, SJ (Cambridge), JamesGrimm<br />
<br />
* Abelson Report ''TL;DR'' (Cambridge). Distillation and restating the Report to the President, such that more people can join in the conversations around the issues specific to MIT. [https://hackpad.com/TL-DR-lSAvXSwRYpH Ongoing project page]<br />
** Timeline visualization is in a state to share (still needs detail added in) : http://prezi.com/9r2agd3u8ule/aaron-swartz-timeline/<br />
<br />
* Getting related projects included where appropriate on Wikipedia<br />
*: James (user:dervorquil, '''Cambridge''')<br />
<br />
=== Legal Fixes ===<br />
* [[/CFAA|'''Repeal the CFAA''']]: SJ, Andy (Cambridge). The CFAA is broken; noone but prosecutors like it. Building a constructive, normative replacement, and strategies for getting support at all levels: executive, policy, law, prosecution, activists, cyberwar. Cooperating with Aaron's Law and EFF work; but also tackling. <br />
*: Most discussions of "CFAA reform" have been incremental, in a framework of discussing what changes to current law are possible and would help fix recent problems; as opposed to describing why CFAA is broken and what proportionate and moral laws in that space wold look like. <br />
*: We're trying to describe what effective policy would look like, starting from scratch. Policy, Legal, Social, Tech/Security, and Prosecutorial norms which make sense. <br />
*: [[/CFAA|Project details]] and analysis<br />
<br />
* Prosecutorial Overreach/Underreach: The DOJ turns a blind eye to war criminals and Wall St crooks yet throws the book at activists like Aaron. I've registered 14 domains that are variations of the three main prosecutors in Aaron's trail (i.e. carmenortiz.org, stephenheymann.org, etc.) The names Carmen Ortiz and Stephen Heymann are already synonymous with abuse of power. Let's cement that while drawing attention to other activists/whistleblowers who are being prosecuted for non-crimes. While we're at it, let's give prosecutors something useful to do by highlighting well documented but unprosecuted crimes (I'm looking at you John Yoo/Jamie Dimon/James Clapper).<br />
<br />
* Restore the Fourth placeholder. We'll know more closer to the date about which of our projects would benefit the most from this. Options include the various encrpytion/meshnet/other coding aspects, blog posts and other content development, or drafting policy documents and researching for coalition-building.<br />
<br />
=== Privacy and other software tools ===<br />
* Mailpile (brennan, Berlin): https://github.com/pagekite/mailpile<br />
<br />
* Indie Box: Set up our own web applications on cheap Linux devices (like the Raspberry Pi) in our own homes: http://indieboxproject.org/<br />
<br />
* Client-side encryption (Daniel, SF): a library for creating web apps that encrypt user data before sending it to the server. This is an attempt at keeping the convenience of cloud storage while retaining data privacy.<br />
<br />
=== Transparency ===<br />
* '''SecureDrop''' (yan/micah/garrett?/james?, SF, samthetechie, Berlin): a platform for whistleblowers to transfer documents to newspapers directly. See [https://pressfreedomfoundation.org/securedrop Press Freedom page] + [https://github.com/freedomofpress/securedrop GitHub trunk].<br />
*: Our ongoing documentation / q&a site is https://securedrop.hackpad.com. You can also find us on oftc #securedrop-dev.<br />
*: Is there a place for people to publish already? <br />
<br />
* Transparency Toolkit (shidash, ?): Unfortunately Shidash is unavailable, but maybe someone else could do it?<br />
<br />
* Overview Project (Ian, SF): an open-source tool to help journalists (or anyone!) find stories in large sets of documents, by automatically sorting them according to topic and providing a fast visualization and reading interface. It's a way to quickly make sense of huge leaks, FOIA responses, and document dumps using a combination of clever algorithms and human intuition. Remember, transparency is meaningless if nobody's watching. Homepage: http://overview.ap.org/ Source: https://github.com/overview<br />
<br />
=== Activism tools ===<br />
* Taskforce (Sina, SF): https://taskforce.is are a group of developer volunteers working on a range of different activism tools and campaigns, aiming to improve the tools available to citizens and organizations advocating for better technology policy.<br />
** Two projects we'd love to collaborate on are: <br />
*** '''An SMS campaigning tool''' - Similar to MobileCommons, but open source. We have funding from Twilio that will enable this to exist as a "warning broadcast system" for people interested in tech advocacy. How it should work: The system would allow a user to sign up (either via SMS or via a web form) to receive SMS updates about tech advocacy projects. When a user signs up they immediately receive a text confirming their signup, and they can opt out any time. Admins can send messages to all subscribers via an admin interface. <br />
*** '''Crowdsourced anti-apathy platform''' - There's quite a bit of apathy with regards to surveillance in both the tech community and in the general public. We've been brainstorming to try and figure out how we can effectively convince people that it matters. Our best proposal thus far is to create a system to crowdsource the most convincing content, videos, photos and articles from around the web. Users would then be able to upvote the things that they found the most convincing.<br />
**Feel free to hack away. If you have any questions, feel free to email me (Email: [mailto:sina.khanifar@gmail.com], SMS: 949-878-8202). Also see https://github.com/tfrce and https://taskforce.is<br />
<br />
=== Mozilla: Essence ===<br />
* Mozilla is working on many new projects (Webmaker, FirefoxOS, Firefox Accounts, etc) that together are greater than the sum of their parts and will (hopefully) help the web leapfrog traditionally native platforms in ways that restore sovereignty to users. There's but one major thing missing in Mozilla's current tech roadmaps: an approach to wrangling control of personal data across the web back into the hands of users. <br />
* We're proposing to fill this gap with an extensibility model for Mozilla's [https://developer.mozilla.org/en-US/docs/WebAPI WebAPI project] that would enable RESTful API ecosystems to align with Mozilla's user-centric values. We are calling this extensibility model "[https://jwilde.hackpad.com/Essence-Project-Summary-b9vSK8NkuQ9 '''Essence''' (project details)]"<br />
* In nutshell, we are Mozilla volunteers aiming to influence the Firefox development roadmap. To do so, we are building a prototype that demonstrates the UX of Essence that also acts as a forward polyfill for future potential prototypes that can demonstrate the implications of a WebAPI extensibility model for products across Mozilla as well as the API ecosystems across the web.<br />
* Needs: Developers interested in creating Firefox Add-ons, modeling APIs using [http://raml.org/ RAML], or hacking the about:permissions UI in Firefox.</div>192.54.222.3https://wiki.extremist.software/index.php?title=Aaron_projects&diff=35374Aaron projects2013-11-09T22:34:31Z<p>192.54.222.3: /* Aaron's writings, history, timeline */</p>
<hr />
<div>==Continued work==<br />
First call is 11/11 at 18:30 EST. worldtimebuddy.com for time translation<br />
: (213) 493-0352 OPEN PIN 38453 <br />
Platform for continued engagement coming soon<br />
<br />
=== TOR ===<br />
* tor2web and jot2tor (virgil, SF)(oliver, BOS) : Tor2web makes it possible for internet users to view content from Tor hidden services. It's online in a (mostly) functioning form at http://tor2web.org . Jot2tor is an extension of this allowing users to use Aaron's jottit.com framework to easily create pages hosted on hidden services. Naturally, pages created via jot2tor are accessible from tor2web. Aaron and I actually worked on both of these projects until his death.<br />
*: OliverDay ('''Cambridge''')<br />
More information about what help we need is at: https://tor.jottit.com<br />
<br />
=== Access ===<br />
* Fork the Law ([[User:Christie|Christie]] ([[User talk:Christie|talk]]), SF) Fork the Law has spent the last few months working out what ordinary people need to know in order to effect legislative change. We're now working on condensing this down to a set of technical design requirements. We'd like to dig into turning the requirements into code, integrating existing open source applications and other services wherever possible. The repository for the development effort is https://github.com/fork-the-law/hancock.<br />
<br />
* [http://freelawproject.org Free Law Project] - non-profit providing free access to primary legal materials, developing legal research tools, and supporting academic research on legal corpora. Creators of CourtListener and Juriscraper. Easiest project for new contributor would be to extend juriscraper to cover another state court website not yet covered. See code on bitbucket.org. <br />
*: Free Law Machine is a virtual machine containing all dev tools and code one needs to get started.<br />
*: See also the "Free the Law" project @ HLS<br />
<br />
* [http://peerlibrary.org/ PeerLibrary] is a new open source project and a service providing collaborative reading, sharing and storing. Users can upload publications they want to read (currently in PDF format), read them in the browser in real-time with others, highlight, annotate and organize their own or collaborative library. PeerLibrary provides a search engine to search over all uploaded open access publications. Additionally, it aims to collaboratively aggregate the open layer of knowledge on top of this publications through public annotations and references user will add to publications. In this way publications would not just be available to read, but accessible to the general public as well. Currently, it is aiming at scientific community and scientific publications, but could be deployed for any other field (a StackExchange-like family is envisioned).<br />
*: [https://github.com/peerlibrary/peerlibrary source code] (build with [http://meteor.com/ Meteor])<br />
*: [https://archive.org/details/PeerLibraryPreview screencast of a prototype]<br />
*: [http://okcon.org/2013/09/12/okcon-2013-guest-post-peerlibrary-open-scientific-knowledge/ OKCon blog post about the ideas behind the project]<br />
*: [https://twitter.com/PeerLibrary @PeerLibrary]<br />
<br />
=== Aaron's writings, history, timeline ===<br />
*Archiving Aaron's writings (psawaya, '''SF'''). I think it'd be helpful to produce an archive of Aaron's writings, as the formatting on his blog isn't well-organized or good for reading on mobile devices. Some projects might include producing ePub and MOBI versions, organizing and tagging his writing, making it searchable, and perhaps even making it annotatable. It may be possible to build off of [https://github.com/joshleitzel/rawthought this project]. I recall not finding a Creative Commons declaration on Aaron's blog, though this project certainly seems to be in alignment with his ideals. Yan suggested talking about it with Noah Swartz.<br />
*: Interest: JoshL, SJ (Cambridge), JamesGrimm<br />
<br />
* Abelson Report ''TL;DR'' (Cambridge). Distillation and restating the Report to the President, such that more people can join in the conversations around the issues specific to MIT. [https://hackpad.com/TL-DR-lSAvXSwRYpH Ongoing project page]<br />
** Timeline visualization is in a state to share (still needs detail added in) : http://prezi.com/9r2agd3u8ule/aaron-swartz-timeline/<br />
<br />
* Getting related projects included where appropriate on Wikipedia<br />
*: James ('''Cambridge''')<br />
<br />
=== Legal Fixes ===<br />
* [[/CFAA|'''Repeal the CFAA''']]: SJ, Andy (Cambridge). The CFAA is broken; noone but prosecutors like it. Building a constructive, normative replacement, and strategies for getting support at all levels: executive, policy, law, prosecution, activists, cyberwar. Cooperating with Aaron's Law and EFF work; but also tackling. <br />
*: Most discussions of "CFAA reform" have been incremental, in a framework of discussing what changes to current law are possible and would help fix recent problems; as opposed to describing why CFAA is broken and what proportionate and moral laws in that space wold look like. <br />
*: We're trying to describe what effective policy would look like, starting from scratch. Policy, Legal, Social, Tech/Security, and Prosecutorial norms which make sense. <br />
*: [[/CFAA|Project details]] and analysis<br />
<br />
* Prosecutorial Overreach/Underreach: The DOJ turns a blind eye to war criminals and Wall St crooks yet throws the book at activists like Aaron. I've registered 14 domains that are variations of the three main prosecutors in Aaron's trail (i.e. carmenortiz.org, stephenheymann.org, etc.) The names Carmen Ortiz and Stephen Heymann are already synonymous with abuse of power. Let's cement that while drawing attention to other activists/whistleblowers who are being prosecuted for non-crimes. While we're at it, let's give prosecutors something useful to do by highlighting well documented but unprosecuted crimes (I'm looking at you John Yoo/Jamie Dimon/James Clapper).<br />
<br />
* Restore the Fourth placeholder. We'll know more closer to the date about which of our projects would benefit the most from this. Options include the various encrpytion/meshnet/other coding aspects, blog posts and other content development, or drafting policy documents and researching for coalition-building.<br />
<br />
=== Privacy and other software tools ===<br />
* Mailpile (brennan, Berlin): https://github.com/pagekite/mailpile<br />
<br />
* Indie Box: Set up our own web applications on cheap Linux devices (like the Raspberry Pi) in our own homes: http://indieboxproject.org/<br />
<br />
* Client-side encryption (Daniel, SF): a library for creating web apps that encrypt user data before sending it to the server. This is an attempt at keeping the convenience of cloud storage while retaining data privacy.<br />
<br />
=== Transparency ===<br />
* '''SecureDrop''' (yan/micah/garrett?/james?, SF, samthetechie, Berlin): a platform for whistleblowers to transfer documents to newspapers directly. See [https://pressfreedomfoundation.org/securedrop Press Freedom page] + [https://github.com/freedomofpress/securedrop GitHub trunk].<br />
*: Our ongoing documentation / q&a site is https://securedrop.hackpad.com. You can also find us on oftc #securedrop-dev.<br />
*: Is there a place for people to publish already? <br />
<br />
* Transparency Toolkit (shidash, ?): Unfortunately Shidash is unavailable, but maybe someone else could do it?<br />
<br />
* Overview Project (Ian, SF): an open-source tool to help journalists (or anyone!) find stories in large sets of documents, by automatically sorting them according to topic and providing a fast visualization and reading interface. It's a way to quickly make sense of huge leaks, FOIA responses, and document dumps using a combination of clever algorithms and human intuition. Remember, transparency is meaningless if nobody's watching. Homepage: http://overview.ap.org/ Source: https://github.com/overview<br />
<br />
=== Activism tools ===<br />
* Taskforce (Sina, SF): https://taskforce.is are a group of developer volunteers working on a range of different activism tools and campaigns, aiming to improve the tools available to citizens and organizations advocating for better technology policy.<br />
** Two projects we'd love to collaborate on are: <br />
*** '''An SMS campaigning tool''' - Similar to MobileCommons, but open source. We have funding from Twilio that will enable this to exist as a "warning broadcast system" for people interested in tech advocacy. How it should work: The system would allow a user to sign up (either via SMS or via a web form) to receive SMS updates about tech advocacy projects. When a user signs up they immediately receive a text confirming their signup, and they can opt out any time. Admins can send messages to all subscribers via an admin interface. <br />
*** '''Crowdsourced anti-apathy platform''' - There's quite a bit of apathy with regards to surveillance in both the tech community and in the general public. We've been brainstorming to try and figure out how we can effectively convince people that it matters. Our best proposal thus far is to create a system to crowdsource the most convincing content, videos, photos and articles from around the web. Users would then be able to upvote the things that they found the most convincing.<br />
**Feel free to hack away. If you have any questions, feel free to email me (Email: [mailto:sina.khanifar@gmail.com], SMS: 949-878-8202). Also see https://github.com/tfrce and https://taskforce.is<br />
<br />
=== Mozilla: Essence ===<br />
* Mozilla is working on many new projects (Webmaker, FirefoxOS, Firefox Accounts, etc) that together are greater than the sum of their parts and will (hopefully) help the web leapfrog traditionally native platforms in ways that restore sovereignty to users. There's but one major thing missing in Mozilla's current tech roadmaps: an approach to wrangling control of personal data across the web back into the hands of users. <br />
* We're proposing to fill this gap with an extensibility model for Mozilla's [https://developer.mozilla.org/en-US/docs/WebAPI WebAPI project] that would enable RESTful API ecosystems to align with Mozilla's user-centric values. We are calling this extensibility model "[https://jwilde.hackpad.com/Essence-Project-Summary-b9vSK8NkuQ9 '''Essence''' (project details)]"<br />
* In nutshell, we are Mozilla volunteers aiming to influence the Firefox development roadmap. To do so, we are building a prototype that demonstrates the UX of Essence that also acts as a forward polyfill for future potential prototypes that can demonstrate the implications of a WebAPI extensibility model for products across Mozilla as well as the API ecosystems across the web.<br />
* Needs: Developers interested in creating Firefox Add-ons, modeling APIs using [http://raml.org/ RAML], or hacking the about:permissions UI in Firefox.</div>192.54.222.3https://wiki.extremist.software/index.php?title=Aaron_projects&diff=35373Aaron projects2013-11-09T22:34:15Z<p>192.54.222.3: /* Personal archive */</p>
<hr />
<div>==Continued work==<br />
First call is 11/11 at 18:30 EST. worldtimebuddy.com for time translation<br />
: (213) 493-0352 OPEN PIN 38453 <br />
Platform for continued engagement coming soon<br />
<br />
=== TOR ===<br />
* tor2web and jot2tor (virgil, SF)(oliver, BOS) : Tor2web makes it possible for internet users to view content from Tor hidden services. It's online in a (mostly) functioning form at http://tor2web.org . Jot2tor is an extension of this allowing users to use Aaron's jottit.com framework to easily create pages hosted on hidden services. Naturally, pages created via jot2tor are accessible from tor2web. Aaron and I actually worked on both of these projects until his death.<br />
*: OliverDay ('''Cambridge''')<br />
More information about what help we need is at: https://tor.jottit.com<br />
<br />
=== Access ===<br />
* Fork the Law ([[User:Christie|Christie]] ([[User talk:Christie|talk]]), SF) Fork the Law has spent the last few months working out what ordinary people need to know in order to effect legislative change. We're now working on condensing this down to a set of technical design requirements. We'd like to dig into turning the requirements into code, integrating existing open source applications and other services wherever possible. The repository for the development effort is https://github.com/fork-the-law/hancock.<br />
<br />
* [http://freelawproject.org Free Law Project] - non-profit providing free access to primary legal materials, developing legal research tools, and supporting academic research on legal corpora. Creators of CourtListener and Juriscraper. Easiest project for new contributor would be to extend juriscraper to cover another state court website not yet covered. See code on bitbucket.org. <br />
*: Free Law Machine is a virtual machine containing all dev tools and code one needs to get started.<br />
*: See also the "Free the Law" project @ HLS<br />
<br />
* [http://peerlibrary.org/ PeerLibrary] is a new open source project and a service providing collaborative reading, sharing and storing. Users can upload publications they want to read (currently in PDF format), read them in the browser in real-time with others, highlight, annotate and organize their own or collaborative library. PeerLibrary provides a search engine to search over all uploaded open access publications. Additionally, it aims to collaboratively aggregate the open layer of knowledge on top of this publications through public annotations and references user will add to publications. In this way publications would not just be available to read, but accessible to the general public as well. Currently, it is aiming at scientific community and scientific publications, but could be deployed for any other field (a StackExchange-like family is envisioned).<br />
*: [https://github.com/peerlibrary/peerlibrary source code] (build with [http://meteor.com/ Meteor])<br />
*: [https://archive.org/details/PeerLibraryPreview screencast of a prototype]<br />
*: [http://okcon.org/2013/09/12/okcon-2013-guest-post-peerlibrary-open-scientific-knowledge/ OKCon blog post about the ideas behind the project]<br />
*: [https://twitter.com/PeerLibrary @PeerLibrary]<br />
<br />
=== Aaron's writings, history, timeline ===<br />
*Archiving Aaron's writings (psawaya, '''SF'''). I think it'd be helpful to produce an archive of Aaron's writings, as the formatting on his blog isn't well-organized or good for reading on mobile devices. Some projects might include producing ePub and MOBI versions, organizing and tagging his writing, making it searchable, and perhaps even making it annotatable. It may be possible to build off of [https://github.com/joshleitzel/rawthought this project]. I recall not finding a Creative Commons declaration on Aaron's blog, though this project certainly seems to be in alignment with his ideals. Yan suggested talking about it with Noah Swartz.<br />
*: Interest: JoshL, SJ (Cambridge), JamesGrimm<br />
<br />
* Abelson Report ''TL;DR'' (Cambridge). Distillation and restating the Report to the President, such that more people can join in the conversations around the issues specific to MIT. [https://hackpad.com/TL-DR-lSAvXSwRYpH Ongoing project page]<br />
** Timeline visualization is in a state to share (still needs detail added in) : http://prezi.com/9r2agd3u8ule/aaron-swartz-timeline/<br />
<br />
* Getting projects their own articles on Wikipedia<br />
*: James ('''Cambridge''')<br />
<br />
=== Legal Fixes ===<br />
* [[/CFAA|'''Repeal the CFAA''']]: SJ, Andy (Cambridge). The CFAA is broken; noone but prosecutors like it. Building a constructive, normative replacement, and strategies for getting support at all levels: executive, policy, law, prosecution, activists, cyberwar. Cooperating with Aaron's Law and EFF work; but also tackling. <br />
*: Most discussions of "CFAA reform" have been incremental, in a framework of discussing what changes to current law are possible and would help fix recent problems; as opposed to describing why CFAA is broken and what proportionate and moral laws in that space wold look like. <br />
*: We're trying to describe what effective policy would look like, starting from scratch. Policy, Legal, Social, Tech/Security, and Prosecutorial norms which make sense. <br />
*: [[/CFAA|Project details]] and analysis<br />
<br />
* Prosecutorial Overreach/Underreach: The DOJ turns a blind eye to war criminals and Wall St crooks yet throws the book at activists like Aaron. I've registered 14 domains that are variations of the three main prosecutors in Aaron's trail (i.e. carmenortiz.org, stephenheymann.org, etc.) The names Carmen Ortiz and Stephen Heymann are already synonymous with abuse of power. Let's cement that while drawing attention to other activists/whistleblowers who are being prosecuted for non-crimes. While we're at it, let's give prosecutors something useful to do by highlighting well documented but unprosecuted crimes (I'm looking at you John Yoo/Jamie Dimon/James Clapper).<br />
<br />
* Restore the Fourth placeholder. We'll know more closer to the date about which of our projects would benefit the most from this. Options include the various encrpytion/meshnet/other coding aspects, blog posts and other content development, or drafting policy documents and researching for coalition-building.<br />
<br />
=== Privacy and other software tools ===<br />
* Mailpile (brennan, Berlin): https://github.com/pagekite/mailpile<br />
<br />
* Indie Box: Set up our own web applications on cheap Linux devices (like the Raspberry Pi) in our own homes: http://indieboxproject.org/<br />
<br />
* Client-side encryption (Daniel, SF): a library for creating web apps that encrypt user data before sending it to the server. This is an attempt at keeping the convenience of cloud storage while retaining data privacy.<br />
<br />
=== Transparency ===<br />
* '''SecureDrop''' (yan/micah/garrett?/james?, SF, samthetechie, Berlin): a platform for whistleblowers to transfer documents to newspapers directly. See [https://pressfreedomfoundation.org/securedrop Press Freedom page] + [https://github.com/freedomofpress/securedrop GitHub trunk].<br />
*: Our ongoing documentation / q&a site is https://securedrop.hackpad.com. You can also find us on oftc #securedrop-dev.<br />
*: Is there a place for people to publish already? <br />
<br />
* Transparency Toolkit (shidash, ?): Unfortunately Shidash is unavailable, but maybe someone else could do it?<br />
<br />
* Overview Project (Ian, SF): an open-source tool to help journalists (or anyone!) find stories in large sets of documents, by automatically sorting them according to topic and providing a fast visualization and reading interface. It's a way to quickly make sense of huge leaks, FOIA responses, and document dumps using a combination of clever algorithms and human intuition. Remember, transparency is meaningless if nobody's watching. Homepage: http://overview.ap.org/ Source: https://github.com/overview<br />
<br />
=== Activism tools ===<br />
* Taskforce (Sina, SF): https://taskforce.is are a group of developer volunteers working on a range of different activism tools and campaigns, aiming to improve the tools available to citizens and organizations advocating for better technology policy.<br />
** Two projects we'd love to collaborate on are: <br />
*** '''An SMS campaigning tool''' - Similar to MobileCommons, but open source. We have funding from Twilio that will enable this to exist as a "warning broadcast system" for people interested in tech advocacy. How it should work: The system would allow a user to sign up (either via SMS or via a web form) to receive SMS updates about tech advocacy projects. When a user signs up they immediately receive a text confirming their signup, and they can opt out any time. Admins can send messages to all subscribers via an admin interface. <br />
*** '''Crowdsourced anti-apathy platform''' - There's quite a bit of apathy with regards to surveillance in both the tech community and in the general public. We've been brainstorming to try and figure out how we can effectively convince people that it matters. Our best proposal thus far is to create a system to crowdsource the most convincing content, videos, photos and articles from around the web. Users would then be able to upvote the things that they found the most convincing.<br />
**Feel free to hack away. If you have any questions, feel free to email me (Email: [mailto:sina.khanifar@gmail.com], SMS: 949-878-8202). Also see https://github.com/tfrce and https://taskforce.is<br />
<br />
=== Mozilla: Essence ===<br />
* Mozilla is working on many new projects (Webmaker, FirefoxOS, Firefox Accounts, etc) that together are greater than the sum of their parts and will (hopefully) help the web leapfrog traditionally native platforms in ways that restore sovereignty to users. There's but one major thing missing in Mozilla's current tech roadmaps: an approach to wrangling control of personal data across the web back into the hands of users. <br />
* We're proposing to fill this gap with an extensibility model for Mozilla's [https://developer.mozilla.org/en-US/docs/WebAPI WebAPI project] that would enable RESTful API ecosystems to align with Mozilla's user-centric values. We are calling this extensibility model "[https://jwilde.hackpad.com/Essence-Project-Summary-b9vSK8NkuQ9 '''Essence''' (project details)]"<br />
* In nutshell, we are Mozilla volunteers aiming to influence the Firefox development roadmap. To do so, we are building a prototype that demonstrates the UX of Essence that also acts as a forward polyfill for future potential prototypes that can demonstrate the implications of a WebAPI extensibility model for products across Mozilla as well as the API ecosystems across the web.<br />
* Needs: Developers interested in creating Firefox Add-ons, modeling APIs using [http://raml.org/ RAML], or hacking the about:permissions UI in Firefox.</div>192.54.222.3https://wiki.extremist.software/index.php?title=Aaron_projects&diff=35372Aaron projects2013-11-09T22:33:53Z<p>192.54.222.3: /* Essence */</p>
<hr />
<div>==Continued work==<br />
First call is 11/11 at 18:30 EST. worldtimebuddy.com for time translation<br />
: (213) 493-0352 OPEN PIN 38453 <br />
Platform for continued engagement coming soon<br />
<br />
=== TOR ===<br />
* tor2web and jot2tor (virgil, SF)(oliver, BOS) : Tor2web makes it possible for internet users to view content from Tor hidden services. It's online in a (mostly) functioning form at http://tor2web.org . Jot2tor is an extension of this allowing users to use Aaron's jottit.com framework to easily create pages hosted on hidden services. Naturally, pages created via jot2tor are accessible from tor2web. Aaron and I actually worked on both of these projects until his death.<br />
*: OliverDay ('''Cambridge''')<br />
More information about what help we need is at: https://tor.jottit.com<br />
<br />
=== Access ===<br />
* Fork the Law ([[User:Christie|Christie]] ([[User talk:Christie|talk]]), SF) Fork the Law has spent the last few months working out what ordinary people need to know in order to effect legislative change. We're now working on condensing this down to a set of technical design requirements. We'd like to dig into turning the requirements into code, integrating existing open source applications and other services wherever possible. The repository for the development effort is https://github.com/fork-the-law/hancock.<br />
<br />
* [http://freelawproject.org Free Law Project] - non-profit providing free access to primary legal materials, developing legal research tools, and supporting academic research on legal corpora. Creators of CourtListener and Juriscraper. Easiest project for new contributor would be to extend juriscraper to cover another state court website not yet covered. See code on bitbucket.org. <br />
*: Free Law Machine is a virtual machine containing all dev tools and code one needs to get started.<br />
*: See also the "Free the Law" project @ HLS<br />
<br />
* [http://peerlibrary.org/ PeerLibrary] is a new open source project and a service providing collaborative reading, sharing and storing. Users can upload publications they want to read (currently in PDF format), read them in the browser in real-time with others, highlight, annotate and organize their own or collaborative library. PeerLibrary provides a search engine to search over all uploaded open access publications. Additionally, it aims to collaboratively aggregate the open layer of knowledge on top of this publications through public annotations and references user will add to publications. In this way publications would not just be available to read, but accessible to the general public as well. Currently, it is aiming at scientific community and scientific publications, but could be deployed for any other field (a StackExchange-like family is envisioned).<br />
*: [https://github.com/peerlibrary/peerlibrary source code] (build with [http://meteor.com/ Meteor])<br />
*: [https://archive.org/details/PeerLibraryPreview screencast of a prototype]<br />
*: [http://okcon.org/2013/09/12/okcon-2013-guest-post-peerlibrary-open-scientific-knowledge/ OKCon blog post about the ideas behind the project]<br />
*: [https://twitter.com/PeerLibrary @PeerLibrary]<br />
<br />
=== Personal archive ===<br />
*Archiving Aaron's writings (psawaya, '''SF'''). I think it'd be helpful to produce an archive of Aaron's writings, as the formatting on his blog isn't well-organized or good for reading on mobile devices. Some projects might include producing ePub and MOBI versions, organizing and tagging his writing, making it searchable, and perhaps even making it annotatable. It may be possible to build off of [https://github.com/joshleitzel/rawthought this project]. I recall not finding a Creative Commons declaration on Aaron's blog, though this project certainly seems to be in alignment with his ideals. Yan suggested talking about it with Noah Swartz.<br />
*: Interest: JoshL, SJ (Cambridge), JamesGrimm<br />
<br />
* Abelson Report ''TL;DR'' (Cambridge). Distillation and restating the Report to the President, such that more people can join in the conversations around the issues specific to MIT. [https://hackpad.com/TL-DR-lSAvXSwRYpH Ongoing project page]<br />
** Timeline visualization is in a state to share (still needs detail added in) : http://prezi.com/9r2agd3u8ule/aaron-swartz-timeline/<br />
<br />
* Getting projects their own articles on Wikipedia<br />
*: James ('''Cambridge''')<br />
<br />
=== Legal Fixes ===<br />
* [[/CFAA|'''Repeal the CFAA''']]: SJ, Andy (Cambridge). The CFAA is broken; noone but prosecutors like it. Building a constructive, normative replacement, and strategies for getting support at all levels: executive, policy, law, prosecution, activists, cyberwar. Cooperating with Aaron's Law and EFF work; but also tackling. <br />
*: Most discussions of "CFAA reform" have been incremental, in a framework of discussing what changes to current law are possible and would help fix recent problems; as opposed to describing why CFAA is broken and what proportionate and moral laws in that space wold look like. <br />
*: We're trying to describe what effective policy would look like, starting from scratch. Policy, Legal, Social, Tech/Security, and Prosecutorial norms which make sense. <br />
*: [[/CFAA|Project details]] and analysis<br />
<br />
* Prosecutorial Overreach/Underreach: The DOJ turns a blind eye to war criminals and Wall St crooks yet throws the book at activists like Aaron. I've registered 14 domains that are variations of the three main prosecutors in Aaron's trail (i.e. carmenortiz.org, stephenheymann.org, etc.) The names Carmen Ortiz and Stephen Heymann are already synonymous with abuse of power. Let's cement that while drawing attention to other activists/whistleblowers who are being prosecuted for non-crimes. While we're at it, let's give prosecutors something useful to do by highlighting well documented but unprosecuted crimes (I'm looking at you John Yoo/Jamie Dimon/James Clapper).<br />
<br />
* Restore the Fourth placeholder. We'll know more closer to the date about which of our projects would benefit the most from this. Options include the various encrpytion/meshnet/other coding aspects, blog posts and other content development, or drafting policy documents and researching for coalition-building.<br />
<br />
=== Privacy and other software tools ===<br />
* Mailpile (brennan, Berlin): https://github.com/pagekite/mailpile<br />
<br />
* Indie Box: Set up our own web applications on cheap Linux devices (like the Raspberry Pi) in our own homes: http://indieboxproject.org/<br />
<br />
* Client-side encryption (Daniel, SF): a library for creating web apps that encrypt user data before sending it to the server. This is an attempt at keeping the convenience of cloud storage while retaining data privacy.<br />
<br />
=== Transparency ===<br />
* '''SecureDrop''' (yan/micah/garrett?/james?, SF, samthetechie, Berlin): a platform for whistleblowers to transfer documents to newspapers directly. See [https://pressfreedomfoundation.org/securedrop Press Freedom page] + [https://github.com/freedomofpress/securedrop GitHub trunk].<br />
*: Our ongoing documentation / q&a site is https://securedrop.hackpad.com. You can also find us on oftc #securedrop-dev.<br />
*: Is there a place for people to publish already? <br />
<br />
* Transparency Toolkit (shidash, ?): Unfortunately Shidash is unavailable, but maybe someone else could do it?<br />
<br />
* Overview Project (Ian, SF): an open-source tool to help journalists (or anyone!) find stories in large sets of documents, by automatically sorting them according to topic and providing a fast visualization and reading interface. It's a way to quickly make sense of huge leaks, FOIA responses, and document dumps using a combination of clever algorithms and human intuition. Remember, transparency is meaningless if nobody's watching. Homepage: http://overview.ap.org/ Source: https://github.com/overview<br />
<br />
=== Activism tools ===<br />
* Taskforce (Sina, SF): https://taskforce.is are a group of developer volunteers working on a range of different activism tools and campaigns, aiming to improve the tools available to citizens and organizations advocating for better technology policy.<br />
** Two projects we'd love to collaborate on are: <br />
*** '''An SMS campaigning tool''' - Similar to MobileCommons, but open source. We have funding from Twilio that will enable this to exist as a "warning broadcast system" for people interested in tech advocacy. How it should work: The system would allow a user to sign up (either via SMS or via a web form) to receive SMS updates about tech advocacy projects. When a user signs up they immediately receive a text confirming their signup, and they can opt out any time. Admins can send messages to all subscribers via an admin interface. <br />
*** '''Crowdsourced anti-apathy platform''' - There's quite a bit of apathy with regards to surveillance in both the tech community and in the general public. We've been brainstorming to try and figure out how we can effectively convince people that it matters. Our best proposal thus far is to create a system to crowdsource the most convincing content, videos, photos and articles from around the web. Users would then be able to upvote the things that they found the most convincing.<br />
**Feel free to hack away. If you have any questions, feel free to email me (Email: [mailto:sina.khanifar@gmail.com], SMS: 949-878-8202). Also see https://github.com/tfrce and https://taskforce.is<br />
<br />
=== Mozilla: Essence ===<br />
* Mozilla is working on many new projects (Webmaker, FirefoxOS, Firefox Accounts, etc) that together are greater than the sum of their parts and will (hopefully) help the web leapfrog traditionally native platforms in ways that restore sovereignty to users. There's but one major thing missing in Mozilla's current tech roadmaps: an approach to wrangling control of personal data across the web back into the hands of users. <br />
* We're proposing to fill this gap with an extensibility model for Mozilla's [https://developer.mozilla.org/en-US/docs/WebAPI WebAPI project] that would enable RESTful API ecosystems to align with Mozilla's user-centric values. We are calling this extensibility model "[https://jwilde.hackpad.com/Essence-Project-Summary-b9vSK8NkuQ9 '''Essence''' (project details)]"<br />
* In nutshell, we are Mozilla volunteers aiming to influence the Firefox development roadmap. To do so, we are building a prototype that demonstrates the UX of Essence that also acts as a forward polyfill for future potential prototypes that can demonstrate the implications of a WebAPI extensibility model for products across Mozilla as well as the API ecosystems across the web.<br />
* Needs: Developers interested in creating Firefox Add-ons, modeling APIs using [http://raml.org/ RAML], or hacking the about:permissions UI in Firefox.</div>192.54.222.3https://wiki.extremist.software/index.php?title=Aaron_projects&diff=35371Aaron projects2013-11-09T22:33:40Z<p>192.54.222.3: /* Essence */</p>
<hr />
<div>==Continued work==<br />
First call is 11/11 at 18:30 EST. worldtimebuddy.com for time translation<br />
: (213) 493-0352 OPEN PIN 38453 <br />
Platform for continued engagement coming soon<br />
<br />
=== TOR ===<br />
* tor2web and jot2tor (virgil, SF)(oliver, BOS) : Tor2web makes it possible for internet users to view content from Tor hidden services. It's online in a (mostly) functioning form at http://tor2web.org . Jot2tor is an extension of this allowing users to use Aaron's jottit.com framework to easily create pages hosted on hidden services. Naturally, pages created via jot2tor are accessible from tor2web. Aaron and I actually worked on both of these projects until his death.<br />
*: OliverDay ('''Cambridge''')<br />
More information about what help we need is at: https://tor.jottit.com<br />
<br />
=== Access ===<br />
* Fork the Law ([[User:Christie|Christie]] ([[User talk:Christie|talk]]), SF) Fork the Law has spent the last few months working out what ordinary people need to know in order to effect legislative change. We're now working on condensing this down to a set of technical design requirements. We'd like to dig into turning the requirements into code, integrating existing open source applications and other services wherever possible. The repository for the development effort is https://github.com/fork-the-law/hancock.<br />
<br />
* [http://freelawproject.org Free Law Project] - non-profit providing free access to primary legal materials, developing legal research tools, and supporting academic research on legal corpora. Creators of CourtListener and Juriscraper. Easiest project for new contributor would be to extend juriscraper to cover another state court website not yet covered. See code on bitbucket.org. <br />
*: Free Law Machine is a virtual machine containing all dev tools and code one needs to get started.<br />
*: See also the "Free the Law" project @ HLS<br />
<br />
* [http://peerlibrary.org/ PeerLibrary] is a new open source project and a service providing collaborative reading, sharing and storing. Users can upload publications they want to read (currently in PDF format), read them in the browser in real-time with others, highlight, annotate and organize their own or collaborative library. PeerLibrary provides a search engine to search over all uploaded open access publications. Additionally, it aims to collaboratively aggregate the open layer of knowledge on top of this publications through public annotations and references user will add to publications. In this way publications would not just be available to read, but accessible to the general public as well. Currently, it is aiming at scientific community and scientific publications, but could be deployed for any other field (a StackExchange-like family is envisioned).<br />
*: [https://github.com/peerlibrary/peerlibrary source code] (build with [http://meteor.com/ Meteor])<br />
*: [https://archive.org/details/PeerLibraryPreview screencast of a prototype]<br />
*: [http://okcon.org/2013/09/12/okcon-2013-guest-post-peerlibrary-open-scientific-knowledge/ OKCon blog post about the ideas behind the project]<br />
*: [https://twitter.com/PeerLibrary @PeerLibrary]<br />
<br />
=== Personal archive ===<br />
*Archiving Aaron's writings (psawaya, '''SF'''). I think it'd be helpful to produce an archive of Aaron's writings, as the formatting on his blog isn't well-organized or good for reading on mobile devices. Some projects might include producing ePub and MOBI versions, organizing and tagging his writing, making it searchable, and perhaps even making it annotatable. It may be possible to build off of [https://github.com/joshleitzel/rawthought this project]. I recall not finding a Creative Commons declaration on Aaron's blog, though this project certainly seems to be in alignment with his ideals. Yan suggested talking about it with Noah Swartz.<br />
*: Interest: JoshL, SJ (Cambridge), JamesGrimm<br />
<br />
* Abelson Report ''TL;DR'' (Cambridge). Distillation and restating the Report to the President, such that more people can join in the conversations around the issues specific to MIT. [https://hackpad.com/TL-DR-lSAvXSwRYpH Ongoing project page]<br />
** Timeline visualization is in a state to share (still needs detail added in) : http://prezi.com/9r2agd3u8ule/aaron-swartz-timeline/<br />
<br />
* Getting projects their own articles on Wikipedia<br />
*: James ('''Cambridge''')<br />
<br />
=== Legal Fixes ===<br />
* [[/CFAA|'''Repeal the CFAA''']]: SJ, Andy (Cambridge). The CFAA is broken; noone but prosecutors like it. Building a constructive, normative replacement, and strategies for getting support at all levels: executive, policy, law, prosecution, activists, cyberwar. Cooperating with Aaron's Law and EFF work; but also tackling. <br />
*: Most discussions of "CFAA reform" have been incremental, in a framework of discussing what changes to current law are possible and would help fix recent problems; as opposed to describing why CFAA is broken and what proportionate and moral laws in that space wold look like. <br />
*: We're trying to describe what effective policy would look like, starting from scratch. Policy, Legal, Social, Tech/Security, and Prosecutorial norms which make sense. <br />
*: [[/CFAA|Project details]] and analysis<br />
<br />
* Prosecutorial Overreach/Underreach: The DOJ turns a blind eye to war criminals and Wall St crooks yet throws the book at activists like Aaron. I've registered 14 domains that are variations of the three main prosecutors in Aaron's trail (i.e. carmenortiz.org, stephenheymann.org, etc.) The names Carmen Ortiz and Stephen Heymann are already synonymous with abuse of power. Let's cement that while drawing attention to other activists/whistleblowers who are being prosecuted for non-crimes. While we're at it, let's give prosecutors something useful to do by highlighting well documented but unprosecuted crimes (I'm looking at you John Yoo/Jamie Dimon/James Clapper).<br />
<br />
* Restore the Fourth placeholder. We'll know more closer to the date about which of our projects would benefit the most from this. Options include the various encrpytion/meshnet/other coding aspects, blog posts and other content development, or drafting policy documents and researching for coalition-building.<br />
<br />
=== Privacy and other software tools ===<br />
* Mailpile (brennan, Berlin): https://github.com/pagekite/mailpile<br />
<br />
* Indie Box: Set up our own web applications on cheap Linux devices (like the Raspberry Pi) in our own homes: http://indieboxproject.org/<br />
<br />
* Client-side encryption (Daniel, SF): a library for creating web apps that encrypt user data before sending it to the server. This is an attempt at keeping the convenience of cloud storage while retaining data privacy.<br />
<br />
=== Transparency ===<br />
* '''SecureDrop''' (yan/micah/garrett?/james?, SF, samthetechie, Berlin): a platform for whistleblowers to transfer documents to newspapers directly. See [https://pressfreedomfoundation.org/securedrop Press Freedom page] + [https://github.com/freedomofpress/securedrop GitHub trunk].<br />
*: Our ongoing documentation / q&a site is https://securedrop.hackpad.com. You can also find us on oftc #securedrop-dev.<br />
*: Is there a place for people to publish already? <br />
<br />
* Transparency Toolkit (shidash, ?): Unfortunately Shidash is unavailable, but maybe someone else could do it?<br />
<br />
* Overview Project (Ian, SF): an open-source tool to help journalists (or anyone!) find stories in large sets of documents, by automatically sorting them according to topic and providing a fast visualization and reading interface. It's a way to quickly make sense of huge leaks, FOIA responses, and document dumps using a combination of clever algorithms and human intuition. Remember, transparency is meaningless if nobody's watching. Homepage: http://overview.ap.org/ Source: https://github.com/overview<br />
<br />
=== Activism tools ===<br />
* Taskforce (Sina, SF): https://taskforce.is are a group of developer volunteers working on a range of different activism tools and campaigns, aiming to improve the tools available to citizens and organizations advocating for better technology policy.<br />
** Two projects we'd love to collaborate on are: <br />
*** '''An SMS campaigning tool''' - Similar to MobileCommons, but open source. We have funding from Twilio that will enable this to exist as a "warning broadcast system" for people interested in tech advocacy. How it should work: The system would allow a user to sign up (either via SMS or via a web form) to receive SMS updates about tech advocacy projects. When a user signs up they immediately receive a text confirming their signup, and they can opt out any time. Admins can send messages to all subscribers via an admin interface. <br />
*** '''Crowdsourced anti-apathy platform''' - There's quite a bit of apathy with regards to surveillance in both the tech community and in the general public. We've been brainstorming to try and figure out how we can effectively convince people that it matters. Our best proposal thus far is to create a system to crowdsource the most convincing content, videos, photos and articles from around the web. Users would then be able to upvote the things that they found the most convincing.<br />
**Feel free to hack away. If you have any questions, feel free to email me (Email: [mailto:sina.khanifar@gmail.com], SMS: 949-878-8202). Also see https://github.com/tfrce and https://taskforce.is<br />
<br />
=== Essence ===<br />
* Mozilla is working on many new projects (Webmaker, FirefoxOS, Firefox Accounts, etc) that together are greater than the sum of their parts and will (hopefully) help the web leapfrog traditionally native platforms in ways that restore sovereignty to users. There's but one major thing missing in Mozilla's current tech roadmaps: an approach to wrangling control of personal data across the web back into the hands of users. <br />
* We're proposing to fill this gap with an extensibility model for Mozilla's [https://developer.mozilla.org/en-US/docs/WebAPI WebAPI project] that would enable RESTful API ecosystems to align with Mozilla's user-centric values. We are calling this extensibility model "[https://jwilde.hackpad.com/Essence-Project-Summary-b9vSK8NkuQ9 '''Essence''' (project details)]"<br />
* In nutshell, we are Mozilla volunteers aiming to influence the Firefox development roadmap. To do so, we are building a prototype that demonstrates the UX of Essence that also acts as a forward polyfill for future potential prototypes that can demonstrate the implications of a WebAPI extensibility model for products across Mozilla as well as the API ecosystems across the web.<br />
* Needs: Developers interested in creating Firefox Add-ons, modeling APIs using [http://raml.org/ RAML], or hacking the about:permissions UI in Firefox.</div>192.54.222.3https://wiki.extremist.software/index.php?title=Aaron_projects&diff=35370Aaron projects2013-11-09T22:33:26Z<p>192.54.222.3: /* Essence */</p>
<hr />
<div>==Continued work==<br />
First call is 11/11 at 18:30 EST. worldtimebuddy.com for time translation<br />
: (213) 493-0352 OPEN PIN 38453 <br />
Platform for continued engagement coming soon<br />
<br />
=== TOR ===<br />
* tor2web and jot2tor (virgil, SF)(oliver, BOS) : Tor2web makes it possible for internet users to view content from Tor hidden services. It's online in a (mostly) functioning form at http://tor2web.org . Jot2tor is an extension of this allowing users to use Aaron's jottit.com framework to easily create pages hosted on hidden services. Naturally, pages created via jot2tor are accessible from tor2web. Aaron and I actually worked on both of these projects until his death.<br />
*: OliverDay ('''Cambridge''')<br />
More information about what help we need is at: https://tor.jottit.com<br />
<br />
=== Access ===<br />
* Fork the Law ([[User:Christie|Christie]] ([[User talk:Christie|talk]]), SF) Fork the Law has spent the last few months working out what ordinary people need to know in order to effect legislative change. We're now working on condensing this down to a set of technical design requirements. We'd like to dig into turning the requirements into code, integrating existing open source applications and other services wherever possible. The repository for the development effort is https://github.com/fork-the-law/hancock.<br />
<br />
* [http://freelawproject.org Free Law Project] - non-profit providing free access to primary legal materials, developing legal research tools, and supporting academic research on legal corpora. Creators of CourtListener and Juriscraper. Easiest project for new contributor would be to extend juriscraper to cover another state court website not yet covered. See code on bitbucket.org. <br />
*: Free Law Machine is a virtual machine containing all dev tools and code one needs to get started.<br />
*: See also the "Free the Law" project @ HLS<br />
<br />
* [http://peerlibrary.org/ PeerLibrary] is a new open source project and a service providing collaborative reading, sharing and storing. Users can upload publications they want to read (currently in PDF format), read them in the browser in real-time with others, highlight, annotate and organize their own or collaborative library. PeerLibrary provides a search engine to search over all uploaded open access publications. Additionally, it aims to collaboratively aggregate the open layer of knowledge on top of this publications through public annotations and references user will add to publications. In this way publications would not just be available to read, but accessible to the general public as well. Currently, it is aiming at scientific community and scientific publications, but could be deployed for any other field (a StackExchange-like family is envisioned).<br />
*: [https://github.com/peerlibrary/peerlibrary source code] (build with [http://meteor.com/ Meteor])<br />
*: [https://archive.org/details/PeerLibraryPreview screencast of a prototype]<br />
*: [http://okcon.org/2013/09/12/okcon-2013-guest-post-peerlibrary-open-scientific-knowledge/ OKCon blog post about the ideas behind the project]<br />
*: [https://twitter.com/PeerLibrary @PeerLibrary]<br />
<br />
=== Personal archive ===<br />
*Archiving Aaron's writings (psawaya, '''SF'''). I think it'd be helpful to produce an archive of Aaron's writings, as the formatting on his blog isn't well-organized or good for reading on mobile devices. Some projects might include producing ePub and MOBI versions, organizing and tagging his writing, making it searchable, and perhaps even making it annotatable. It may be possible to build off of [https://github.com/joshleitzel/rawthought this project]. I recall not finding a Creative Commons declaration on Aaron's blog, though this project certainly seems to be in alignment with his ideals. Yan suggested talking about it with Noah Swartz.<br />
*: Interest: JoshL, SJ (Cambridge), JamesGrimm<br />
<br />
* Abelson Report ''TL;DR'' (Cambridge). Distillation and restating the Report to the President, such that more people can join in the conversations around the issues specific to MIT. [https://hackpad.com/TL-DR-lSAvXSwRYpH Ongoing project page]<br />
** Timeline visualization is in a state to share (still needs detail added in) : http://prezi.com/9r2agd3u8ule/aaron-swartz-timeline/<br />
<br />
* Getting projects their own articles on Wikipedia<br />
*: James ('''Cambridge''')<br />
<br />
=== Legal Fixes ===<br />
* [[/CFAA|'''Repeal the CFAA''']]: SJ, Andy (Cambridge). The CFAA is broken; noone but prosecutors like it. Building a constructive, normative replacement, and strategies for getting support at all levels: executive, policy, law, prosecution, activists, cyberwar. Cooperating with Aaron's Law and EFF work; but also tackling. <br />
*: Most discussions of "CFAA reform" have been incremental, in a framework of discussing what changes to current law are possible and would help fix recent problems; as opposed to describing why CFAA is broken and what proportionate and moral laws in that space wold look like. <br />
*: We're trying to describe what effective policy would look like, starting from scratch. Policy, Legal, Social, Tech/Security, and Prosecutorial norms which make sense. <br />
*: [[/CFAA|Project details]] and analysis<br />
<br />
* Prosecutorial Overreach/Underreach: The DOJ turns a blind eye to war criminals and Wall St crooks yet throws the book at activists like Aaron. I've registered 14 domains that are variations of the three main prosecutors in Aaron's trail (i.e. carmenortiz.org, stephenheymann.org, etc.) The names Carmen Ortiz and Stephen Heymann are already synonymous with abuse of power. Let's cement that while drawing attention to other activists/whistleblowers who are being prosecuted for non-crimes. While we're at it, let's give prosecutors something useful to do by highlighting well documented but unprosecuted crimes (I'm looking at you John Yoo/Jamie Dimon/James Clapper).<br />
<br />
* Restore the Fourth placeholder. We'll know more closer to the date about which of our projects would benefit the most from this. Options include the various encrpytion/meshnet/other coding aspects, blog posts and other content development, or drafting policy documents and researching for coalition-building.<br />
<br />
=== Privacy and other software tools ===<br />
* Mailpile (brennan, Berlin): https://github.com/pagekite/mailpile<br />
<br />
* Indie Box: Set up our own web applications on cheap Linux devices (like the Raspberry Pi) in our own homes: http://indieboxproject.org/<br />
<br />
* Client-side encryption (Daniel, SF): a library for creating web apps that encrypt user data before sending it to the server. This is an attempt at keeping the convenience of cloud storage while retaining data privacy.<br />
<br />
=== Transparency ===<br />
* '''SecureDrop''' (yan/micah/garrett?/james?, SF, samthetechie, Berlin): a platform for whistleblowers to transfer documents to newspapers directly. See [https://pressfreedomfoundation.org/securedrop Press Freedom page] + [https://github.com/freedomofpress/securedrop GitHub trunk].<br />
*: Our ongoing documentation / q&a site is https://securedrop.hackpad.com. You can also find us on oftc #securedrop-dev.<br />
*: Is there a place for people to publish already? <br />
<br />
* Transparency Toolkit (shidash, ?): Unfortunately Shidash is unavailable, but maybe someone else could do it?<br />
<br />
* Overview Project (Ian, SF): an open-source tool to help journalists (or anyone!) find stories in large sets of documents, by automatically sorting them according to topic and providing a fast visualization and reading interface. It's a way to quickly make sense of huge leaks, FOIA responses, and document dumps using a combination of clever algorithms and human intuition. Remember, transparency is meaningless if nobody's watching. Homepage: http://overview.ap.org/ Source: https://github.com/overview<br />
<br />
=== Activism tools ===<br />
* Taskforce (Sina, SF): https://taskforce.is are a group of developer volunteers working on a range of different activism tools and campaigns, aiming to improve the tools available to citizens and organizations advocating for better technology policy.<br />
** Two projects we'd love to collaborate on are: <br />
*** '''An SMS campaigning tool''' - Similar to MobileCommons, but open source. We have funding from Twilio that will enable this to exist as a "warning broadcast system" for people interested in tech advocacy. How it should work: The system would allow a user to sign up (either via SMS or via a web form) to receive SMS updates about tech advocacy projects. When a user signs up they immediately receive a text confirming their signup, and they can opt out any time. Admins can send messages to all subscribers via an admin interface. <br />
*** '''Crowdsourced anti-apathy platform''' - There's quite a bit of apathy with regards to surveillance in both the tech community and in the general public. We've been brainstorming to try and figure out how we can effectively convince people that it matters. Our best proposal thus far is to create a system to crowdsource the most convincing content, videos, photos and articles from around the web. Users would then be able to upvote the things that they found the most convincing.<br />
**Feel free to hack away. If you have any questions, feel free to email me (Email: [mailto:sina.khanifar@gmail.com], SMS: 949-878-8202). Also see https://github.com/tfrce and https://taskforce.is<br />
<br />
=== Essence ===<br />
* Mozilla is working on many new projects (Webmaker, FirefoxOS, Firefox Accounts, etc) that together are greater than the sum of their parts and will (hopefully) help the web leapfrog traditionally native platforms in ways that restore sovereignty to users. There's but one major thing missing in Mozilla's current tech roadmaps: an approach to wrangling control of personal data across the web back into the hands of users. <br />
* We're proposing to fill this gap with an extensibility model for Mozilla's [https://developer.mozilla.org/en-US/docs/WebAPI WebAPI project] that would enable RESTful API ecosystems to align with Mozilla's user-centric values. We are calling this extensibility model "[https://jwilde.hackpad.com/Essence-Project-Summary-b9vSK8NkuQ9 '''Essence''' (project details)]"<br />
* In nutshell, we are Mozilla volunteers aiming to influence the Firefox development roadmap. To do so, we are building a prototype that demonstrates the UX of Essence that also acts as a forward polyfill for future potential prototypes that can demonstrate the implications of a WebAPI extensibility model for products across Mozilla as well as the API ecosystems across the web.<br />
* Needs: Developers interested in creating Firefox Add-ons, modeling APIs using [http://raml.org/ RAML], or hacking the about:permissions UI in Firefox.<br />
* For more information:</div>192.54.222.3https://wiki.extremist.software/index.php?title=Aaron_projects&diff=35369Aaron projects2013-11-09T22:32:01Z<p>192.54.222.3: /* Transparency */</p>
<hr />
<div>==Continued work==<br />
First call is 11/11 at 18:30 EST. worldtimebuddy.com for time translation<br />
: (213) 493-0352 OPEN PIN 38453 <br />
Platform for continued engagement coming soon<br />
<br />
=== TOR ===<br />
* tor2web and jot2tor (virgil, SF)(oliver, BOS) : Tor2web makes it possible for internet users to view content from Tor hidden services. It's online in a (mostly) functioning form at http://tor2web.org . Jot2tor is an extension of this allowing users to use Aaron's jottit.com framework to easily create pages hosted on hidden services. Naturally, pages created via jot2tor are accessible from tor2web. Aaron and I actually worked on both of these projects until his death.<br />
*: OliverDay ('''Cambridge''')<br />
More information about what help we need is at: https://tor.jottit.com<br />
<br />
=== Access ===<br />
* Fork the Law ([[User:Christie|Christie]] ([[User talk:Christie|talk]]), SF) Fork the Law has spent the last few months working out what ordinary people need to know in order to effect legislative change. We're now working on condensing this down to a set of technical design requirements. We'd like to dig into turning the requirements into code, integrating existing open source applications and other services wherever possible. The repository for the development effort is https://github.com/fork-the-law/hancock.<br />
<br />
* [http://freelawproject.org Free Law Project] - non-profit providing free access to primary legal materials, developing legal research tools, and supporting academic research on legal corpora. Creators of CourtListener and Juriscraper. Easiest project for new contributor would be to extend juriscraper to cover another state court website not yet covered. See code on bitbucket.org. <br />
*: Free Law Machine is a virtual machine containing all dev tools and code one needs to get started.<br />
*: See also the "Free the Law" project @ HLS<br />
<br />
* [http://peerlibrary.org/ PeerLibrary] is a new open source project and a service providing collaborative reading, sharing and storing. Users can upload publications they want to read (currently in PDF format), read them in the browser in real-time with others, highlight, annotate and organize their own or collaborative library. PeerLibrary provides a search engine to search over all uploaded open access publications. Additionally, it aims to collaboratively aggregate the open layer of knowledge on top of this publications through public annotations and references user will add to publications. In this way publications would not just be available to read, but accessible to the general public as well. Currently, it is aiming at scientific community and scientific publications, but could be deployed for any other field (a StackExchange-like family is envisioned).<br />
*: [https://github.com/peerlibrary/peerlibrary source code] (build with [http://meteor.com/ Meteor])<br />
*: [https://archive.org/details/PeerLibraryPreview screencast of a prototype]<br />
*: [http://okcon.org/2013/09/12/okcon-2013-guest-post-peerlibrary-open-scientific-knowledge/ OKCon blog post about the ideas behind the project]<br />
*: [https://twitter.com/PeerLibrary @PeerLibrary]<br />
<br />
=== Personal archive ===<br />
*Archiving Aaron's writings (psawaya, '''SF'''). I think it'd be helpful to produce an archive of Aaron's writings, as the formatting on his blog isn't well-organized or good for reading on mobile devices. Some projects might include producing ePub and MOBI versions, organizing and tagging his writing, making it searchable, and perhaps even making it annotatable. It may be possible to build off of [https://github.com/joshleitzel/rawthought this project]. I recall not finding a Creative Commons declaration on Aaron's blog, though this project certainly seems to be in alignment with his ideals. Yan suggested talking about it with Noah Swartz.<br />
*: Interest: JoshL, SJ (Cambridge), JamesGrimm<br />
<br />
* Abelson Report ''TL;DR'' (Cambridge). Distillation and restating the Report to the President, such that more people can join in the conversations around the issues specific to MIT. [https://hackpad.com/TL-DR-lSAvXSwRYpH Ongoing project page]<br />
** Timeline visualization is in a state to share (still needs detail added in) : http://prezi.com/9r2agd3u8ule/aaron-swartz-timeline/<br />
<br />
* Getting projects their own articles on Wikipedia<br />
*: James ('''Cambridge''')<br />
<br />
=== Legal Fixes ===<br />
* [[/CFAA|'''Repeal the CFAA''']]: SJ, Andy (Cambridge). The CFAA is broken; noone but prosecutors like it. Building a constructive, normative replacement, and strategies for getting support at all levels: executive, policy, law, prosecution, activists, cyberwar. Cooperating with Aaron's Law and EFF work; but also tackling. <br />
*: Most discussions of "CFAA reform" have been incremental, in a framework of discussing what changes to current law are possible and would help fix recent problems; as opposed to describing why CFAA is broken and what proportionate and moral laws in that space wold look like. <br />
*: We're trying to describe what effective policy would look like, starting from scratch. Policy, Legal, Social, Tech/Security, and Prosecutorial norms which make sense. <br />
*: [[/CFAA|Project details]] and analysis<br />
<br />
* Prosecutorial Overreach/Underreach: The DOJ turns a blind eye to war criminals and Wall St crooks yet throws the book at activists like Aaron. I've registered 14 domains that are variations of the three main prosecutors in Aaron's trail (i.e. carmenortiz.org, stephenheymann.org, etc.) The names Carmen Ortiz and Stephen Heymann are already synonymous with abuse of power. Let's cement that while drawing attention to other activists/whistleblowers who are being prosecuted for non-crimes. While we're at it, let's give prosecutors something useful to do by highlighting well documented but unprosecuted crimes (I'm looking at you John Yoo/Jamie Dimon/James Clapper).<br />
<br />
* Restore the Fourth placeholder. We'll know more closer to the date about which of our projects would benefit the most from this. Options include the various encrpytion/meshnet/other coding aspects, blog posts and other content development, or drafting policy documents and researching for coalition-building.<br />
<br />
=== Privacy and other software tools ===<br />
* Mailpile (brennan, Berlin): https://github.com/pagekite/mailpile<br />
<br />
* Indie Box: Set up our own web applications on cheap Linux devices (like the Raspberry Pi) in our own homes: http://indieboxproject.org/<br />
<br />
* Client-side encryption (Daniel, SF): a library for creating web apps that encrypt user data before sending it to the server. This is an attempt at keeping the convenience of cloud storage while retaining data privacy.<br />
<br />
=== Transparency ===<br />
* '''SecureDrop''' (yan/micah/garrett?/james?, SF, samthetechie, Berlin): a platform for whistleblowers to transfer documents to newspapers directly. See [https://pressfreedomfoundation.org/securedrop Press Freedom page] + [https://github.com/freedomofpress/securedrop GitHub trunk].<br />
*: Our ongoing documentation / q&a site is https://securedrop.hackpad.com. You can also find us on oftc #securedrop-dev.<br />
*: Is there a place for people to publish already? <br />
<br />
* Transparency Toolkit (shidash, ?): Unfortunately Shidash is unavailable, but maybe someone else could do it?<br />
<br />
* Overview Project (Ian, SF): an open-source tool to help journalists (or anyone!) find stories in large sets of documents, by automatically sorting them according to topic and providing a fast visualization and reading interface. It's a way to quickly make sense of huge leaks, FOIA responses, and document dumps using a combination of clever algorithms and human intuition. Remember, transparency is meaningless if nobody's watching. Homepage: http://overview.ap.org/ Source: https://github.com/overview<br />
<br />
=== Activism tools ===<br />
* Taskforce (Sina, SF): https://taskforce.is are a group of developer volunteers working on a range of different activism tools and campaigns, aiming to improve the tools available to citizens and organizations advocating for better technology policy.<br />
** Two projects we'd love to collaborate on are: <br />
*** '''An SMS campaigning tool''' - Similar to MobileCommons, but open source. We have funding from Twilio that will enable this to exist as a "warning broadcast system" for people interested in tech advocacy. How it should work: The system would allow a user to sign up (either via SMS or via a web form) to receive SMS updates about tech advocacy projects. When a user signs up they immediately receive a text confirming their signup, and they can opt out any time. Admins can send messages to all subscribers via an admin interface. <br />
*** '''Crowdsourced anti-apathy platform''' - There's quite a bit of apathy with regards to surveillance in both the tech community and in the general public. We've been brainstorming to try and figure out how we can effectively convince people that it matters. Our best proposal thus far is to create a system to crowdsource the most convincing content, videos, photos and articles from around the web. Users would then be able to upvote the things that they found the most convincing.<br />
**Feel free to hack away. If you have any questions, feel free to email me (Email: [mailto:sina.khanifar@gmail.com], SMS: 949-878-8202). Also see https://github.com/tfrce and https://taskforce.is<br />
<br />
=== Essence ===<br />
* Mozilla is working on a number of awesome new projects (Webmaker, FirefoxOS, Firefox Accounts, etc) that together are greater than the sum of their parts and will (hopefully) help the web leapfrog traditionally native platforms in ways that restore sovereignty to users!<br />
* There's but one major thing missing in Mozilla's current tech roadmaps: an approach to wrangling control of personal data across the web back into the hands of users. <br />
* We're looking to fill this strategic gap by proposing an extensibility model for Mozilla's [https://developer.mozilla.org/en-US/docs/WebAPI WebAPI project] that would enable RESTful API ecosystems to align with Mozilla's user-centric values. We are calling this extensibility model 'Essence'<br />
* In nutshell, we are Mozilla volunteers aiming to influence the Firefox development roadmap. To do so, we are building a prototype that demonstrates the UX of Essence that also acts as a forward polyfill for future potential prototypes that can demonstrate the implications of a WebAPI extensibility model for products across Mozilla as well as the API ecosystems across the web.<br />
* Needs: Developers interested in creating Firefox Add-ons, modeling APIs using [http://raml.org/ RAML], or hacking the about:permissions UI in Firefox.<br />
* For more information: https://jwilde.hackpad.com/Essence-Project-Summary-b9vSK8NkuQ9</div>192.54.222.3https://wiki.extremist.software/index.php?title=Aaron_projects&diff=35368Aaron projects2013-11-09T22:31:47Z<p>192.54.222.3: /* Transparency */</p>
<hr />
<div>==Continued work==<br />
First call is 11/11 at 18:30 EST. worldtimebuddy.com for time translation<br />
: (213) 493-0352 OPEN PIN 38453 <br />
Platform for continued engagement coming soon<br />
<br />
=== TOR ===<br />
* tor2web and jot2tor (virgil, SF)(oliver, BOS) : Tor2web makes it possible for internet users to view content from Tor hidden services. It's online in a (mostly) functioning form at http://tor2web.org . Jot2tor is an extension of this allowing users to use Aaron's jottit.com framework to easily create pages hosted on hidden services. Naturally, pages created via jot2tor are accessible from tor2web. Aaron and I actually worked on both of these projects until his death.<br />
*: OliverDay ('''Cambridge''')<br />
More information about what help we need is at: https://tor.jottit.com<br />
<br />
=== Access ===<br />
* Fork the Law ([[User:Christie|Christie]] ([[User talk:Christie|talk]]), SF) Fork the Law has spent the last few months working out what ordinary people need to know in order to effect legislative change. We're now working on condensing this down to a set of technical design requirements. We'd like to dig into turning the requirements into code, integrating existing open source applications and other services wherever possible. The repository for the development effort is https://github.com/fork-the-law/hancock.<br />
<br />
* [http://freelawproject.org Free Law Project] - non-profit providing free access to primary legal materials, developing legal research tools, and supporting academic research on legal corpora. Creators of CourtListener and Juriscraper. Easiest project for new contributor would be to extend juriscraper to cover another state court website not yet covered. See code on bitbucket.org. <br />
*: Free Law Machine is a virtual machine containing all dev tools and code one needs to get started.<br />
*: See also the "Free the Law" project @ HLS<br />
<br />
* [http://peerlibrary.org/ PeerLibrary] is a new open source project and a service providing collaborative reading, sharing and storing. Users can upload publications they want to read (currently in PDF format), read them in the browser in real-time with others, highlight, annotate and organize their own or collaborative library. PeerLibrary provides a search engine to search over all uploaded open access publications. Additionally, it aims to collaboratively aggregate the open layer of knowledge on top of this publications through public annotations and references user will add to publications. In this way publications would not just be available to read, but accessible to the general public as well. Currently, it is aiming at scientific community and scientific publications, but could be deployed for any other field (a StackExchange-like family is envisioned).<br />
*: [https://github.com/peerlibrary/peerlibrary source code] (build with [http://meteor.com/ Meteor])<br />
*: [https://archive.org/details/PeerLibraryPreview screencast of a prototype]<br />
*: [http://okcon.org/2013/09/12/okcon-2013-guest-post-peerlibrary-open-scientific-knowledge/ OKCon blog post about the ideas behind the project]<br />
*: [https://twitter.com/PeerLibrary @PeerLibrary]<br />
<br />
=== Personal archive ===<br />
*Archiving Aaron's writings (psawaya, '''SF'''). I think it'd be helpful to produce an archive of Aaron's writings, as the formatting on his blog isn't well-organized or good for reading on mobile devices. Some projects might include producing ePub and MOBI versions, organizing and tagging his writing, making it searchable, and perhaps even making it annotatable. It may be possible to build off of [https://github.com/joshleitzel/rawthought this project]. I recall not finding a Creative Commons declaration on Aaron's blog, though this project certainly seems to be in alignment with his ideals. Yan suggested talking about it with Noah Swartz.<br />
*: Interest: JoshL, SJ (Cambridge), JamesGrimm<br />
<br />
* Abelson Report ''TL;DR'' (Cambridge). Distillation and restating the Report to the President, such that more people can join in the conversations around the issues specific to MIT. [https://hackpad.com/TL-DR-lSAvXSwRYpH Ongoing project page]<br />
** Timeline visualization is in a state to share (still needs detail added in) : http://prezi.com/9r2agd3u8ule/aaron-swartz-timeline/<br />
<br />
* Getting projects their own articles on Wikipedia<br />
*: James ('''Cambridge''')<br />
<br />
=== Legal Fixes ===<br />
* [[/CFAA|'''Repeal the CFAA''']]: SJ, Andy (Cambridge). The CFAA is broken; noone but prosecutors like it. Building a constructive, normative replacement, and strategies for getting support at all levels: executive, policy, law, prosecution, activists, cyberwar. Cooperating with Aaron's Law and EFF work; but also tackling. <br />
*: Most discussions of "CFAA reform" have been incremental, in a framework of discussing what changes to current law are possible and would help fix recent problems; as opposed to describing why CFAA is broken and what proportionate and moral laws in that space wold look like. <br />
*: We're trying to describe what effective policy would look like, starting from scratch. Policy, Legal, Social, Tech/Security, and Prosecutorial norms which make sense. <br />
*: [[/CFAA|Project details]] and analysis<br />
<br />
* Prosecutorial Overreach/Underreach: The DOJ turns a blind eye to war criminals and Wall St crooks yet throws the book at activists like Aaron. I've registered 14 domains that are variations of the three main prosecutors in Aaron's trail (i.e. carmenortiz.org, stephenheymann.org, etc.) The names Carmen Ortiz and Stephen Heymann are already synonymous with abuse of power. Let's cement that while drawing attention to other activists/whistleblowers who are being prosecuted for non-crimes. While we're at it, let's give prosecutors something useful to do by highlighting well documented but unprosecuted crimes (I'm looking at you John Yoo/Jamie Dimon/James Clapper).<br />
<br />
* Restore the Fourth placeholder. We'll know more closer to the date about which of our projects would benefit the most from this. Options include the various encrpytion/meshnet/other coding aspects, blog posts and other content development, or drafting policy documents and researching for coalition-building.<br />
<br />
=== Privacy and other software tools ===<br />
* Mailpile (brennan, Berlin): https://github.com/pagekite/mailpile<br />
<br />
* Indie Box: Set up our own web applications on cheap Linux devices (like the Raspberry Pi) in our own homes: http://indieboxproject.org/<br />
<br />
* Client-side encryption (Daniel, SF): a library for creating web apps that encrypt user data before sending it to the server. This is an attempt at keeping the convenience of cloud storage while retaining data privacy.<br />
<br />
=== Transparency ===<br />
* SecureDrop (yan/micah/garrett?/james?, SF, samthetechie, Berlin): a platform for whistleblowers to transfer documents to newspapers directly. See [https://pressfreedomfoundation.org/securedrop Press Freedom page] + [https://github.com/freedomofpress/securedrop GitHub trunk].<br />
*: Our ongoing documentation / q&a site is https://securedrop.hackpad.com. You can also find us on oftc #securedrop-dev.<br />
*: Is there a place for people to publish already? <br />
<br />
* Transparency Toolkit (shidash, ?): Unfortunately Shidash is unavailable, but maybe someone else could do it?<br />
<br />
* Overview Project (Ian, SF): an open-source tool to help journalists (or anyone!) find stories in large sets of documents, by automatically sorting them according to topic and providing a fast visualization and reading interface. It's a way to quickly make sense of huge leaks, FOIA responses, and document dumps using a combination of clever algorithms and human intuition. Remember, transparency is meaningless if nobody's watching. Homepage: http://overview.ap.org/ Source: https://github.com/overview<br />
<br />
=== Activism tools ===<br />
* Taskforce (Sina, SF): https://taskforce.is are a group of developer volunteers working on a range of different activism tools and campaigns, aiming to improve the tools available to citizens and organizations advocating for better technology policy.<br />
** Two projects we'd love to collaborate on are: <br />
*** '''An SMS campaigning tool''' - Similar to MobileCommons, but open source. We have funding from Twilio that will enable this to exist as a "warning broadcast system" for people interested in tech advocacy. How it should work: The system would allow a user to sign up (either via SMS or via a web form) to receive SMS updates about tech advocacy projects. When a user signs up they immediately receive a text confirming their signup, and they can opt out any time. Admins can send messages to all subscribers via an admin interface. <br />
*** '''Crowdsourced anti-apathy platform''' - There's quite a bit of apathy with regards to surveillance in both the tech community and in the general public. We've been brainstorming to try and figure out how we can effectively convince people that it matters. Our best proposal thus far is to create a system to crowdsource the most convincing content, videos, photos and articles from around the web. Users would then be able to upvote the things that they found the most convincing.<br />
**Feel free to hack away. If you have any questions, feel free to email me (Email: [mailto:sina.khanifar@gmail.com], SMS: 949-878-8202). Also see https://github.com/tfrce and https://taskforce.is<br />
<br />
=== Essence ===<br />
* Mozilla is working on a number of awesome new projects (Webmaker, FirefoxOS, Firefox Accounts, etc) that together are greater than the sum of their parts and will (hopefully) help the web leapfrog traditionally native platforms in ways that restore sovereignty to users!<br />
* There's but one major thing missing in Mozilla's current tech roadmaps: an approach to wrangling control of personal data across the web back into the hands of users. <br />
* We're looking to fill this strategic gap by proposing an extensibility model for Mozilla's [https://developer.mozilla.org/en-US/docs/WebAPI WebAPI project] that would enable RESTful API ecosystems to align with Mozilla's user-centric values. We are calling this extensibility model 'Essence'<br />
* In nutshell, we are Mozilla volunteers aiming to influence the Firefox development roadmap. To do so, we are building a prototype that demonstrates the UX of Essence that also acts as a forward polyfill for future potential prototypes that can demonstrate the implications of a WebAPI extensibility model for products across Mozilla as well as the API ecosystems across the web.<br />
* Needs: Developers interested in creating Firefox Add-ons, modeling APIs using [http://raml.org/ RAML], or hacking the about:permissions UI in Firefox.<br />
* For more information: https://jwilde.hackpad.com/Essence-Project-Summary-b9vSK8NkuQ9</div>192.54.222.3https://wiki.extremist.software/index.php?title=Aaron_projects/CFAA&diff=35352Aaron projects/CFAA2013-11-09T21:25:13Z<p>192.54.222.3: .</p>
<hr />
<div><center>''Work in progress; please link to other work here'' <br/> <br />
[https://pad.textb.org/p/CFAA '''Draft of Principles'''] being edited online <br/> <br />
Draft outline of replacement law underway</center><br />
<br />
;Goal: Let's prepare for a full repeal of the CFAA and replacement with sane law. <br />
;Questions: How would we construct good law in these areas, from scratch? <br />
: How do different areas of law, policy, and internet governance view the law and its impact? <br />
: What would it take to generate support for a [repeal + replace] action, in each area? <br />
: What are the professional and philosophical circles for each of these areas, where these issues are discussed? <br />
<br />
== Overview ==<br />
The CFAA was developed over time as a merger of ~7 different areas of law. It has developed in an aggregate way, and few groups are happy with the current law. It is so broad that prosecutors like it because they can use it to force plea bargains, since it applies to almost everything in its sphere of action (relying on prosecutorial judgement).<br />
<br />
Different parts of the story: National defense, cyber war, data sec, corporate law, contracts online. Authorization based on code, contract, social norms. Legal frameworks used to push political means. Career standards for prosecutors defined in political ways. <br />
<br />
=== Background ===<br />
; Aaron's Law<br />
* [http://www.dmlp.org/blog/2013/impact-aarons-law-aaron-swartzs-case Analysis from January], [https://www.eff.org/document/eff-cfaa-improvements EFF suggested changes] <br />
*[http://www.slate.com/blogs/crime/2013/06/20/aaron_s_law_zoe_lofgren_s_new_bill_would_help_reform_the_cfaa_will_congress.html June update via Lofgren], [https://www.eff.org/deeplinks/2013/07/critics-aarons-law-emerge-agree-statute-has-problems July update via Wyden]<br />
* [https://action.eff.org/o/9042/p/dia/action/public/?action_KEY=9005 EFF action page] - '''send a letter''' to your senators<br />
<br />
; Govtrack updates<br />
* [https://www.govtrack.us/congress/bills/113/hr2454#overview H.R. 2454] (Lofgren bill; referred to House Judiciary subcommittee on Crime, Terrorism, Homeland Security, and Investigations)<br />
* [https://www.govtrack.us/congress/bills/113/s1196#overview S. 1196] (Wyden bill; referred to Senate Judiciary)<br />
* [https://www.govtrack.us/congress/bills/113/hr2077 H.R. 2077] (Perlmutter bill; referred to House Judiciary subcommittee on Crime, Terrorism, Homeland Security, and Investigations)<br />
* [https://www.govtrack.us/congress/bills/113/s1426 S. 1426] (Blumenthal bill; referred to Senate Health, Education, Labor, and Pensions Committee)<br />
<br />
=== Comparative Law ===<br />
<br />
== Details ==<br />
;Aspects of the search: <br />
* "Advanced technical crime" -- The deployment of the SS was a bit peculiar; but they were the only fed. agents trained in what they were looking for.<br />
<br />
;Civil rights concerns<br />
* Part of the prosecution that was particularly troubling: at one point in the invest., it felt that they were keeping the prosecution going b/c they'd spent so much time bringing it along. There was no will from victims to keep it going, and not necc. any other desire, but the prosecutors for their own reason wanted conclusion. <br />
*: Suggestion: ''employ economists to remind people of sunk costs''<br />
<br />
;Three levels of problem<br />
* Occlusion of different agendas and sets of laws<br />
*: Compare pre-computer to post-computer laws for identical crimes.<br />
* Problems with prosecution as it happens today<br />
*: Motivations for initiating/closing cases<br />
* The nature of CFAA as it's been employed<br />
*: Failure of proportionality<br />
<br />
=== Legal elements ===<br />
There are 7 planks to [http://www.law.cornell.edu/uscode/text/18/1030 18 U.S.C. § 1030]<br />
<br />
# Knowingly accessing a computer without access or exceeding access, and obtaining security, foreign relations, atomic info<br />
#: rarely used, as it is substantively overlapped by other ares<br />
# Intentionally accessing a computer without access or exceeding access, and in so doing obtaining "information," financial records, or U.S. government info.<br />
#: the biggest and most frequently used for access-and-downloading type offenses<br />
# Accessing without authorization (not "exceeding") a US government owned or controlled computer<br />
# Equivalent to the statute on [http://www.law.cornell.edu/uscode/text/18/1343 wire fraud], but replacing "wire" with "computer" and tweaking the details <br />
#: Overlap with WFA, rather irrelevant in current environs<br />
# Computer damage<br />
#: three separate crimes ("damage" = impairment to integrity and availability of data; "loss" = reasonable cost of responding to offense, including costs of damage assessment)<br />
#:: knowingly cause transmission of program and intentionally cause damage<br />
#:: intentionally access a computer and as a result recklessly cause damage<br />
#:: intentionally access a computer and as a result cause damage and "loss" <br />
# Password Trafficking <br />
# Extortion through use of computer<br />
<br />
== Guiding principles ==<br />
: compare [https://necessaryandproportionate.org/text Necessary and Proportionate] principles<br />
<br />
What substantive things should be in a rational computer crime law? <br />
<br />
=== Positive principles ===<br />
(''see the draft'')<br />
<br />
; Parallelism with non-computer crime law<br />
<br />
; Proportionate punishment<br />
<br />
<br />
=== Negative principles ===<br />
; Avoid confusion/overlap between different parts of the government : in terms of means and ways<br />
* b/t different parts of the government<br />
* b/t different phil and pol goals<br />
* b/t social-good and infosec goals<br />
<br />
=== Points of consensus ===<br />
Based on conversations with folks at the '''Cambridge/Boston''' hack, these principles emerged as points of agreement. Other groups feel free to chime in as well.<br />
<br />
==== Reasonable defenses ====<br />
* '''Scope should be limited''' - the law should not run to the boundary of what we find ethical or moral. We want people to have freedom to "mess around" with the web (perhaps with some negligence-based liability if they cause actual damage). As with media law and "bad journalism", copyright and "plagiarism," the law should leave the edge cases for the community to set up a moral/normative/shame-oriented punishment scheme.<br />
** we feel as though there is sufficient persistent identity in the community that even pseudonymous hackers care about their reputations. <br />
<br />
* '''focus on bad ''access'', leave ''use'' to other laws''' - laws on copyright, trade secret, identity theft, espionage, extortion, and fraud govern most of the "scary" use cases.<br />
** In this way, we are leaving the "hats" (black/white/grey/green) discussion for the community norms or existing law.<br />
<br />
* '''Consent should always be a defense''' - server owners ask members of the public to do some weird stuff against their systems, but as long as they ask for it, it should never be a crime to access one's computer in that way.<br />
<br />
* As to code-based vulnerabilities and authentication measures, '''some level of technical effectiveness should be considered.''' A "reasonable" standard may not be appropriate, as defining what is "reasonable" may lead to unnecessary confusion. But some consideration should be made to ensure that trivially-overcome measures are not considered within the scope.<br />
<br />
==== What should be unlawful ====<br />
* '''hold the party intending to do the bad behavior culpable''' - don't track liability to a person whose computer was unwittingly used to commit the crime.<br />
<br />
* '''Circumvention of a code-based authentication measure''' should be unlawful (leaving proportionality for another discussion). This includes cracking, password guessing, or human-engineering password disclosure.<br />
<br />
* '''Exploiting a code-based vulnerability to obtain information''' should be unlawful (leaving proportionality for another discussion). We are thinking of things like a SQL injection hack.<br />
<br />
* '''Knowingly deleting or impairing the integrity of the work''' should be unlawful if done intentionally or recklessly. Moving down to negligence or strict liability at a certain damage threshold is harder to say.<br />
<br />
==== Uncertain areas ====<br />
* '''penetration testing''' is squishy - an open call for bug bounties should be treated like consent to access the site (again, using laws govern bad uses)<br />
<br />
* '''"accidentally open" sites are squishy''' - e.g., sites that were supposed to be behind an authentication layer but are not. To a certain extent, it may be best to place the fault of this onto the coder of the site, with the comfort that certain uses by the obtainer of information may still be unlawful.<br />
<br />
<br />
=== Open questions ===<br />
Feel free to suggest brief answers, pointers to where this is discussed. <br />
<br />
; Does 'authentication' make sense as the basis for such a law? <br />
: As opposed to other corollaries re: trespass and access. Compare historical ways of handling these issues.<br />
: Is feigning authentication fraud? (when simply making up a new account; impersonating yourself, and not someone else)<br />
<br />
; Where do the following edge cases fall?<br />
* 'sockpuppeting' authentication where it's assumed you have one-account-per-user?<br />
: This is rarely prevented clearly. <br />
: Not the worst thing to do; it's not the same as impersonating a real person<br />
<br />
* Circumventing the auth process altogether? <br />
: This tends to be pretty bad. It's clearly defeating the system, when it requires finding a subtle exploit<br />
: Can be less bad when a system has an auth system but doesn't use it (e.g. it's never checked)<br />
<br />
<br />
; What's the ECTF doing? Who could provide oversight? <br />
: (cf [http://www.technewsdaily.com/16445-fix-hacking-laws.html fix-hacking-laws essay] and Robert Graham's comment)<br />
<br />
== Active proposals ==<br />
<br />
=== Aaron's Law ===<br />
''Lofgren & Wyden''<br />
<br />
* Lower some of the penalties for crimes that produce little or no harm, <br />
* Delete a provision that is repeated elsewhere in the statute <br />
*: Amend the Wire Fraud Act<br />
* Clarify once and for all that violating terms of service agreements is not a crime.<br />
*: NB - Chin in US v. Drew - precedent that an individual, violating a TOS without a script, is pretty clearly not a crime. But it is still always used as a threat to amplify perceived risk. <br />
*: Limit scope of "exceeding authorized access"<br />
<br />
; current status<br />
* referred to the Committee on Crime, Terr, Homeland Security subcomm of Judiciary Committee (chair: Sensenbrenner)<br />
<br />
* lower penalties for crimes that produce little or no harm<br />
* cleanup: delete repeated provision, delete provision repeated in WFA<br />
* clarify once and for all that violating TOS is not a crime (nb: it can still be prosecuted civilly)<br />
<br />
; Fork the Law page, listing legal history and proposed changes<br />
* [http://forkthelaw.org/node/9 From mid-2013]<br />
<br />
<br />
=== Creating something new ===<br />
; Manifesto <br />
*A la necessary and proportionate manifesto created after PRISM: https://necessaryandproportionate.org/text<br />
* Hack on this version: [https://pad.textb.org/p/CFAA CFAA replacement]<br />
; Drafting example legislation?<br />
<br />
=== Additional needed resources (1 hour projects) ===<br />
<br />
* mapping out where the CFAA overlaps with existing law; identifying areas left untouched.</div>192.54.222.3https://wiki.extremist.software/index.php?title=Aaron_projects/CFAA&diff=35351Aaron projects/CFAA2013-11-09T21:24:57Z<p>192.54.222.3: /* Points of consensus */</p>
<hr />
<div><center>''Work in progress; please link to other work here'' <br/> <br />
[https://pad.textb.org/p/CFAA '''Draft of Principles'''] being edited online <br/> <br />
Draft outline of replacement law underway</center><br />
<br />
;Goal: Let's prepare for a full repeal of the CFAA and replacement with sane law. <br />
;Questions: How would we construct good law in these areas, from scratch? <br />
: How do different areas of law, policy, and internet governance view the law and its impact? <br />
: What would it take to generate support for a [repeal + replace] action, in each area? <br />
: What are the professional and philosophical circles for each of these areas, where these issues are discussed? <br />
<br />
== Overview ==<br />
The CFAA was developed over time as a merger of ~7 different areas of law. It has developed in an aggregate way, and few groups are happy with the current law. It is so broad that prosecutors like it because they can use it to force plea bargains, since it applies to almost everything in its sphere of action (relying on prosecutorial judgement).<br />
<br />
Different parts of the story: National defense, cyber war, data sec, corporate law, contracts online. Authorization based on code, contract, social norms. Legal frameworks used to push political means. Career standards for prosecutors defined in political ways. <br />
<br />
=== Background ===<br />
; Aaron's Law<br />
* [http://www.dmlp.org/blog/2013/impact-aarons-law-aaron-swartzs-case Analysis from January], [https://www.eff.org/document/eff-cfaa-improvements EFF suggested changes] <br />
*[http://www.slate.com/blogs/crime/2013/06/20/aaron_s_law_zoe_lofgren_s_new_bill_would_help_reform_the_cfaa_will_congress.html June update via Lofgren], [https://www.eff.org/deeplinks/2013/07/critics-aarons-law-emerge-agree-statute-has-problems July update via Wyden]<br />
* [https://action.eff.org/o/9042/p/dia/action/public/?action_KEY=9005 EFF action page] - '''send a letter''' to your senators<br />
<br />
; Govtrack updates<br />
* [https://www.govtrack.us/congress/bills/113/hr2454#overview H.R. 2454] (Lofgren bill; referred to House Judiciary subcommittee on Crime, Terrorism, Homeland Security, and Investigations)<br />
* [https://www.govtrack.us/congress/bills/113/s1196#overview S. 1196] (Wyden bill; referred to Senate Judiciary)<br />
* [https://www.govtrack.us/congress/bills/113/hr2077 H.R. 2077] (Perlmutter bill; referred to House Judiciary subcommittee on Crime, Terrorism, Homeland Security, and Investigations)<br />
* [https://www.govtrack.us/congress/bills/113/s1426 S. 1426] (Blumenthal bill; referred to Senate Health, Education, Labor, and Pensions Committee)<br />
<br />
=== Comparative Law ===<br />
<br />
== Details ==<br />
;Aspects of the search: <br />
* "Advanced technical crime" -- The deployment of the SS was a bit peculiar; but they were the only fed. agents trained in what they were looking for.<br />
<br />
;Civil rights concerns<br />
* Part of the prosecution that was particularly troubling: at one point in the invest., it felt that they were keeping the prosecution going b/c they'd spent so much time bringing it along. There was no will from victims to keep it going, and not necc. any other desire, but the prosecutors for their own reason wanted conclusion. <br />
*: Suggestion: ''employ economists to remind people of sunk costs''<br />
<br />
;Three levels of problem<br />
* Occlusion of different agendas and sets of laws<br />
*: Compare pre-computer to post-computer laws for identical crimes.<br />
* Problems with prosecution as it happens today<br />
*: Motivations for initiating/closing cases<br />
* The nature of CFAA as it's been employed<br />
*: Failure of proportionality<br />
<br />
=== Legal elements ===<br />
There are 7 planks to [http://www.law.cornell.edu/uscode/text/18/1030 18 U.S.C. § 1030]<br />
<br />
# Knowingly accessing a computer without access or exceeding access, and obtaining security, foreign relations, atomic info<br />
#: rarely used, as it is substantively overlapped by other ares<br />
# Intentionally accessing a computer without access or exceeding access, and in so doing obtaining "information," financial records, or U.S. government info.<br />
#: the biggest and most frequently used for access-and-downloading type offenses<br />
# Accessing without authorization (not "exceeding") a US government owned or controlled computer<br />
# Equivalent to the statute on [http://www.law.cornell.edu/uscode/text/18/1343 wire fraud], but replacing "wire" with "computer" and tweaking the details <br />
#: Overlap with WFA, rather irrelevant in current environs<br />
# Computer damage<br />
#: three separate crimes ("damage" = impairment to integrity and availability of data; "loss" = reasonable cost of responding to offense, including costs of damage assessment)<br />
#:: knowingly cause transmission of program and intentionally cause damage<br />
#:: intentionally access a computer and as a result recklessly cause damage<br />
#:: intentionally access a computer and as a result cause damage and "loss" <br />
# Password Trafficking <br />
# Extortion through use of computer<br />
<br />
== Guiding principles ==<br />
: compare [https://necessaryandproportionate.org/text Necessary and Proportionate] principles<br />
<br />
What substantive things should be in a rational computer crime law? <br />
<br />
=== Positive principles ===<br />
(''see the draft'')<br />
<br />
; Parallelism with non-computer crime law<br />
<br />
; Proportionate punishment<br />
<br />
<br />
=== Negative principles ===<br />
; Avoid confusion/overlap between different parts of the government : in terms of means and ways<br />
* b/t different parts of the government<br />
* b/t different phil and pol goals<br />
* b/t social-good and infosec goals<br />
<br />
=== Points of consensus ===<br />
Based on conversations with folks at the '''Cambridge/Boston''' hack, these principles emerged as points of agreement. Other groups feel free to chime in as well.<br />
<br />
==== Reasonable defenses ====<br />
* '''Scope should be limited''' - the law should not run to the boundary of what we find ethical or moral. We want people to have freedom to "mess around" with the web (perhaps with some negligence-based liability if they cause actual damage). As with media law and "bad journalism", copyright and "plagiarism," the law should leave the edge cases for the community to set up a moral/normative/shame-oriented punishment scheme.<br />
** we feel as though there is sufficient persistent identity in the community that even pseudonymous hackers care about their reputations. <br />
<br />
* '''focus on bad ''access'', leave ''use'' to other laws''' - laws on copyright, trade secret, identity theft, espionage, extortion, and fraud govern most of the "scary" use cases.<br />
** In this way, we are leaving the "hats" (black/white/grey/green) discussion for the community norms or existing law.<br />
<br />
* '''Consent should always be a defense''' - server owners ask members of the public to do some weird stuff against their systems, but as long as they ask for it, it should never be a crime to access one's computer in that way.<br />
<br />
* As to code-based vulnerabilities and authentication measures, '''some level of technical effectiveness should be considered.''' A "reasonable" standard may not be appropriate, as defining what is "reasonable" may lead to unnecessary confusion. But some consideration should be made to ensure that trivially-overcome measures are not considered within the scope.<br />
<br />
==== What should be unlawful ====<br />
* '''hold the party intending to do the bad behavior culpable''' - don't track liability to a person whose computer was unwittingly used to commit the crime.<br />
<br />
* '''Circumvention of a code-based authentication measure''' should be unlawful (leaving proportionality for another discussion). This includes cracking, password guessing, or human-engineering password disclosure.<br />
<br />
* '''Exploiting a code-based vulnerability to obtain information''' should be unlawful (leaving proportionality for another discussion). We are thinking of things like a SQL injection hack.<br />
<br />
* '''Knowingly deleting or impairing the integrity of the work''' should be unlawful if done intentionally or recklessly. Moving down to negligence or strict liability at a certain damage threshold is harder to say.<br />
<br />
==== Uncertain areas ====<br />
* '''penetration testing''' is squishy - an open call for bug bounties should be treated like consent to access the site (again, using laws govern bad uses)<br />
<br />
* '''"accidentally open" sites are squishy''' - e.g., sites that were supposed to be behind an authentication layer but are not. To a certain extent, it may be best to place the fault of this onto the coder of the site, with the comfort that certain uses by the obtainer of information may still be unlawful.<br />
<br />
=== Open questions ===<br />
Feel free to suggest brief answers, pointers to where this is discussed. <br />
<br />
; Does 'authentication' make sense as the basis for such a law? <br />
: As opposed to other corollaries re: trespass and access. Compare historical ways of handling these issues.<br />
: Is feigning authentication fraud? (when simply making up a new account; impersonating yourself, and not someone else)<br />
<br />
; Where do the following edge cases fall?<br />
* 'sockpuppeting' authentication where it's assumed you have one-account-per-user?<br />
: This is rarely prevented clearly. <br />
: Not the worst thing to do; it's not the same as impersonating a real person<br />
<br />
* Circumventing the auth process altogether? <br />
: This tends to be pretty bad. It's clearly defeating the system, when it requires finding a subtle exploit<br />
: Can be less bad when a system has an auth system but doesn't use it (e.g. it's never checked)<br />
<br />
<br />
; What's the ECTF doing? Who could provide oversight? <br />
: (cf [http://www.technewsdaily.com/16445-fix-hacking-laws.html fix-hacking-laws essay] and Robert Graham's comment)<br />
<br />
== Active proposals ==<br />
<br />
=== Aaron's Law ===<br />
''Lofgren & Wyden''<br />
<br />
* Lower some of the penalties for crimes that produce little or no harm, <br />
* Delete a provision that is repeated elsewhere in the statute <br />
*: Amend the Wire Fraud Act<br />
* Clarify once and for all that violating terms of service agreements is not a crime.<br />
*: NB - Chin in US v. Drew - precedent that an individual, violating a TOS without a script, is pretty clearly not a crime. But it is still always used as a threat to amplify perceived risk. <br />
*: Limit scope of "exceeding authorized access"<br />
<br />
; current status<br />
* referred to the Committee on Crime, Terr, Homeland Security subcomm of Judiciary Committee (chair: Sensenbrenner)<br />
<br />
* lower penalties for crimes that produce little or no harm<br />
* cleanup: delete repeated provision, delete provision repeated in WFA<br />
* clarify once and for all that violating TOS is not a crime (nb: it can still be prosecuted civilly)<br />
<br />
; Fork the Law page, listing legal history and proposed changes<br />
* [http://forkthelaw.org/node/9 From mid-2013]<br />
<br />
<br />
=== Creating something new ===<br />
; Manifesto <br />
*A la necessary and proportionate manifesto created after PRISM: https://necessaryandproportionate.org/text<br />
* Hack on this version: [https://pad.textb.org/p/CFAA CFAA replacement]<br />
; Drafting example legislation?<br />
<br />
=== Additional needed resources (1 hour projects) ===<br />
<br />
* mapping out where the CFAA overlaps with existing law; identifying areas left untouched.</div>192.54.222.3https://wiki.extremist.software/index.php?title=Aaron_projects/CFAA&diff=35350Aaron projects/CFAA2013-11-09T21:18:45Z<p>192.54.222.3: </p>
<hr />
<div><center>''Work in progress; please link to other work here'' <br/> <br />
[https://pad.textb.org/p/CFAA '''Draft of Principles'''] being edited online <br/> <br />
Draft outline of replacement law underway</center><br />
<br />
;Goal: Let's prepare for a full repeal of the CFAA and replacement with sane law. <br />
;Questions: How would we construct good law in these areas, from scratch? <br />
: How do different areas of law, policy, and internet governance view the law and its impact? <br />
: What would it take to generate support for a [repeal + replace] action, in each area? <br />
: What are the professional and philosophical circles for each of these areas, where these issues are discussed? <br />
<br />
== Overview ==<br />
The CFAA was developed over time as a merger of ~7 different areas of law. It has developed in an aggregate way, and few groups are happy with the current law. It is so broad that prosecutors like it because they can use it to force plea bargains, since it applies to almost everything in its sphere of action (relying on prosecutorial judgement).<br />
<br />
Different parts of the story: National defense, cyber war, data sec, corporate law, contracts online. Authorization based on code, contract, social norms. Legal frameworks used to push political means. Career standards for prosecutors defined in political ways. <br />
<br />
=== Background ===<br />
; Aaron's Law<br />
* [http://www.dmlp.org/blog/2013/impact-aarons-law-aaron-swartzs-case Analysis from January], [https://www.eff.org/document/eff-cfaa-improvements EFF suggested changes] <br />
*[http://www.slate.com/blogs/crime/2013/06/20/aaron_s_law_zoe_lofgren_s_new_bill_would_help_reform_the_cfaa_will_congress.html June update via Lofgren], [https://www.eff.org/deeplinks/2013/07/critics-aarons-law-emerge-agree-statute-has-problems July update via Wyden]<br />
* [https://action.eff.org/o/9042/p/dia/action/public/?action_KEY=9005 EFF action page] - '''send a letter''' to your senators<br />
<br />
; Govtrack updates<br />
* [https://www.govtrack.us/congress/bills/113/hr2454#overview H.R. 2454] (Lofgren bill; referred to House Judiciary subcommittee on Crime, Terrorism, Homeland Security, and Investigations)<br />
* [https://www.govtrack.us/congress/bills/113/s1196#overview S. 1196] (Wyden bill; referred to Senate Judiciary)<br />
* [https://www.govtrack.us/congress/bills/113/hr2077 H.R. 2077] (Perlmutter bill; referred to House Judiciary subcommittee on Crime, Terrorism, Homeland Security, and Investigations)<br />
* [https://www.govtrack.us/congress/bills/113/s1426 S. 1426] (Blumenthal bill; referred to Senate Health, Education, Labor, and Pensions Committee)<br />
<br />
=== Comparative Law ===<br />
<br />
== Details ==<br />
;Aspects of the search: <br />
* "Advanced technical crime" -- The deployment of the SS was a bit peculiar; but they were the only fed. agents trained in what they were looking for.<br />
<br />
;Civil rights concerns<br />
* Part of the prosecution that was particularly troubling: at one point in the invest., it felt that they were keeping the prosecution going b/c they'd spent so much time bringing it along. There was no will from victims to keep it going, and not necc. any other desire, but the prosecutors for their own reason wanted conclusion. <br />
*: Suggestion: ''employ economists to remind people of sunk costs''<br />
<br />
;Three levels of problem<br />
* Occlusion of different agendas and sets of laws<br />
*: Compare pre-computer to post-computer laws for identical crimes.<br />
* Problems with prosecution as it happens today<br />
*: Motivations for initiating/closing cases<br />
* The nature of CFAA as it's been employed<br />
*: Failure of proportionality<br />
<br />
=== Legal elements ===<br />
There are 7 planks to [http://www.law.cornell.edu/uscode/text/18/1030 18 U.S.C. § 1030]<br />
<br />
# Knowingly accessing a computer without access or exceeding access, and obtaining security, foreign relations, atomic info<br />
#: rarely used, as it is substantively overlapped by other ares<br />
# Intentionally accessing a computer without access or exceeding access, and in so doing obtaining "information," financial records, or U.S. government info.<br />
#: the biggest and most frequently used for access-and-downloading type offenses<br />
# Accessing without authorization (not "exceeding") a US government owned or controlled computer<br />
# Equivalent to the statute on [http://www.law.cornell.edu/uscode/text/18/1343 wire fraud], but replacing "wire" with "computer" and tweaking the details <br />
#: Overlap with WFA, rather irrelevant in current environs<br />
# Computer damage<br />
#: three separate crimes ("damage" = impairment to integrity and availability of data; "loss" = reasonable cost of responding to offense, including costs of damage assessment)<br />
#:: knowingly cause transmission of program and intentionally cause damage<br />
#:: intentionally access a computer and as a result recklessly cause damage<br />
#:: intentionally access a computer and as a result cause damage and "loss" <br />
# Password Trafficking <br />
# Extortion through use of computer<br />
<br />
== Guiding principles ==<br />
: compare [https://necessaryandproportionate.org/text Necessary and Proportionate] principles<br />
<br />
What substantive things should be in a rational computer crime law? <br />
<br />
=== Positive principles ===<br />
(''see the draft'')<br />
<br />
; Parallelism with non-computer crime law<br />
<br />
; Proportionate punishment<br />
<br />
<br />
=== Negative principles ===<br />
; Avoid confusion/overlap between different parts of the government : in terms of means and ways<br />
* b/t different parts of the government<br />
* b/t different phil and pol goals<br />
* b/t social-good and infosec goals<br />
<br />
=== Points of consensus ===<br />
Based on conversations with folks at the '''Cambridge/Boston''' hack, these principles emerged as points of agreement. Other groups feel free to chime in as well.<br />
<br />
* '''Scope should be limited''' - the law should not run to the boundary of what we find ethical or moral. We want people to have freedom to "mess around" with the web (perhaps with some negligence-based liability if they cause actual damage). As with media law and "bad journalism", copyright and "plagiarism," the law should leave the edge cases for the community to set up a moral/normative/shame-oriented punishment scheme.<br />
** we feel as though there is sufficient persistent identity in the community that even pseudonymous hackers care about their reputations. <br />
* '''focus on bad ''access'', leave ''use'' to other laws''' - laws on copyright, trade secret, identity theft, espionage, extortion, and fraud govern most of the "scary" use cases.<br />
** In this way, we are leaving the "hats" (black/white/grey/green) discussion for the community norms or existing law.<br />
* '''hold the party intending to do the bad behavior culpable''' - don't track liability to a person whose computer was unwittingly used to commit the crime.<br />
* '''Consent should always be a defense''' - server owners ask members of the public to do some weird stuff against their systems, but as long as they ask for it, it should never be a crime to access one's computer in that way.<br />
* '''Circumvention of a code-based authentication measure''' should be unlawful (leaving proportionality for another discussion). This includes cracking, password guessing, or human-engineering password disclosure.<br />
* '''Exploiting a code-based vulnerability to obtain information''' should be unlawful (leaving proportionality for another discussion). We are thinking of things like a SQL injection hack.<br />
* As to code-based vulnerabilities and authentication measures, '''some level of technical effectiveness should be considered.''' A "reasonable" standard may not be appropriate, as defining what is "reasonable" may lead to unnecessary confusion. But some consideration should be made to ensure that trivially-overcome measures are not considered within the scope.<br />
* '''Knowingly deleting or impairing the integrity of the work''' should be unlawful if done intentionally or recklessly. Moving down to negligence or strict liability at a certain damage threshold is harder to say.<br />
* '''penetration testing''' is squishy - an open call for bug bounties should be treated like consent to access the site (again, using laws govern bad uses)<br />
* '''"accidentally open" sites is squishy''' - e.g., sites that were supposed to be behind an authentication layer but are not. To a certain extent, it may be best to place the fault of this onto the coder of the site, with the comfort that certain uses by the obtainer of information may still be unlawful.<br />
<br />
=== Open questions ===<br />
Feel free to suggest brief answers, pointers to where this is discussed. <br />
<br />
; Does 'authentication' make sense as the basis for such a law? <br />
: As opposed to other corollaries re: trespass and access. Compare historical ways of handling these issues.<br />
: Is feigning authentication fraud? (when simply making up a new account; impersonating yourself, and not someone else)<br />
<br />
; Where do the following edge cases fall?<br />
* 'sockpuppeting' authentication where it's assumed you have one-account-per-user?<br />
: This is rarely prevented clearly. <br />
: Not the worst thing to do; it's not the same as impersonating a real person<br />
<br />
* Circumventing the auth process altogether? <br />
: This tends to be pretty bad. It's clearly defeating the system, when it requires finding a subtle exploit<br />
: Can be less bad when a system has an auth system but doesn't use it (e.g. it's never checked)<br />
<br />
<br />
; What's the ECTF doing? Who could provide oversight? <br />
: (cf [http://www.technewsdaily.com/16445-fix-hacking-laws.html fix-hacking-laws essay] and Robert Graham's comment)<br />
<br />
== Active proposals ==<br />
<br />
=== Aaron's Law ===<br />
''Lofgren & Wyden''<br />
<br />
* Lower some of the penalties for crimes that produce little or no harm, <br />
* Delete a provision that is repeated elsewhere in the statute <br />
*: Amend the Wire Fraud Act<br />
* Clarify once and for all that violating terms of service agreements is not a crime.<br />
*: NB - Chin in US v. Drew - precedent that an individual, violating a TOS without a script, is pretty clearly not a crime. But it is still always used as a threat to amplify perceived risk. <br />
*: Limit scope of "exceeding authorized access"<br />
<br />
; current status<br />
* referred to the Committee on Crime, Terr, Homeland Security subcomm of Judiciary Committee (chair: Sensenbrenner)<br />
<br />
* lower penalties for crimes that produce little or no harm<br />
* cleanup: delete repeated provision, delete provision repeated in WFA<br />
* clarify once and for all that violating TOS is not a crime (nb: it can still be prosecuted civilly)<br />
<br />
; Fork the Law page, listing legal history and proposed changes<br />
* [http://forkthelaw.org/node/9 From mid-2013]<br />
<br />
<br />
=== Creating something new ===<br />
; Manifesto <br />
*A la necessary and proportionate manifesto created after PRISM: https://necessaryandproportionate.org/text<br />
* Hack on this version: [https://pad.textb.org/p/CFAA CFAA replacement]<br />
; Drafting example legislation?<br />
<br />
=== Additional needed resources (1 hour projects) ===<br />
<br />
* mapping out where the CFAA overlaps with existing law; identifying areas left untouched.</div>192.54.222.3https://wiki.extremist.software/index.php?title=Aaron_projects/CFAA&diff=35349Aaron projects/CFAA2013-11-09T21:18:26Z<p>192.54.222.3: </p>
<hr />
<div><center>''Work in progress; please link to other work here'' <br/> <br />
[https://pad.textb.org/p/CFAA '''Draft of Principles'''] being edited online <br/> <br />
Needed: Draft outline of replacement law, good law to emulate</center><br />
<br />
;Goal: Let's prepare for a full repeal of the CFAA and replacement with sane law. <br />
;Questions: How would we construct good law in these areas, from scratch? <br />
: How do different areas of law, policy, and internet governance view the law and its impact? <br />
: What would it take to generate support for a [repeal + replace] action, in each area? <br />
: What are the professional and philosophical circles for each of these areas, where these issues are discussed? <br />
<br />
== Overview ==<br />
The CFAA was developed over time as a merger of ~7 different areas of law. It has developed in an aggregate way, and few groups are happy with the current law. It is so broad that prosecutors like it because they can use it to force plea bargains, since it applies to almost everything in its sphere of action (relying on prosecutorial judgement).<br />
<br />
Different parts of the story: National defense, cyber war, data sec, corporate law, contracts online. Authorization based on code, contract, social norms. Legal frameworks used to push political means. Career standards for prosecutors defined in political ways. <br />
<br />
=== Background ===<br />
; Aaron's Law<br />
* [http://www.dmlp.org/blog/2013/impact-aarons-law-aaron-swartzs-case Analysis from January], [https://www.eff.org/document/eff-cfaa-improvements EFF suggested changes] <br />
*[http://www.slate.com/blogs/crime/2013/06/20/aaron_s_law_zoe_lofgren_s_new_bill_would_help_reform_the_cfaa_will_congress.html June update via Lofgren], [https://www.eff.org/deeplinks/2013/07/critics-aarons-law-emerge-agree-statute-has-problems July update via Wyden]<br />
* [https://action.eff.org/o/9042/p/dia/action/public/?action_KEY=9005 EFF action page] - '''send a letter''' to your senators<br />
<br />
; Govtrack updates<br />
* [https://www.govtrack.us/congress/bills/113/hr2454#overview H.R. 2454] (Lofgren bill; referred to House Judiciary subcommittee on Crime, Terrorism, Homeland Security, and Investigations)<br />
* [https://www.govtrack.us/congress/bills/113/s1196#overview S. 1196] (Wyden bill; referred to Senate Judiciary)<br />
* [https://www.govtrack.us/congress/bills/113/hr2077 H.R. 2077] (Perlmutter bill; referred to House Judiciary subcommittee on Crime, Terrorism, Homeland Security, and Investigations)<br />
* [https://www.govtrack.us/congress/bills/113/s1426 S. 1426] (Blumenthal bill; referred to Senate Health, Education, Labor, and Pensions Committee)<br />
<br />
=== Comparative Law ===<br />
<br />
== Details ==<br />
;Aspects of the search: <br />
* "Advanced technical crime" -- The deployment of the SS was a bit peculiar; but they were the only fed. agents trained in what they were looking for.<br />
<br />
;Civil rights concerns<br />
* Part of the prosecution that was particularly troubling: at one point in the invest., it felt that they were keeping the prosecution going b/c they'd spent so much time bringing it along. There was no will from victims to keep it going, and not necc. any other desire, but the prosecutors for their own reason wanted conclusion. <br />
*: Suggestion: ''employ economists to remind people of sunk costs''<br />
<br />
;Three levels of problem<br />
* Occlusion of different agendas and sets of laws<br />
*: Compare pre-computer to post-computer laws for identical crimes.<br />
* Problems with prosecution as it happens today<br />
*: Motivations for initiating/closing cases<br />
* The nature of CFAA as it's been employed<br />
*: Failure of proportionality<br />
<br />
=== Legal elements ===<br />
There are 7 planks to [http://www.law.cornell.edu/uscode/text/18/1030 18 U.S.C. § 1030]<br />
<br />
# Knowingly accessing a computer without access or exceeding access, and obtaining security, foreign relations, atomic info<br />
#: rarely used, as it is substantively overlapped by other ares<br />
# Intentionally accessing a computer without access or exceeding access, and in so doing obtaining "information," financial records, or U.S. government info.<br />
#: the biggest and most frequently used for access-and-downloading type offenses<br />
# Accessing without authorization (not "exceeding") a US government owned or controlled computer<br />
# Equivalent to the statute on [http://www.law.cornell.edu/uscode/text/18/1343 wire fraud], but replacing "wire" with "computer" and tweaking the details <br />
#: Overlap with WFA, rather irrelevant in current environs<br />
# Computer damage<br />
#: three separate crimes ("damage" = impairment to integrity and availability of data; "loss" = reasonable cost of responding to offense, including costs of damage assessment)<br />
#:: knowingly cause transmission of program and intentionally cause damage<br />
#:: intentionally access a computer and as a result recklessly cause damage<br />
#:: intentionally access a computer and as a result cause damage and "loss" <br />
# Password Trafficking <br />
# Extortion through use of computer<br />
<br />
== Guiding principles ==<br />
: compare [https://necessaryandproportionate.org/text Necessary and Proportionate] principles<br />
<br />
What substantive things should be in a rational computer crime law? <br />
<br />
=== Positive principles ===<br />
(''see the draft'')<br />
<br />
; Parallelism with non-computer crime law<br />
<br />
; Proportionate punishment<br />
<br />
<br />
=== Negative principles ===<br />
; Avoid confusion/overlap between different parts of the government : in terms of means and ways<br />
* b/t different parts of the government<br />
* b/t different phil and pol goals<br />
* b/t social-good and infosec goals<br />
<br />
=== Points of consensus ===<br />
Based on conversations with folks at the '''Cambridge/Boston''' hack, these principles emerged as points of agreement. Other groups feel free to chime in as well.<br />
<br />
* '''Scope should be limited''' - the law should not run to the boundary of what we find ethical or moral. We want people to have freedom to "mess around" with the web (perhaps with some negligence-based liability if they cause actual damage). As with media law and "bad journalism", copyright and "plagiarism," the law should leave the edge cases for the community to set up a moral/normative/shame-oriented punishment scheme.<br />
** we feel as though there is sufficient persistent identity in the community that even pseudonymous hackers care about their reputations. <br />
* '''focus on bad ''access'', leave ''use'' to other laws''' - laws on copyright, trade secret, identity theft, espionage, extortion, and fraud govern most of the "scary" use cases.<br />
** In this way, we are leaving the "hats" (black/white/grey/green) discussion for the community norms or existing law.<br />
* '''hold the party intending to do the bad behavior culpable''' - don't track liability to a person whose computer was unwittingly used to commit the crime.<br />
* '''Consent should always be a defense''' - server owners ask members of the public to do some weird stuff against their systems, but as long as they ask for it, it should never be a crime to access one's computer in that way.<br />
* '''Circumvention of a code-based authentication measure''' should be unlawful (leaving proportionality for another discussion). This includes cracking, password guessing, or human-engineering password disclosure.<br />
* '''Exploiting a code-based vulnerability to obtain information''' should be unlawful (leaving proportionality for another discussion). We are thinking of things like a SQL injection hack.<br />
* As to code-based vulnerabilities and authentication measures, '''some level of technical effectiveness should be considered.''' A "reasonable" standard may not be appropriate, as defining what is "reasonable" may lead to unnecessary confusion. But some consideration should be made to ensure that trivially-overcome measures are not considered within the scope.<br />
* '''Knowingly deleting or impairing the integrity of the work''' should be unlawful if done intentionally or recklessly. Moving down to negligence or strict liability at a certain damage threshold is harder to say.<br />
* '''penetration testing''' is squishy - an open call for bug bounties should be treated like consent to access the site (again, using laws govern bad uses)<br />
* '''"accidentally open" sites is squishy''' - e.g., sites that were supposed to be behind an authentication layer but are not. To a certain extent, it may be best to place the fault of this onto the coder of the site, with the comfort that certain uses by the obtainer of information may still be unlawful.<br />
<br />
=== Open questions ===<br />
Feel free to suggest brief answers, pointers to where this is discussed. <br />
<br />
; Does 'authentication' make sense as the basis for such a law? <br />
: As opposed to other corollaries re: trespass and access. Compare historical ways of handling these issues.<br />
: Is feigning authentication fraud? (when simply making up a new account; impersonating yourself, and not someone else)<br />
<br />
; Where do the following edge cases fall?<br />
* 'sockpuppeting' authentication where it's assumed you have one-account-per-user?<br />
: This is rarely prevented clearly. <br />
: Not the worst thing to do; it's not the same as impersonating a real person<br />
<br />
* Circumventing the auth process altogether? <br />
: This tends to be pretty bad. It's clearly defeating the system, when it requires finding a subtle exploit<br />
: Can be less bad when a system has an auth system but doesn't use it (e.g. it's never checked)<br />
<br />
<br />
; What's the ECTF doing? Who could provide oversight? <br />
: (cf [http://www.technewsdaily.com/16445-fix-hacking-laws.html fix-hacking-laws essay] and Robert Graham's comment)<br />
<br />
== Active proposals ==<br />
<br />
=== Aaron's Law ===<br />
''Lofgren & Wyden''<br />
<br />
* Lower some of the penalties for crimes that produce little or no harm, <br />
* Delete a provision that is repeated elsewhere in the statute <br />
*: Amend the Wire Fraud Act<br />
* Clarify once and for all that violating terms of service agreements is not a crime.<br />
*: NB - Chin in US v. Drew - precedent that an individual, violating a TOS without a script, is pretty clearly not a crime. But it is still always used as a threat to amplify perceived risk. <br />
*: Limit scope of "exceeding authorized access"<br />
<br />
; current status<br />
* referred to the Committee on Crime, Terr, Homeland Security subcomm of Judiciary Committee (chair: Sensenbrenner)<br />
<br />
* lower penalties for crimes that produce little or no harm<br />
* cleanup: delete repeated provision, delete provision repeated in WFA<br />
* clarify once and for all that violating TOS is not a crime (nb: it can still be prosecuted civilly)<br />
<br />
; Fork the Law page, listing legal history and proposed changes<br />
* [http://forkthelaw.org/node/9 From mid-2013]<br />
<br />
<br />
=== Creating something new ===<br />
; Manifesto <br />
*A la necessary and proportionate manifesto created after PRISM: https://necessaryandproportionate.org/text<br />
* Hack on this version: [https://pad.textb.org/p/CFAA CFAA replacement]<br />
; Drafting example legislation?<br />
<br />
=== Additional needed resources (1 hour projects) ===<br />
<br />
* mapping out where the CFAA overlaps with existing law; identifying areas left untouched.</div>192.54.222.3https://wiki.extremist.software/index.php?title=Aaron_projects/CFAA&diff=35325Aaron projects/CFAA2013-11-09T17:40:04Z<p>192.54.222.3: </p>
<hr />
<div><center>''Work in progress; please link to other work here'' <br/> Draft of Principles being drafted online <br/> Draft replacement law underway later today</center><br />
<br />
;Goal: Let's prepare for a full repeal of the CFAA and replacement with sane law. <br />
;Questions: How would we construct good law in these areas, from scratch? <br />
: How do different areas of law, policy, and internet governance view the law and its impact? <br />
: What would it take to generate support for a [repeal + replace] action, in each area? <br />
: What are the professional and philosophical circles for each of these areas, where these issues are discussed? <br />
<br />
== Overview ==<br />
The CFAA was developed over time as a merger of ~7 different areas of law. It has developed in an aggregate way, and few groups are happy with the current law. It is so broad that prosecutors like it because they can use it to force plea bargains, since it applies to almost everything in its sphere of action (relying on prosecutorial judgement).<br />
<br />
Different parts of the story: National defense, cyber war, data sec, corporate law, contracts online. Authorization based on code, contract, social norms. Legal frameworks used to push political means. Career standards for prosecutors defined in political ways. <br />
<br />
=== Background ===<br />
; Aaron's Law<br />
* [http://www.dmlp.org/blog/2013/impact-aarons-law-aaron-swartzs-case Analysis from January], [https://www.eff.org/document/eff-cfaa-improvements EFF suggested changes] <br />
*[http://www.slate.com/blogs/crime/2013/06/20/aaron_s_law_zoe_lofgren_s_new_bill_would_help_reform_the_cfaa_will_congress.html June update via Lofgren], [https://www.eff.org/deeplinks/2013/07/critics-aarons-law-emerge-agree-statute-has-problems July update via Wyden]<br />
* [https://action.eff.org/o/9042/p/dia/action/public/?action_KEY=9005 EFF action page] - '''send a letter''' to your senators<br />
<br />
; Govtrack updates<br />
* [https://www.govtrack.us/congress/bills/113/hr2454#overview H.R. 2454] (Lofgren bill; referred to House Judiciary subcommittee on Crime, Terrorism, Homeland Security, and Investigations)<br />
* [https://www.govtrack.us/congress/bills/113/s1196#overview S. 1196] (Wyden bill; referred to Senate Judiciary)<br />
* [https://www.govtrack.us/congress/bills/113/hr2077 H.R. 2077] (Perlmutter bill; referred to House Judiciary subcommittee on Crime, Terrorism, Homeland Security, and Investigations)<br />
* [https://www.govtrack.us/congress/bills/113/s1426 S. 1426] (Blumenthal bill; referred to Senate Health, Education, Labor, and Pensions Committee)<br />
<br />
=== Comparative Law ===<br />
<br />
== Details ==<br />
;Aspects of the search: <br />
* "Advanced technical crime" -- The deployment of the SS was a bit peculiar; but they were the only fed. agents trained in what they were looking for.<br />
<br />
;Civil rights concerns<br />
* Part of the prosecution that was particularly troubling: at one point in the invest., it felt that they were keeping the prosecution going b/c they'd spent so much time bringing it along. There was no will from victims to keep it going, and not necc. any other desire, but the prosecutors for their own reason wanted conclusion. <br />
*: Suggestion: ''employ economists to remind people of sunk costs''<br />
<br />
;Three levels of problem<br />
* Occlusion of different agendas and sets of laws<br />
*: Compare pre-computer to post-computer laws for identical crimes.<br />
* Problems with prosecution as it happens today<br />
*: Motivations for initiating/closing cases<br />
* The nature of CFAA as it's been employed<br />
*: Failure of proportionality<br />
<br />
=== Legal elements ===<br />
There are 7 planks to [http://www.law.cornell.edu/uscode/text/18/1030 18 U.S.C. § 1030]<br />
<br />
# Knowingly accessing a computer without access or exceeding access, and obtaining security, foreign relations, atomic info<br />
#: rarely used, as it is substantively overlapped by other ares<br />
# Intentionally accessing a computer without access or exceeding access, and in so doing obtaining "information," financial records, or U.S. government info.<br />
#: the biggest and most frequently used for access-and-downloading type offenses<br />
# Accessing without authorization (not "exceeding") a US government owned or controlled computer<br />
# Equivalent to the statute on [http://www.law.cornell.edu/uscode/text/18/1343 wire fraud], but replacing "wire" with "computer" and tweaking the details <br />
#: Overlap with WFA, rather irrelevant in current environs<br />
# Computer damage<br />
#: three separate crimes ("damage" = impairment to integrity and availability of data; "loss" = reasonable cost of responding to offense, including costs of damage assessment)<br />
#:: knowingly cause transmission of program and intentionally cause damage<br />
#:: intentionally access a computer and as a result recklessly cause damage<br />
#:: intentionally access a computer and as a result cause damage and "loss" <br />
# Password Trafficking <br />
# Extortion through use of computer<br />
<br />
== Proposed solutions == <br />
<br />
=== Aaron's Law ===<br />
* Lower some of the penalties for crimes that produce little or no harm, <br />
* Delete a provision that is repeated elsewhere in the statute <br />
* Clarify once and for all that violating terms of service agreements is not a crime.<br />
*: NB - Chin in US v. Drew - precedent that an individual, violating a TOS without a script, is pretty clearly not a crime. But it is still always used as a threat to amplify perceived risk. <br />
<br />
; current status<br />
* referred to the Committee on Crime, Terr, Homeland Security subcomm of Judiciary Committee (chair: Sensenbrenner)<br />
<br />
== Principles ==<br />
: compare [https://necessaryandproportionate.org/text Necessary and Proportionate] principles<br />
<br />
What substantive things should be in a rational computer crime law? <br />
<br />
=== Positive principles ===<br />
; Parallelism with non-computer crime law<br />
<br />
; Proportionate punishment<br />
<br />
<br />
=== Negative principles ===<br />
; Avoid confusion/overlap between different parts of the government : in terms of means and ways<br />
* b/t different parts of the government<br />
* b/t different phil and pol goals<br />
* b/t social-good and infosec goals<br />
<br />
<br />
=== Open questions ===<br />
Feel free to suggest brief answers, pointers to where this is discussed. <br />
<br />
; Does 'authentication' make sense as the basis for such a law? <br />
: As opposed to other corollaries re: trespass and access. Compare historical ways of handling these issues.<br />
: Is feigning authentication fraud? (when simply making up a new account; impersonating yourself, and not someone else)<br />
<br />
; Where do the following edge cases fall?<br />
* 'sockpuppeting' authentication where it's assumed you have one-account-per-user?<br />
: This is rarely prevented clearly. <br />
: Not the worst thing to do; it's not the same as impersonating a real person<br />
<br />
* Circumventing the auth process altogether? <br />
: This tends to be pretty bad. It's clearly defeating the system, when it requires finding a subtle exploit<br />
: Can be less bad when a system has an auth system but doesn't use it (e.g. it's never checked)<br />
<br />
<br />
; What's the ECTF doing? Who could provide oversight? <br />
: (cf [http://www.technewsdaily.com/16445-fix-hacking-laws.html fix-hacking-laws essay] and Robert Graham's comment)<br />
<br />
== Active proposals ==<br />
<br />
=== Patching existing law ===<br />
; EFF proposals and ideas<br />
* Limit scope of "exceeding authorized access"<br />
: Say: contractual violation can't be the basis for this<br />
* Amend the Wire Fraud Act<br />
: Say: contractual violation can't be the basis for this<br />
* lower penalties for crimes that produce little or no harm<br />
* cleanup: delete repeated provision, delete provision repeated in WFA<br />
* clarify once and for all that violating TOS is not a crime (nb: it can still be prosecuted civilly)<br />
<br />
; Fork the Law page, listing legal history and proposed changes<br />
* [http://forkthelaw.org/node/9 From mid-2013]<br />
<br />
<br />
=== Creating something new ===<br />
; Manifesto <br />
*A la necessary and proportionate manifesto created after PRISM: https://necessaryandproportionate.org/text<br />
* Hack on this version: [https://pad.textb.org/p/CFAA CFAA replacement]<br />
; Drafting example legislation?<br />
<br />
=== Additional needed resources (1 hour projects) ===<br />
<br />
* mapping out where the CFAA overlaps with existing law; identifying areas left untouched.</div>192.54.222.3https://wiki.extremist.software/index.php?title=Aaron_projects/CFAA&diff=35324Aaron projects/CFAA2013-11-09T17:35:25Z<p>192.54.222.3: /* Open questions */</p>
<hr />
<div><center>''Work in progress; please link to other work here''</center><br />
<br />
;Goal: Let's prepare for a full repeal of the CFAA and replacement with sane law. <br />
;Questions: How would we construct good law in these areas, from scratch? <br />
: How do different areas of law, policy, and internet governance view the law and its impact? <br />
: What would it take to generate support for a [repeal + replace] action, in each area? <br />
: What are the professional and philosophical circles for each of these areas, where these issues are discussed? <br />
<br />
== Overview ==<br />
The CFAA was developed over time as a merger of ~7 different areas of law. It has developed in an aggregate way, and few groups are happy with the current law. It is so broad that prosecutors like it because they can use it to force plea bargains, since it applies to almost everything in its sphere of action (relying on prosecutorial judgement).<br />
<br />
Different parts of the story: National defense, cyber war, data sec, corporate law, contracts online. Authorization based on code, contract, social norms. Legal frameworks used to push political means. Career standards for prosecutors defined in political ways. <br />
<br />
=== Background ===<br />
; Aaron's Law<br />
* [http://www.dmlp.org/blog/2013/impact-aarons-law-aaron-swartzs-case Analysis from January], [https://www.eff.org/document/eff-cfaa-improvements EFF suggested changes] <br />
*[http://www.slate.com/blogs/crime/2013/06/20/aaron_s_law_zoe_lofgren_s_new_bill_would_help_reform_the_cfaa_will_congress.html June update via Lofgren], [https://www.eff.org/deeplinks/2013/07/critics-aarons-law-emerge-agree-statute-has-problems July update via Wyden]<br />
* [https://action.eff.org/o/9042/p/dia/action/public/?action_KEY=9005 EFF action page] - '''send a letter''' to your senators<br />
<br />
; Govtrack updates<br />
* [https://www.govtrack.us/congress/bills/113/hr2454#overview H.R. 2454] (Lofgren bill; referred to House Judiciary subcommittee on Crime, Terrorism, Homeland Security, and Investigations)<br />
* [https://www.govtrack.us/congress/bills/113/s1196#overview S. 1196] (Wyden bill; referred to Senate Judiciary)<br />
* [https://www.govtrack.us/congress/bills/113/hr2077 H.R. 2077] (Perlmutter bill; referred to House Judiciary subcommittee on Crime, Terrorism, Homeland Security, and Investigations)<br />
* [https://www.govtrack.us/congress/bills/113/s1426 S. 1426] (Blumenthal bill; referred to Senate Health, Education, Labor, and Pensions Committee)<br />
<br />
=== Comparative Law ===<br />
<br />
== Details ==<br />
;Aspects of the search: <br />
* "Advanced technical crime" -- The deployment of the SS was a bit peculiar; but they were the only fed. agents trained in what they were looking for.<br />
<br />
;Civil rights concerns<br />
* Part of the prosecution that was particularly troubling: at one point in the invest., it felt that they were keeping the prosecution going b/c they'd spent so much time bringing it along. There was no will from victims to keep it going, and not necc. any other desire, but the prosecutors for their own reason wanted conclusion. <br />
*: Suggestion: ''employ economists to remind people of sunk costs''<br />
<br />
;Three levels of problem<br />
* Occlusion of different agendas and sets of laws<br />
*: Compare pre-computer to post-computer laws for identical crimes.<br />
* Problems with prosecution as it happens today<br />
*: Motivations for initiating/closing cases<br />
* The nature of CFAA as it's been employed<br />
*: Failure of proportionality<br />
<br />
=== Legal elements ===<br />
There are 7 planks to [http://www.law.cornell.edu/uscode/text/18/1030 18 U.S.C. § 1030]<br />
<br />
# Knowingly accessing a computer without access or exceeding access, and obtaining security, foreign relations, atomic info<br />
#: rarely used, as it is substantively overlapped by other ares<br />
# Intentionally accessing a computer without access or exceeding access, and in so doing obtaining "information," financial records, or U.S. government info.<br />
#: the biggest and most frequently used for access-and-downloading type offenses<br />
# Accessing without authorization (not "exceeding") a US government owned or controlled computer<br />
# Equivalent to the statute on [http://www.law.cornell.edu/uscode/text/18/1343 wire fraud], but replacing "wire" with "computer" and tweaking the details <br />
#: Overlap with WFA, rather irrelevant in current environs<br />
# Computer damage<br />
#: three separate crimes ("damage" = impairment to integrity and availability of data; "loss" = reasonable cost of responding to offense, including costs of damage assessment)<br />
#:: knowingly cause transmission of program and intentionally cause damage<br />
#:: intentionally access a computer and as a result recklessly cause damage<br />
#:: intentionally access a computer and as a result cause damage and "loss" <br />
# Password Trafficking <br />
# Extortion through use of computer<br />
<br />
== Proposed solutions == <br />
<br />
=== Aaron's Law ===<br />
* Lower some of the penalties for crimes that produce little or no harm, <br />
* Delete a provision that is repeated elsewhere in the statute <br />
* Clarify once and for all that violating terms of service agreements is not a crime.<br />
*: NB - Chin in US v. Drew - precedent that an individual, violating a TOS without a script, is pretty clearly not a crime. But it is still always used as a threat to amplify perceived risk. <br />
<br />
; current status<br />
* referred to the Committee on Crime, Terr, Homeland Security subcomm of Judiciary Committee (chair: Sensenbrenner)<br />
<br />
== Principles ==<br />
: compare [https://necessaryandproportionate.org/text Necessary and Proportionate] principles<br />
<br />
What substantive things should be in a rational computer crime law? <br />
<br />
=== Positive principles ===<br />
; Parallelism with non-computer crime law<br />
<br />
; Proportionate punishment<br />
<br />
<br />
=== Negative principles ===<br />
; Avoid confusion/overlap between different parts of the government : in terms of means and ways<br />
* b/t different parts of the government<br />
* b/t different phil and pol goals<br />
* b/t social-good and infosec goals<br />
<br />
<br />
=== Open questions ===<br />
Feel free to suggest brief answers, pointers to where this is discussed. <br />
<br />
; Does 'authentication' make sense as the basis for such a law? <br />
: As opposed to other corollaries re: trespass and access. Compare historical ways of handling these issues.<br />
: Is feigning authentication fraud? (when simply making up a new account; impersonating yourself, and not someone else)<br />
<br />
; Where do the following edge cases fall?<br />
* 'sockpuppeting' authentication where it's assumed you have one-account-per-user?<br />
: This is rarely prevented clearly. <br />
: Not the worst thing to do; it's not the same as impersonating a real person<br />
<br />
* Circumventing the auth process altogether? <br />
: This tends to be pretty bad. It's clearly defeating the system, when it requires finding a subtle exploit<br />
: Can be less bad when a system has an auth system but doesn't use it (e.g. it's never checked)<br />
<br />
<br />
; What's the ECTF doing? Who could provide oversight? <br />
: (cf [http://www.technewsdaily.com/16445-fix-hacking-laws.html fix-hacking-laws essay] and Robert Graham's comment)<br />
<br />
== Active proposals ==<br />
<br />
=== Patching existing law ===<br />
; EFF proposals and ideas<br />
* Limit scope of "exceeding authorized access"<br />
: Say: contractual violation can't be the basis for this<br />
* Amend the Wire Fraud Act<br />
: Say: contractual violation can't be the basis for this<br />
* lower penalties for crimes that produce little or no harm<br />
* cleanup: delete repeated provision, delete provision repeated in WFA<br />
* clarify once and for all that violating TOS is not a crime (nb: it can still be prosecuted civilly)<br />
<br />
; Fork the Law page, listing legal history and proposed changes<br />
* [http://forkthelaw.org/node/9 From mid-2013]<br />
<br />
<br />
=== Creating something new ===<br />
; Manifesto <br />
*A la necessary and proportionate manifesto created after PRISM: https://necessaryandproportionate.org/text<br />
* Hack on this version: [https://pad.textb.org/p/CFAA CFAA replacement]<br />
; Drafting example legislation?<br />
<br />
=== Additional needed resources (1 hour projects) ===<br />
<br />
* mapping out where the CFAA overlaps with existing law; identifying areas left untouched.</div>192.54.222.3https://wiki.extremist.software/index.php?title=Aaron_projects/CFAA&diff=35323Aaron projects/CFAA2013-11-09T17:26:33Z<p>192.54.222.3: /* Open questions */</p>
<hr />
<div><center>''Work in progress; please link to other work here''</center><br />
<br />
;Goal: Let's prepare for a full repeal of the CFAA and replacement with sane law. <br />
;Questions: How would we construct good law in these areas, from scratch? <br />
: How do different areas of law, policy, and internet governance view the law and its impact? <br />
: What would it take to generate support for a [repeal + replace] action, in each area? <br />
: What are the professional and philosophical circles for each of these areas, where these issues are discussed? <br />
<br />
== Overview ==<br />
The CFAA was developed over time as a merger of ~7 different areas of law. It has developed in an aggregate way, and few groups are happy with the current law. It is so broad that prosecutors like it because they can use it to force plea bargains, since it applies to almost everything in its sphere of action (relying on prosecutorial judgement).<br />
<br />
Different parts of the story: National defense, cyber war, data sec, corporate law, contracts online. Authorization based on code, contract, social norms. Legal frameworks used to push political means. Career standards for prosecutors defined in political ways. <br />
<br />
=== Background ===<br />
; Aaron's Law<br />
* [http://www.dmlp.org/blog/2013/impact-aarons-law-aaron-swartzs-case Analysis from January], [https://www.eff.org/document/eff-cfaa-improvements EFF suggested changes] <br />
*[http://www.slate.com/blogs/crime/2013/06/20/aaron_s_law_zoe_lofgren_s_new_bill_would_help_reform_the_cfaa_will_congress.html June update via Lofgren], [https://www.eff.org/deeplinks/2013/07/critics-aarons-law-emerge-agree-statute-has-problems July update via Wyden]<br />
* [https://action.eff.org/o/9042/p/dia/action/public/?action_KEY=9005 EFF action page] - '''send a letter''' to your senators<br />
<br />
; Govtrack updates<br />
* [https://www.govtrack.us/congress/bills/113/hr2454#overview H.R. 2454] (Lofgren bill; referred to House Judiciary subcommittee on Crime, Terrorism, Homeland Security, and Investigations)<br />
* [https://www.govtrack.us/congress/bills/113/s1196#overview S. 1196] (Wyden bill; referred to Senate Judiciary)<br />
* [https://www.govtrack.us/congress/bills/113/hr2077 H.R. 2077] (Perlmutter bill; referred to House Judiciary subcommittee on Crime, Terrorism, Homeland Security, and Investigations)<br />
* [https://www.govtrack.us/congress/bills/113/s1426 S. 1426] (Blumenthal bill; referred to Senate Health, Education, Labor, and Pensions Committee)<br />
<br />
=== Comparative Law ===<br />
<br />
== Details ==<br />
;Aspects of the search: <br />
* "Advanced technical crime" -- The deployment of the SS was a bit peculiar; but they were the only fed. agents trained in what they were looking for.<br />
<br />
;Civil rights concerns<br />
* Part of the prosecution that was particularly troubling: at one point in the invest., it felt that they were keeping the prosecution going b/c they'd spent so much time bringing it along. There was no will from victims to keep it going, and not necc. any other desire, but the prosecutors for their own reason wanted conclusion. <br />
*: Suggestion: ''employ economists to remind people of sunk costs''<br />
<br />
;Three levels of problem<br />
* Occlusion of different agendas and sets of laws<br />
*: Compare pre-computer to post-computer laws for identical crimes.<br />
* Problems with prosecution as it happens today<br />
*: Motivations for initiating/closing cases<br />
* The nature of CFAA as it's been employed<br />
*: Failure of proportionality<br />
<br />
=== Legal elements ===<br />
There are 7 planks to [http://www.law.cornell.edu/uscode/text/18/1030 18 U.S.C. § 1030]<br />
<br />
# Knowingly accessing a computer without access or exceeding access, and obtaining security, foreign relations, atomic info<br />
#: rarely used, as it is substantively overlapped by other ares<br />
# Intentionally accessing a computer without access or exceeding access, and in so doing obtaining "information," financial records, or U.S. government info.<br />
#: the biggest and most frequently used for access-and-downloading type offenses<br />
# Accessing without authorization (not "exceeding") a US government owned or controlled computer<br />
# Equivalent to the statute on [http://www.law.cornell.edu/uscode/text/18/1343 wire fraud], but replacing "wire" with "computer" and tweaking the details <br />
#: Overlap with WFA, rather irrelevant in current environs<br />
# Computer damage<br />
#: three separate crimes ("damage" = impairment to integrity and availability of data; "loss" = reasonable cost of responding to offense, including costs of damage assessment)<br />
#:: knowingly cause transmission of program and intentionally cause damage<br />
#:: intentionally access a computer and as a result recklessly cause damage<br />
#:: intentionally access a computer and as a result cause damage and "loss" <br />
# Password Trafficking <br />
# Extortion through use of computer<br />
<br />
== Proposed solutions == <br />
<br />
=== Aaron's Law ===<br />
* Lower some of the penalties for crimes that produce little or no harm, <br />
* Delete a provision that is repeated elsewhere in the statute <br />
* Clarify once and for all that violating terms of service agreements is not a crime.<br />
*: NB - Chin in US v. Drew - precedent that an individual, violating a TOS without a script, is pretty clearly not a crime. But it is still always used as a threat to amplify perceived risk. <br />
<br />
; current status<br />
* referred to the Committee on Crime, Terr, Homeland Security subcomm of Judiciary Committee (chair: Sensenbrenner)<br />
<br />
== Principles ==<br />
: compare [https://necessaryandproportionate.org/text Necessary and Proportionate] principles<br />
<br />
What substantive things should be in a rational computer crime law? <br />
<br />
=== Positive principles ===<br />
; Parallelism with non-computer crime law<br />
<br />
; Proportionate punishment<br />
<br />
<br />
=== Negative principles ===<br />
; Avoid confusion/overlap between different parts of the government : in terms of means and ways<br />
* b/t different parts of the government<br />
* b/t different phil and pol goals<br />
* b/t social-good and infosec goals<br />
<br />
<br />
=== Open questions ===<br />
Feel free to suggest brief answers, pointers to where this is discussed. <br />
<br />
; Does 'authentication' make sense as the basis for such a law? <br />
: As opposed to other corollaries re: trespass and access. Compare historical ways of handling these issues.<br />
: Is feigning authentication fraud? (when simply making up a new account; impersonating yourself, and not someone else)<br />
<br />
; Where do the following edge cases fall?<br />
* 'sockpuppeting' authentication where it's assumed you have one-account-per-user?<br />
: This is rarely prevented clearly. <br />
<br />
; Circumventing the auth process? <br />
<br />
; What's the ECTF doing? <br />
: (cf fix-hacking-laws essay)<br />
<br />
== Active proposals ==<br />
<br />
=== Patching existing law ===<br />
; EFF proposals and ideas<br />
* Limit scope of "exceeding authorized access"<br />
: Say: contractual violation can't be the basis for this<br />
* Amend the Wire Fraud Act<br />
: Say: contractual violation can't be the basis for this<br />
* lower penalties for crimes that produce little or no harm<br />
* cleanup: delete repeated provision, delete provision repeated in WFA<br />
* clarify once and for all that violating TOS is not a crime (nb: it can still be prosecuted civilly)<br />
<br />
; Fork the Law page, listing legal history and proposed changes<br />
* [http://forkthelaw.org/node/9 From mid-2013]<br />
<br />
<br />
=== Creating something new ===<br />
; Manifesto <br />
*A la necessary and proportionate manifesto created after PRISM: https://necessaryandproportionate.org/text<br />
* Hack on this version: [https://pad.textb.org/p/CFAA CFAA replacement]<br />
; Drafting example legislation?<br />
<br />
=== Additional needed resources (1 hour projects) ===<br />
<br />
* mapping out where the CFAA overlaps with existing law; identifying areas left untouched.</div>192.54.222.3https://wiki.extremist.software/index.php?title=Aaron_projects/CFAA&diff=35322Aaron projects/CFAA2013-11-09T17:22:43Z<p>192.54.222.3: /* Open questions */</p>
<hr />
<div><center>''Work in progress; please link to other work here''</center><br />
<br />
;Goal: Let's prepare for a full repeal of the CFAA and replacement with sane law. <br />
;Questions: How would we construct good law in these areas, from scratch? <br />
: How do different areas of law, policy, and internet governance view the law and its impact? <br />
: What would it take to generate support for a [repeal + replace] action, in each area? <br />
: What are the professional and philosophical circles for each of these areas, where these issues are discussed? <br />
<br />
== Overview ==<br />
The CFAA was developed over time as a merger of ~7 different areas of law. It has developed in an aggregate way, and few groups are happy with the current law. It is so broad that prosecutors like it because they can use it to force plea bargains, since it applies to almost everything in its sphere of action (relying on prosecutorial judgement).<br />
<br />
Different parts of the story: National defense, cyber war, data sec, corporate law, contracts online. Authorization based on code, contract, social norms. Legal frameworks used to push political means. Career standards for prosecutors defined in political ways. <br />
<br />
=== Background ===<br />
; Aaron's Law<br />
* [http://www.dmlp.org/blog/2013/impact-aarons-law-aaron-swartzs-case Analysis from January], [https://www.eff.org/document/eff-cfaa-improvements EFF suggested changes] <br />
*[http://www.slate.com/blogs/crime/2013/06/20/aaron_s_law_zoe_lofgren_s_new_bill_would_help_reform_the_cfaa_will_congress.html June update via Lofgren], [https://www.eff.org/deeplinks/2013/07/critics-aarons-law-emerge-agree-statute-has-problems July update via Wyden]<br />
* [https://action.eff.org/o/9042/p/dia/action/public/?action_KEY=9005 EFF action page] - '''send a letter''' to your senators<br />
<br />
; Govtrack updates<br />
* [https://www.govtrack.us/congress/bills/113/hr2454#overview H.R. 2454] (Lofgren bill; referred to House Judiciary subcommittee on Crime, Terrorism, Homeland Security, and Investigations)<br />
* [https://www.govtrack.us/congress/bills/113/s1196#overview S. 1196] (Wyden bill; referred to Senate Judiciary)<br />
* [https://www.govtrack.us/congress/bills/113/hr2077 H.R. 2077] (Perlmutter bill; referred to House Judiciary subcommittee on Crime, Terrorism, Homeland Security, and Investigations)<br />
* [https://www.govtrack.us/congress/bills/113/s1426 S. 1426] (Blumenthal bill; referred to Senate Health, Education, Labor, and Pensions Committee)<br />
<br />
=== Comparative Law ===<br />
<br />
== Details ==<br />
;Aspects of the search: <br />
* "Advanced technical crime" -- The deployment of the SS was a bit peculiar; but they were the only fed. agents trained in what they were looking for.<br />
<br />
;Civil rights concerns<br />
* Part of the prosecution that was particularly troubling: at one point in the invest., it felt that they were keeping the prosecution going b/c they'd spent so much time bringing it along. There was no will from victims to keep it going, and not necc. any other desire, but the prosecutors for their own reason wanted conclusion. <br />
*: Suggestion: ''employ economists to remind people of sunk costs''<br />
<br />
;Three levels of problem<br />
* Occlusion of different agendas and sets of laws<br />
*: Compare pre-computer to post-computer laws for identical crimes.<br />
* Problems with prosecution as it happens today<br />
*: Motivations for initiating/closing cases<br />
* The nature of CFAA as it's been employed<br />
*: Failure of proportionality<br />
<br />
=== Legal elements ===<br />
There are 7 planks to [http://www.law.cornell.edu/uscode/text/18/1030 18 U.S.C. § 1030]<br />
<br />
# Knowingly accessing a computer without access or exceeding access, and obtaining security, foreign relations, atomic info<br />
#: rarely used, as it is substantively overlapped by other ares<br />
# Intentionally accessing a computer without access or exceeding access, and in so doing obtaining "information," financial records, or U.S. government info.<br />
#: the biggest and most frequently used for access-and-downloading type offenses<br />
# Accessing without authorization (not "exceeding") a US government owned or controlled computer<br />
# Equivalent to the statute on [http://www.law.cornell.edu/uscode/text/18/1343 wire fraud], but replacing "wire" with "computer" and tweaking the details <br />
#: Overlap with WFA, rather irrelevant in current environs<br />
# Computer damage<br />
#: three separate crimes ("damage" = impairment to integrity and availability of data; "loss" = reasonable cost of responding to offense, including costs of damage assessment)<br />
#:: knowingly cause transmission of program and intentionally cause damage<br />
#:: intentionally access a computer and as a result recklessly cause damage<br />
#:: intentionally access a computer and as a result cause damage and "loss" <br />
# Password Trafficking <br />
# Extortion through use of computer<br />
<br />
== Proposed solutions == <br />
<br />
=== Aaron's Law ===<br />
* Lower some of the penalties for crimes that produce little or no harm, <br />
* Delete a provision that is repeated elsewhere in the statute <br />
* Clarify once and for all that violating terms of service agreements is not a crime.<br />
*: NB - Chin in US v. Drew - precedent that an individual, violating a TOS without a script, is pretty clearly not a crime. But it is still always used as a threat to amplify perceived risk. <br />
<br />
; current status<br />
* referred to the Committee on Crime, Terr, Homeland Security subcomm of Judiciary Committee (chair: Sensenbrenner)<br />
<br />
== Principles ==<br />
: compare [https://necessaryandproportionate.org/text Necessary and Proportionate] principles<br />
<br />
What substantive things should be in a rational computer crime law? <br />
<br />
=== Positive principles ===<br />
; Parallelism with non-computer crime law<br />
<br />
; Proportionate punishment<br />
<br />
<br />
=== Negative principles ===<br />
; Avoid confusion/overlap between different parts of the government : in terms of means and ways<br />
* b/t different parts of the government<br />
* b/t different phil and pol goals<br />
* b/t social-good and infosec goals<br />
<br />
<br />
=== Open questions ===<br />
Feel free to suggest brief answers, pointers to where this is discussed. <br />
<br />
; Does 'authentication' make sense as the basis for such a law? <br />
: As opposed to other corollaries re: trespass and access. Compare historical ways of handling these issues.<br />
: Is feigning authentication fraud? (when simply making up a new account; impersonating yourself, and not someone else)<br />
<br />
; Where does 'sockpuppeting' fall in the spectrum of decent of authentication?<br />
<br />
== Active proposals ==<br />
<br />
=== Patching existing law ===<br />
; EFF proposals and ideas<br />
* Limit scope of "exceeding authorized access"<br />
: Say: contractual violation can't be the basis for this<br />
* Amend the Wire Fraud Act<br />
: Say: contractual violation can't be the basis for this<br />
* lower penalties for crimes that produce little or no harm<br />
* cleanup: delete repeated provision, delete provision repeated in WFA<br />
* clarify once and for all that violating TOS is not a crime (nb: it can still be prosecuted civilly)<br />
<br />
; Fork the Law page, listing legal history and proposed changes<br />
* [http://forkthelaw.org/node/9 From mid-2013]<br />
<br />
<br />
=== Creating something new ===<br />
; Manifesto <br />
*A la necessary and proportionate manifesto created after PRISM: https://necessaryandproportionate.org/text<br />
* Hack on this version: [https://pad.textb.org/p/CFAA CFAA replacement]<br />
; Drafting example legislation?<br />
<br />
=== Additional needed resources (1 hour projects) ===<br />
<br />
* mapping out where the CFAA overlaps with existing law; identifying areas left untouched.</div>192.54.222.3https://wiki.extremist.software/index.php?title=Aaron_projects/CFAA&diff=35321Aaron projects/CFAA2013-11-09T17:20:46Z<p>192.54.222.3: /* Open questions */</p>
<hr />
<div><center>''Work in progress; please link to other work here''</center><br />
<br />
;Goal: Let's prepare for a full repeal of the CFAA and replacement with sane law. <br />
;Questions: How would we construct good law in these areas, from scratch? <br />
: How do different areas of law, policy, and internet governance view the law and its impact? <br />
: What would it take to generate support for a [repeal + replace] action, in each area? <br />
: What are the professional and philosophical circles for each of these areas, where these issues are discussed? <br />
<br />
== Overview ==<br />
The CFAA was developed over time as a merger of ~7 different areas of law. It has developed in an aggregate way, and few groups are happy with the current law. It is so broad that prosecutors like it because they can use it to force plea bargains, since it applies to almost everything in its sphere of action (relying on prosecutorial judgement).<br />
<br />
Different parts of the story: National defense, cyber war, data sec, corporate law, contracts online. Authorization based on code, contract, social norms. Legal frameworks used to push political means. Career standards for prosecutors defined in political ways. <br />
<br />
=== Background ===<br />
; Aaron's Law<br />
* [http://www.dmlp.org/blog/2013/impact-aarons-law-aaron-swartzs-case Analysis from January], [https://www.eff.org/document/eff-cfaa-improvements EFF suggested changes] <br />
*[http://www.slate.com/blogs/crime/2013/06/20/aaron_s_law_zoe_lofgren_s_new_bill_would_help_reform_the_cfaa_will_congress.html June update via Lofgren], [https://www.eff.org/deeplinks/2013/07/critics-aarons-law-emerge-agree-statute-has-problems July update via Wyden]<br />
* [https://action.eff.org/o/9042/p/dia/action/public/?action_KEY=9005 EFF action page] - '''send a letter''' to your senators<br />
<br />
; Govtrack updates<br />
* [https://www.govtrack.us/congress/bills/113/hr2454#overview H.R. 2454] (Lofgren bill; referred to House Judiciary subcommittee on Crime, Terrorism, Homeland Security, and Investigations)<br />
* [https://www.govtrack.us/congress/bills/113/s1196#overview S. 1196] (Wyden bill; referred to Senate Judiciary)<br />
* [https://www.govtrack.us/congress/bills/113/hr2077 H.R. 2077] (Perlmutter bill; referred to House Judiciary subcommittee on Crime, Terrorism, Homeland Security, and Investigations)<br />
* [https://www.govtrack.us/congress/bills/113/s1426 S. 1426] (Blumenthal bill; referred to Senate Health, Education, Labor, and Pensions Committee)<br />
<br />
=== Comparative Law ===<br />
<br />
== Details ==<br />
;Aspects of the search: <br />
* "Advanced technical crime" -- The deployment of the SS was a bit peculiar; but they were the only fed. agents trained in what they were looking for.<br />
<br />
;Civil rights concerns<br />
* Part of the prosecution that was particularly troubling: at one point in the invest., it felt that they were keeping the prosecution going b/c they'd spent so much time bringing it along. There was no will from victims to keep it going, and not necc. any other desire, but the prosecutors for their own reason wanted conclusion. <br />
*: Suggestion: ''employ economists to remind people of sunk costs''<br />
<br />
;Three levels of problem<br />
* Occlusion of different agendas and sets of laws<br />
*: Compare pre-computer to post-computer laws for identical crimes.<br />
* Problems with prosecution as it happens today<br />
*: Motivations for initiating/closing cases<br />
* The nature of CFAA as it's been employed<br />
*: Failure of proportionality<br />
<br />
=== Legal elements ===<br />
There are 7 planks to [http://www.law.cornell.edu/uscode/text/18/1030 18 U.S.C. § 1030]<br />
<br />
# Knowingly accessing a computer without access or exceeding access, and obtaining security, foreign relations, atomic info<br />
#: rarely used, as it is substantively overlapped by other ares<br />
# Intentionally accessing a computer without access or exceeding access, and in so doing obtaining "information," financial records, or U.S. government info.<br />
#: the biggest and most frequently used for access-and-downloading type offenses<br />
# Accessing without authorization (not "exceeding") a US government owned or controlled computer<br />
# Equivalent to the statute on [http://www.law.cornell.edu/uscode/text/18/1343 wire fraud], but replacing "wire" with "computer" and tweaking the details <br />
#: Overlap with WFA, rather irrelevant in current environs<br />
# Computer damage<br />
#: three separate crimes ("damage" = impairment to integrity and availability of data; "loss" = reasonable cost of responding to offense, including costs of damage assessment)<br />
#:: knowingly cause transmission of program and intentionally cause damage<br />
#:: intentionally access a computer and as a result recklessly cause damage<br />
#:: intentionally access a computer and as a result cause damage and "loss" <br />
# Password Trafficking <br />
# Extortion through use of computer<br />
<br />
== Proposed solutions == <br />
<br />
=== Aaron's Law ===<br />
* Lower some of the penalties for crimes that produce little or no harm, <br />
* Delete a provision that is repeated elsewhere in the statute <br />
* Clarify once and for all that violating terms of service agreements is not a crime.<br />
*: NB - Chin in US v. Drew - precedent that an individual, violating a TOS without a script, is pretty clearly not a crime. But it is still always used as a threat to amplify perceived risk. <br />
<br />
; current status<br />
* referred to the Committee on Crime, Terr, Homeland Security subcomm of Judiciary Committee (chair: Sensenbrenner)<br />
<br />
== Principles ==<br />
: compare [https://necessaryandproportionate.org/text Necessary and Proportionate] principles<br />
<br />
What substantive things should be in a rational computer crime law? <br />
<br />
=== Positive principles ===<br />
; Parallelism with non-computer crime law<br />
<br />
; Proportionate punishment<br />
<br />
<br />
=== Negative principles ===<br />
; Avoid confusion/overlap between different parts of the government : in terms of means and ways<br />
* b/t different parts of the government<br />
* b/t different phil and pol goals<br />
* b/t social-good and infosec goals<br />
<br />
<br />
=== Open questions ===<br />
Feel free to suggest brief answers, pointers to where this is discussed. <br />
<br />
; Does 'authentication' make sense as the basis for such a law? <br />
: As opposed to other corollaries re: trespass and access. Compare historical ways of handling these issues.<br />
: Is feigning authentication fraud? (when simply making up a new account; impersonating yourself, and not someone else)<br />
<br />
== Active proposals ==<br />
<br />
=== Patching existing law ===<br />
; EFF proposals and ideas<br />
* Limit scope of "exceeding authorized access"<br />
: Say: contractual violation can't be the basis for this<br />
* Amend the Wire Fraud Act<br />
: Say: contractual violation can't be the basis for this<br />
* lower penalties for crimes that produce little or no harm<br />
* cleanup: delete repeated provision, delete provision repeated in WFA<br />
* clarify once and for all that violating TOS is not a crime (nb: it can still be prosecuted civilly)<br />
<br />
; Fork the Law page, listing legal history and proposed changes<br />
* [http://forkthelaw.org/node/9 From mid-2013]<br />
<br />
<br />
=== Creating something new ===<br />
; Manifesto <br />
*A la necessary and proportionate manifesto created after PRISM: https://necessaryandproportionate.org/text<br />
* Hack on this version: [https://pad.textb.org/p/CFAA CFAA replacement]<br />
; Drafting example legislation?<br />
<br />
=== Additional needed resources (1 hour projects) ===<br />
<br />
* mapping out where the CFAA overlaps with existing law; identifying areas left untouched.</div>192.54.222.3https://wiki.extremist.software/index.php?title=Aaron_projects/CFAA&diff=35320Aaron projects/CFAA2013-11-09T17:19:51Z<p>192.54.222.3: /* Principles */</p>
<hr />
<div><center>''Work in progress; please link to other work here''</center><br />
<br />
;Goal: Let's prepare for a full repeal of the CFAA and replacement with sane law. <br />
;Questions: How would we construct good law in these areas, from scratch? <br />
: How do different areas of law, policy, and internet governance view the law and its impact? <br />
: What would it take to generate support for a [repeal + replace] action, in each area? <br />
: What are the professional and philosophical circles for each of these areas, where these issues are discussed? <br />
<br />
== Overview ==<br />
The CFAA was developed over time as a merger of ~7 different areas of law. It has developed in an aggregate way, and few groups are happy with the current law. It is so broad that prosecutors like it because they can use it to force plea bargains, since it applies to almost everything in its sphere of action (relying on prosecutorial judgement).<br />
<br />
Different parts of the story: National defense, cyber war, data sec, corporate law, contracts online. Authorization based on code, contract, social norms. Legal frameworks used to push political means. Career standards for prosecutors defined in political ways. <br />
<br />
=== Background ===<br />
; Aaron's Law<br />
* [http://www.dmlp.org/blog/2013/impact-aarons-law-aaron-swartzs-case Analysis from January], [https://www.eff.org/document/eff-cfaa-improvements EFF suggested changes] <br />
*[http://www.slate.com/blogs/crime/2013/06/20/aaron_s_law_zoe_lofgren_s_new_bill_would_help_reform_the_cfaa_will_congress.html June update via Lofgren], [https://www.eff.org/deeplinks/2013/07/critics-aarons-law-emerge-agree-statute-has-problems July update via Wyden]<br />
* [https://action.eff.org/o/9042/p/dia/action/public/?action_KEY=9005 EFF action page] - '''send a letter''' to your senators<br />
<br />
; Govtrack updates<br />
* [https://www.govtrack.us/congress/bills/113/hr2454#overview H.R. 2454] (Lofgren bill; referred to House Judiciary subcommittee on Crime, Terrorism, Homeland Security, and Investigations)<br />
* [https://www.govtrack.us/congress/bills/113/s1196#overview S. 1196] (Wyden bill; referred to Senate Judiciary)<br />
* [https://www.govtrack.us/congress/bills/113/hr2077 H.R. 2077] (Perlmutter bill; referred to House Judiciary subcommittee on Crime, Terrorism, Homeland Security, and Investigations)<br />
* [https://www.govtrack.us/congress/bills/113/s1426 S. 1426] (Blumenthal bill; referred to Senate Health, Education, Labor, and Pensions Committee)<br />
<br />
=== Comparative Law ===<br />
<br />
== Details ==<br />
;Aspects of the search: <br />
* "Advanced technical crime" -- The deployment of the SS was a bit peculiar; but they were the only fed. agents trained in what they were looking for.<br />
<br />
;Civil rights concerns<br />
* Part of the prosecution that was particularly troubling: at one point in the invest., it felt that they were keeping the prosecution going b/c they'd spent so much time bringing it along. There was no will from victims to keep it going, and not necc. any other desire, but the prosecutors for their own reason wanted conclusion. <br />
*: Suggestion: ''employ economists to remind people of sunk costs''<br />
<br />
;Three levels of problem<br />
* Occlusion of different agendas and sets of laws<br />
*: Compare pre-computer to post-computer laws for identical crimes.<br />
* Problems with prosecution as it happens today<br />
*: Motivations for initiating/closing cases<br />
* The nature of CFAA as it's been employed<br />
*: Failure of proportionality<br />
<br />
=== Legal elements ===<br />
There are 7 planks to [http://www.law.cornell.edu/uscode/text/18/1030 18 U.S.C. § 1030]<br />
<br />
# Knowingly accessing a computer without access or exceeding access, and obtaining security, foreign relations, atomic info<br />
#: rarely used, as it is substantively overlapped by other ares<br />
# Intentionally accessing a computer without access or exceeding access, and in so doing obtaining "information," financial records, or U.S. government info.<br />
#: the biggest and most frequently used for access-and-downloading type offenses<br />
# Accessing without authorization (not "exceeding") a US government owned or controlled computer<br />
# Equivalent to the statute on [http://www.law.cornell.edu/uscode/text/18/1343 wire fraud], but replacing "wire" with "computer" and tweaking the details <br />
#: Overlap with WFA, rather irrelevant in current environs<br />
# Computer damage<br />
#: three separate crimes ("damage" = impairment to integrity and availability of data; "loss" = reasonable cost of responding to offense, including costs of damage assessment)<br />
#:: knowingly cause transmission of program and intentionally cause damage<br />
#:: intentionally access a computer and as a result recklessly cause damage<br />
#:: intentionally access a computer and as a result cause damage and "loss" <br />
# Password Trafficking <br />
# Extortion through use of computer<br />
<br />
== Proposed solutions == <br />
<br />
=== Aaron's Law ===<br />
* Lower some of the penalties for crimes that produce little or no harm, <br />
* Delete a provision that is repeated elsewhere in the statute <br />
* Clarify once and for all that violating terms of service agreements is not a crime.<br />
*: NB - Chin in US v. Drew - precedent that an individual, violating a TOS without a script, is pretty clearly not a crime. But it is still always used as a threat to amplify perceived risk. <br />
<br />
; current status<br />
* referred to the Committee on Crime, Terr, Homeland Security subcomm of Judiciary Committee (chair: Sensenbrenner)<br />
<br />
== Principles ==<br />
: compare [https://necessaryandproportionate.org/text Necessary and Proportionate] principles<br />
<br />
What substantive things should be in a rational computer crime law? <br />
<br />
=== Positive principles ===<br />
; Parallelism with non-computer crime law<br />
<br />
; Proportionate punishment<br />
<br />
<br />
=== Negative principles ===<br />
; Avoid confusion/overlap between different parts of the government : in terms of means and ways<br />
* b/t different parts of the government<br />
* b/t different phil and pol goals<br />
* b/t social-good and infosec goals<br />
<br />
<br />
=== Open questions ===<br />
Feel free to suggest brief answers, pointers to where this is discussed. <br />
<br />
; Does 'authorization' make sense as the basis for such a law? <br />
: As opposed to other corollaries re: trespass and access. Compare historical ways of handling these issues.<br />
<br />
== Active proposals ==<br />
<br />
=== Patching existing law ===<br />
; EFF proposals and ideas<br />
* Limit scope of "exceeding authorized access"<br />
: Say: contractual violation can't be the basis for this<br />
* Amend the Wire Fraud Act<br />
: Say: contractual violation can't be the basis for this<br />
* lower penalties for crimes that produce little or no harm<br />
* cleanup: delete repeated provision, delete provision repeated in WFA<br />
* clarify once and for all that violating TOS is not a crime (nb: it can still be prosecuted civilly)<br />
<br />
; Fork the Law page, listing legal history and proposed changes<br />
* [http://forkthelaw.org/node/9 From mid-2013]<br />
<br />
<br />
=== Creating something new ===<br />
; Manifesto <br />
*A la necessary and proportionate manifesto created after PRISM: https://necessaryandproportionate.org/text<br />
* Hack on this version: [https://pad.textb.org/p/CFAA CFAA replacement]<br />
; Drafting example legislation?<br />
<br />
=== Additional needed resources (1 hour projects) ===<br />
<br />
* mapping out where the CFAA overlaps with existing law; identifying areas left untouched.</div>192.54.222.3https://wiki.extremist.software/index.php?title=Aaron_projects/CFAA&diff=35318Aaron projects/CFAA2013-11-09T17:14:48Z<p>192.54.222.3: /* Open questions */</p>
<hr />
<div><center>''Work in progress; please link to other work here''</center><br />
<br />
;Goal: Let's prepare for a full repeal of the CFAA and replacement with sane law. <br />
;Questions: How would we construct good law in these areas, from scratch? <br />
: How do different areas of law, policy, and internet governance view the law and its impact? <br />
: What would it take to generate support for a [repeal + replace] action, in each area? <br />
: What are the professional and philosophical circles for each of these areas, where these issues are discussed? <br />
<br />
== Overview ==<br />
The CFAA was developed over time as a merger of ~7 different areas of law. It has developed in an aggregate way, and few groups are happy with the current law. It is so broad that prosecutors like it because they can use it to force plea bargains, since it applies to almost everything in its sphere of action (relying on prosecutorial judgement).<br />
<br />
Different parts of the story: National defense, cyber war, data sec, corporate law, contracts online. Authorization based on code, contract, social norms. Legal frameworks used to push political means. Career standards for prosecutors defined in political ways. <br />
<br />
=== Background ===<br />
; Aaron's Law<br />
* [http://www.dmlp.org/blog/2013/impact-aarons-law-aaron-swartzs-case Analysis from January], [https://www.eff.org/document/eff-cfaa-improvements EFF suggested changes] <br />
*[http://www.slate.com/blogs/crime/2013/06/20/aaron_s_law_zoe_lofgren_s_new_bill_would_help_reform_the_cfaa_will_congress.html June update via Lofgren], [https://www.eff.org/deeplinks/2013/07/critics-aarons-law-emerge-agree-statute-has-problems July update via Wyden]<br />
* [https://action.eff.org/o/9042/p/dia/action/public/?action_KEY=9005 EFF action page] - '''send a letter''' to your senators<br />
<br />
; Govtrack updates<br />
* [https://www.govtrack.us/congress/bills/113/hr2454#overview H.R. 2454] (Lofgren bill; referred to House Judiciary subcommittee on Crime, Terrorism, Homeland Security, and Investigations)<br />
* [https://www.govtrack.us/congress/bills/113/s1196#overview S. 1196] (Wyden bill; referred to Senate Judiciary)<br />
* [https://www.govtrack.us/congress/bills/113/hr2077 H.R. 2077] (Perlmutter bill; referred to House Judiciary subcommittee on Crime, Terrorism, Homeland Security, and Investigations)<br />
* [https://www.govtrack.us/congress/bills/113/s1426 S. 1426] (Blumenthal bill; referred to Senate Health, Education, Labor, and Pensions Committee)<br />
<br />
=== Comparative Law ===<br />
<br />
== Details ==<br />
;Aspects of the search: <br />
* "Advanced technical crime" -- The deployment of the SS was a bit peculiar; but they were the only fed. agents trained in what they were looking for.<br />
<br />
;Civil rights concerns<br />
* Part of the prosecution that was particularly troubling: at one point in the invest., it felt that they were keeping the prosecution going b/c they'd spent so much time bringing it along. There was no will from victims to keep it going, and not necc. any other desire, but the prosecutors for their own reason wanted conclusion. <br />
*: Suggestion: ''employ economists to remind people of sunk costs''<br />
<br />
;Three levels of problem<br />
* Occlusion of different agendas and sets of laws<br />
*: Compare pre-computer to post-computer laws for identical crimes.<br />
* Problems with prosecution as it happens today<br />
*: Motivations for initiating/closing cases<br />
* The nature of CFAA as it's been employed<br />
*: Failure of proportionality<br />
<br />
=== Legal elements ===<br />
There are 7 planks to [http://www.law.cornell.edu/uscode/text/18/1030 18 U.S.C. § 1030]<br />
<br />
# Knowingly accessing a computer without access or exceeding access, and obtaining security, foreign relations, atomic info<br />
#: rarely used, as it is substantively overlapped by other ares<br />
# Intentionally accessing a computer without access or exceeding access, and in so doing obtaining "information," financial records, or U.S. government info.<br />
#: the biggest and most frequently used for access-and-downloading type offenses<br />
# Accessing without authorization (not "exceeding") a US government owned or controlled computer<br />
# Equivalent to the statute on [http://www.law.cornell.edu/uscode/text/18/1343 wire fraud], but replacing "wire" with "computer" and tweaking the details <br />
#: Overlap with WFA, rather irrelevant in current environs<br />
# Computer damage<br />
#: three separate crimes ("damage" = impairment to integrity and availability of data; "loss" = reasonable cost of responding to offense, including costs of damage assessment)<br />
#:: knowingly cause transmission of program and intentionally cause damage<br />
#:: intentionally access a computer and as a result recklessly cause damage<br />
#:: intentionally access a computer and as a result cause damage and "loss" <br />
# Password Trafficking <br />
# Extortion through use of computer<br />
<br />
== Proposed solutions == <br />
<br />
=== Aaron's Law ===<br />
* Lower some of the penalties for crimes that produce little or no harm, <br />
* Delete a provision that is repeated elsewhere in the statute <br />
* Clarify once and for all that violating terms of service agreements is not a crime.<br />
*: NB - Chin in US v. Drew - precedent that an individual, violating a TOS without a script, is pretty clearly not a crime. But it is still always used as a threat to amplify perceived risk. <br />
<br />
; current status<br />
* referred to the Committee on Crime, Terr, Homeland Security subcomm of Judiciary Committee (chair: Sensenbrenner)<br />
<br />
== Principles ==<br />
: compare [https://necessaryandproportionate.org/text Necessary and Proportionate] principles<br />
<br />
What substantive things should be in a rational computer crime law? <br />
<br />
=== Positive principles ===<br />
; Parallelism with non-computer crime law<br />
<br />
; Proportionate punishment<br />
<br />
<br />
=== Negative principles ===<br />
; Avoid confusion/overlap between different parts of the government : in terms of means and ways<br />
* b/t different parts of the government<br />
* b/t different phil and pol goals<br />
* b/t social-good and infosec goals<br />
<br />
== Active proposals ==<br />
<br />
=== Patching existing law ===<br />
; EFF proposals and ideas<br />
* Limit scope of "exceeding authorized access"<br />
: Say: contractual violation can't be the basis for this<br />
* Amend the Wire Fraud Act<br />
: Say: contractual violation can't be the basis for this<br />
* lower penalties for crimes that produce little or no harm<br />
* cleanup: delete repeated provision, delete provision repeated in WFA<br />
* clarify once and for all that violating TOS is not a crime (nb: it can still be prosecuted civilly)<br />
<br />
; Fork the Law page, listing legal history and proposed changes<br />
* [http://forkthelaw.org/node/9 From mid-2013]<br />
<br />
<br />
=== Creating something new ===<br />
; Manifesto <br />
*A la necessary and proportionate manifesto created after PRISM: https://necessaryandproportionate.org/text<br />
* Hack on this version: [https://pad.textb.org/p/CFAA CFAA replacement]<br />
; Drafting example legislation?</div>192.54.222.3https://wiki.extremist.software/index.php?title=Aaron_projects/CFAA&diff=35300Aaron projects/CFAA2013-11-09T15:05:43Z<p>192.54.222.3: /* EFF proposals */</p>
<hr />
<div><center>''Work in progress; please link to other work here''</center><br />
<br />
;Goal: Let's prepare for a full repeal of the CFAA and replacement with sane law. <br />
;Questions: How would we construct good law in these areas, from scratch? <br />
: How do different areas of law, policy, and internet governance view the law and its impact? <br />
: What would it take to generate support for a [repeal + replace] action, in each area? <br />
: What are the professional and philosophical circles for each of these areas, where these issues are discussed? <br />
<br />
== Overview ==<br />
The CFAA was developed over time as a merger of ~7 different areas of law. It has developed in an aggregate way, and few groups are happy with the current law. It is so broad that prosecutors like it because they can use it to force plea bargains, since it applies to almost everything in its sphere of action (relying on prosecutorial judgement).<br />
<br />
Different parts of the story: National defense, cyber war, data sec, corporate law, contracts online. Authorization based on code, contract, social norms. Legal frameworks used to push political means. Career standards for prosecutors defined in political ways. <br />
<br />
== Background ==<br />
; Aaron's Law<br />
* [http://www.dmlp.org/blog/2013/impact-aarons-law-aaron-swartzs-case Analysis from January], [https://www.eff.org/document/eff-cfaa-improvements EFF suggested changes] <br />
*[http://www.slate.com/blogs/crime/2013/06/20/aaron_s_law_zoe_lofgren_s_new_bill_would_help_reform_the_cfaa_will_congress.html June update via Lofgren], [https://www.eff.org/deeplinks/2013/07/critics-aarons-law-emerge-agree-statute-has-problems July update via Wyden]<br />
* [https://action.eff.org/o/9042/p/dia/action/public/?action_KEY=9005 EFF action page] - '''send a letter''' to your senators<br />
<br />
== Details ==<br />
;Aspects of the search: <br />
* "Advanced technical crime" -- The deployment of the SS was a bit peculiar; but they were the only fed. agents trained in what they were looking for.<br />
<br />
;Civil rights concerns<br />
* Part of the prosecution that was particularly troubling: at one point in the invest., it felt that they were keeping the prosecution going b/c they'd spent so much time bringing it along. There was no will from victims to keep it going, and not necc. any other desire, but the prosecutors for their own reason wanted conclusion. <br />
*: Suggestion: ''employ economists to remind people of sunk costs''<br />
<br />
;Three levels of problem<br />
* Occlusion of different agendas and sets of laws<br />
*: Compare pre-computer to post-computer laws for identical crimes.<br />
* Problems with prosecution as it happens today<br />
*: Motivations for initiating/closing cases<br />
* The nature of CFAA as it's been employed<br />
*: Failure of proportionality<br />
<br />
== Legal issues ==<br />
* Violating TOS is not a crime: <br />
*: Chin in US v. Drew - an individual, violating a TOS without a script, is pretty clearly not a rime. <br />
* Still used in a civil context. <br />
<br />
* Lowers some of the penalties for crimes that produce little or no harm, <br />
* Delete a provision that is repeated elsewhere in the statute <br />
*Clarifies once and for all that violating terms of service agreements is not a crime.<br />
<br />
; Does 'authorization' make sense as the basis for such a law? <br />
: As opposed to other corollaries re: trespass and access?<br />
<br />
; Aaron's Law status<br />
* referred to the Committee on Crime, Terr, Homeland Security subcomm of Judiciary Committee (chair: Sensenbrenner)<br />
<br />
<br />
== Social issues ==<br />
<br />
; This shows confusion between different parts of the government : in terms of means and ways<br />
* b/t different parts of the government<br />
* b/t different phil and pol goals<br />
<br />
== Active proposals ==<br />
<br />
; Limiting scope of "exceeding authorized access"<br />
* Say: contractual violation can't be the basis for this<br />
; Amend the Wire Fraud Act<br />
: Say: contractual violation can't be the basis for this<br />
<br />
; Fork the Law page<br />
* [http://forkthelaw.org/node/9 From mid-2013]</div>192.54.222.3https://wiki.extremist.software/index.php?title=Aaron_projects/CFAA&diff=35299Aaron projects/CFAA2013-11-09T15:03:34Z<p>192.54.222.3: /* Legal issues */</p>
<hr />
<div><center>''Work in progress; please link to other work here''</center><br />
<br />
;Goal: Let's prepare for a full repeal of the CFAA and replacement with sane law. <br />
;Questions: How would we construct good law in these areas, from scratch? <br />
: How do different areas of law, policy, and internet governance view the law and its impact? <br />
: What would it take to generate support for a [repeal + replace] action, in each area? <br />
: What are the professional and philosophical circles for each of these areas, where these issues are discussed? <br />
<br />
== Overview ==<br />
The CFAA was developed over time as a merger of ~7 different areas of law. It has developed in an aggregate way, and few groups are happy with the current law. It is so broad that prosecutors like it because they can use it to force plea bargains, since it applies to almost everything in its sphere of action (relying on prosecutorial judgement).<br />
<br />
Different parts of the story: National defense, cyber war, data sec, corporate law, contracts online. Authorization based on code, contract, social norms. Legal frameworks used to push political means. Career standards for prosecutors defined in political ways. <br />
<br />
== Background ==<br />
; Aaron's Law<br />
* [http://www.dmlp.org/blog/2013/impact-aarons-law-aaron-swartzs-case Analysis from January], [https://www.eff.org/document/eff-cfaa-improvements EFF suggested changes] <br />
*[http://www.slate.com/blogs/crime/2013/06/20/aaron_s_law_zoe_lofgren_s_new_bill_would_help_reform_the_cfaa_will_congress.html June update via Lofgren], [https://www.eff.org/deeplinks/2013/07/critics-aarons-law-emerge-agree-statute-has-problems July update via Wyden]<br />
* [https://action.eff.org/o/9042/p/dia/action/public/?action_KEY=9005 EFF action page] - '''send a letter''' to your senators<br />
<br />
== Details ==<br />
;Aspects of the search: <br />
* "Advanced technical crime" -- The deployment of the SS was a bit peculiar; but they were the only fed. agents trained in what they were looking for.<br />
<br />
;Civil rights concerns<br />
* Part of the prosecution that was particularly troubling: at one point in the invest., it felt that they were keeping the prosecution going b/c they'd spent so much time bringing it along. There was no will from victims to keep it going, and not necc. any other desire, but the prosecutors for their own reason wanted conclusion. <br />
*: Suggestion: ''employ economists to remind people of sunk costs''<br />
<br />
;Three levels of problem<br />
* Occlusion of different agendas and sets of laws<br />
*: Compare pre-computer to post-computer laws for identical crimes.<br />
* Problems with prosecution as it happens today<br />
*: Motivations for initiating/closing cases<br />
* The nature of CFAA as it's been employed<br />
*: Failure of proportionality<br />
<br />
== Legal issues ==<br />
* Violating TOS is not a crime: <br />
*: Chin in US v. Drew - an individual, violating a TOS without a script, is pretty clearly not a rime. <br />
* Still used in a civil context. <br />
<br />
* Lowers some of the penalties for crimes that produce little or no harm, <br />
* Delete a provision that is repeated elsewhere in the statute <br />
*Clarifies once and for all that violating terms of service agreements is not a crime.<br />
<br />
; Does 'authorization' make sense as the basis for such a law? <br />
: As opposed to other corollaries re: trespass and access?<br />
<br />
; Aaron's Law status<br />
* referred to the Committee on Crime, Terr, Homeland Security subcomm of Judiciary Committee (chair: Sensenbrenner)<br />
<br />
<br />
== Social issues ==<br />
<br />
; This shows confusion between different parts of the government : in terms of means and ways<br />
* b/t different parts of the government<br />
* b/t different phil and pol goals<br />
<br />
== EFF proposals ==<br />
<br />
; Limiting scope of "exceeding authorized access"<br />
* Say: contractual violation can't be the basis for this<br />
; Amend the Wire Fraud Act<br />
: Say: contractual violation can't be the basis for this</div>192.54.222.3https://wiki.extremist.software/index.php?title=Aaron_projects/CFAA&diff=35298Aaron projects/CFAA2013-11-09T15:01:16Z<p>192.54.222.3: /* Details */</p>
<hr />
<div><center>''Work in progress; please link to other work here''</center><br />
<br />
;Goal: Let's prepare for a full repeal of the CFAA and replacement with sane law. <br />
;Questions: How would we construct good law in these areas, from scratch? <br />
: How do different areas of law, policy, and internet governance view the law and its impact? <br />
: What would it take to generate support for a [repeal + replace] action, in each area? <br />
: What are the professional and philosophical circles for each of these areas, where these issues are discussed? <br />
<br />
== Overview ==<br />
The CFAA was developed over time as a merger of ~7 different areas of law. It has developed in an aggregate way, and few groups are happy with the current law. It is so broad that prosecutors like it because they can use it to force plea bargains, since it applies to almost everything in its sphere of action (relying on prosecutorial judgement).<br />
<br />
Different parts of the story: National defense, cyber war, data sec, corporate law, contracts online. Authorization based on code, contract, social norms. Legal frameworks used to push political means. Career standards for prosecutors defined in political ways. <br />
<br />
== Background ==<br />
; Aaron's Law<br />
* [http://www.dmlp.org/blog/2013/impact-aarons-law-aaron-swartzs-case Analysis from January], [https://www.eff.org/document/eff-cfaa-improvements EFF suggested changes] <br />
*[http://www.slate.com/blogs/crime/2013/06/20/aaron_s_law_zoe_lofgren_s_new_bill_would_help_reform_the_cfaa_will_congress.html June update via Lofgren], [https://www.eff.org/deeplinks/2013/07/critics-aarons-law-emerge-agree-statute-has-problems July update via Wyden]<br />
* [https://action.eff.org/o/9042/p/dia/action/public/?action_KEY=9005 EFF action page] - '''send a letter''' to your senators<br />
<br />
== Details ==<br />
;Aspects of the search: <br />
* "Advanced technical crime" -- The deployment of the SS was a bit peculiar; but they were the only fed. agents trained in what they were looking for.<br />
<br />
;Civil rights concerns<br />
* Part of the prosecution that was particularly troubling: at one point in the invest., it felt that they were keeping the prosecution going b/c they'd spent so much time bringing it along. There was no will from victims to keep it going, and not necc. any other desire, but the prosecutors for their own reason wanted conclusion. <br />
*: Suggestion: ''employ economists to remind people of sunk costs''<br />
<br />
;Three levels of problem<br />
* Occlusion of different agendas and sets of laws<br />
*: Compare pre-computer to post-computer laws for identical crimes.<br />
* Problems with prosecution as it happens today<br />
*: Motivations for initiating/closing cases<br />
* The nature of CFAA as it's been employed<br />
*: Failure of proportionality<br />
<br />
== Legal issues ==<br />
* Violating TOS is not a crime: <br />
*: Chin in US v. Drew - an individual, violating a TOS without a script, is pretty clearly not a rime. <br />
* Still used in a civil context. <br />
<br />
* Lowers some of the penalties for crimes that produce little or no harm, <br />
* Delete a provision that is repeated elsewhere in the statute <br />
*Clarifies once and for all that violating terms of service agreements is not a crime.<br />
<br />
; Does 'authorization' make sense as the basis for such a law? <br />
: As opposed to other corollaries re: trespass and access?<br />
<br />
== EFF proposals ==<br />
<br />
; Limiting scope of "exceeding authorized access"<br />
* Say: contractual violation can't be the basis for this<br />
; Amend the Wire Fraud Act<br />
: Say: contractual violation can't be the basis for this</div>192.54.222.3https://wiki.extremist.software/index.php?title=Aaron_projects&diff=35297Aaron projects2013-11-09T14:32:44Z<p>192.54.222.3: </p>
<hr />
<div>=== TOR ===<br />
* tor2web and jot2tor (virgil, SF)(oliver, BOS) : Tor2web makes it possible for internet users to view content from Tor hidden services. It's online in a (mostly) functioning form at http://tor2web.org . Jot2tor is an extension of this allowing users to use Aaron's jottit.com framework to easily create pages hosted on hidden services. Naturally, pages created via jot2tor are accessible from tor2web. Aaron and I actually worked on both of these projects until his death.<br />
*: OliverDay ('''Cambridge''')<br />
More information about what help we need is at: https://tor.jottit.com<br />
<br />
=== Access ===<br />
* Fork the Law ([[User:Christie|Christie]] ([[User talk:Christie|talk]]), SF) Fork the Law has spent the last few months working out what ordinary people need to know in order to effect legislative change. We're now working on condensing this down to a set of technical design requirements. We'd like to dig into turning the requirements into code, integrating existing open source applications and other services wherever possible. The repository for the development effort is https://github.com/fork-the-law/hancock.<br />
<br />
* [http://freelawproject.org Free Law Project] - non-profit providing free access to primary legal materials, developing legal research tools, and supporting academic research on legal corpora. Creators of CourtListener and Juriscraper. Easiest project for new contributor would be to extend juriscraper to cover another state court website not yet covered. See code on bitbucket.org. <br />
*: Free Law Machine is a virtual machine containing all dev tools and code one needs to get started.<br />
*: See also the "Free the Law" project @ HLS<br />
<br />
* [http://peerlibrary.org/ PeerLibrary] is a new open source project and a service providing collaborative reading, sharing and storing. Users can upload publications they want to read (currently in PDF format), read them in the browser in real-time with others, highlight, annotate and organize their own or collaborative library. PeerLibrary provides a search engine to search over all uploaded open access publications. Additionally, it aims to collaboratively aggregate the open layer of knowledge on top of this publications through public annotations and references user will add to publications. In this way publications would not just be available to read, but accessible to the general public as well. Currently, it is aiming at scientific community and scientific publications, but could be deployed for any other field (a StackExchange-like family is envisioned).<br />
*: [https://github.com/peerlibrary/peerlibrary source code] (build with [http://meteor.com/ Meteor])<br />
*: [https://archive.org/details/PeerLibraryPreview screencast of a prototype]<br />
*: [http://okcon.org/2013/09/12/okcon-2013-guest-post-peerlibrary-open-scientific-knowledge/ OKCon blog post about the ideas behind the project]<br />
*: [https://twitter.com/PeerLibrary @PeerLibrary]<br />
<br />
=== Personal archive ===<br />
*Archiving Aaron's writings (psawaya, '''SF'''). I think it'd be helpful to produce an archive of Aaron's writings, as the formatting on his blog isn't well-organized or good for reading on mobile devices. Some projects might include producing ePub and MOBI versions, organizing and tagging his writing, making it searchable, and perhaps even making it annotatable. It may be possible to build off of [https://github.com/joshleitzel/rawthought this project]. I recall not finding a Creative Commons declaration on Aaron's blog, though this project certainly seems to be in alignment with his ideals. Yan suggested talking about it with Noah Swartz.<br />
*: Interest: JoshL, SJ (Cambridge), JamesGrimm<br />
<br />
* Abelson Report ''TL;DR'' (Cambridge). Distillation and restating the Report to the President, such that more people can join in the conversations around the issues specific to MIT. [https://hackpad.com/TL-DR-lSAvXSwRYpH Ongoing project page]<br />
<br />
* Getting projects their own articles on Wikipedia<br />
*: James ('''Cambridge''')<br />
<br />
=== Legal Fixes ===<br />
* [[/CFAA|'''Repeal the CFAA''']]: SJ, Andy (Cambridge). The CFAA is broken; noone but prosecutors like it. Building a constructive, normative replacement, and strategies for getting support at all levels: executive, policy, law, prosecution, activists, cyberwar. Cooperating with Aaron's Law and EFF work; but also tackling. <br />
*: Most discussions of "CFAA reform" have been incremental, in a framework of discussing what changes to current law are possible and would help fix recent problems; as opposed to describing why CFAA is broken and what proportionate and moral laws in that space wold look like. <br />
*: We're trying to describe what effective policy would look like, starting from scratch. Policy, Legal, Social, Tech/Security, and Prosecutorial norms which make sense. <br />
*: [[/CFAA|Project details]] and analysis<br />
<br />
* Prosecutorial Overreach/Underreach: The DOJ turns a blind eye to war criminals and Wall St crooks yet throws the book at activists like Aaron. I've registered 14 domains that are variations of the three main prosecutors in Aaron's trail (i.e. carmenortiz.org, stephenheymann.org, etc.) The names Carmen Ortiz and Stephen Heymann are already synonymous with abuse of power. Let's cement that while drawing attention to other activists/whistleblowers who are being prosecuted for non-crimes. While we're at it, let's give prosecutors something useful to do by highlighting well documented but unprosecuted crimes (I'm looking at you John Yoo/Jamie Dimon/James Clapper).<br />
<br />
* Restore the Fourth placeholder. We'll know more closer to the date about which of our projects would benefit the most from this. Options include the various encrpytion/meshnet/other coding aspects, blog posts and other content development, or drafting policy documents and researching for coalition-building.<br />
<br />
=== Privacy and other software tools ===<br />
* Mailpile (brennan, Berlin): https://github.com/pagekite/mailpile<br />
<br />
* Indie Box: Set up our own web applications on cheap Linux devices (like the Raspberry Pi) in our own homes: http://indieboxproject.org/<br />
<br />
* Client-side encryption (Daniel, SF): a library for creating web apps that encrypt user data before sending it to the server. This is an attempt at keeping the convenience of cloud storage while retaining data privacy.<br />
<br />
=== Transparency ===<br />
* SecureDrop (yan/micah/garrett?/james?, SF): a platform for whistleblowers to transfer documents to newspapers directly. See https://github.com/freedomofpress/securedrop.<br />
*: Our ongoing documentation / q&a site is https://securedrop.hackpad.com. You can also find us on oftc #securedrop-dev.<br />
* SecureDrop (samthetechie, Berlin) https://pressfreedomfoundation.org/securedrop + https://github.com/freedomofpress/securedrop.<br />
*: Is there a place for people to publish already? <br />
<br />
* Transparency Toolkit (shidash, ?): Unfortunately Shidash is unavailable, but maybe someone else could do it?<br />
<br />
* Overview Project (Ian, SF): an open-source tool to help journalists (or anyone!) find stories in large sets of documents, by automatically sorting them according to topic and providing a fast visualization and reading interface. It's a way to quickly make sense of huge leaks, FOIA responses, and document dumps using a combination of clever algorithms and human intuition. Remember, transparency is meaningless if nobody's watching. Homepage: http://overview.ap.org/ Source: https://github.com/overview<br />
<br />
=== Activism tools ===<br />
* Taskforce (Sina, SF): https://taskforce.is are a group of developer volunteers working on a range of different activism tools and campaigns, aiming to improve the tools available to citizens and organizations advocating for better technology policy.<br />
** Two projects we'd love to collaborate on are: <br />
*** '''An SMS campaigning tool''' - Similar to MobileCommons, but open source. We have funding from Twilio that will enable this to exist as a "warning broadcast system" for people interested in tech advocacy. How it should work: The system would allow a user to sign up (either via SMS or via a web form) to receive SMS updates about tech advocacy projects. When a user signs up they immediately receive a text confirming their signup, and they can opt out any time. Admins can send messages to all subscribers via an admin interface. <br />
*** '''Crowdsourced anti-apathy platform''' - There's quite a bit of apathy with regards to surveillance in both the tech community and in the general public. We've been brainstorming to try and figure out how we can effectively convince people that it matters. Our best proposal thus far is to create a system to crowdsource the most convincing content, videos, photos and articles from around the web. Users would then be able to upvote the things that they found the most convincing.<br />
**Feel free to hack away. If you have any questions, feel free to email me (Email: [mailto:sina.khanifar@gmail.com], SMS: 949-878-8202). Also see https://github.com/tfrce and https://taskforce.is</div>192.54.222.3https://wiki.extremist.software/index.php?title=Aaron_projects&diff=35296Aaron projects2013-11-09T14:31:59Z<p>192.54.222.3: /* Personal archive */</p>
<hr />
<div>=== TOR ===<br />
* tor2web and jot2tor (virgil, SF)(oliver, BOS) : Tor2web makes it possible for internet users to view content from Tor hidden services. It's online in a (mostly) functioning form at http://tor2web.org . Jot2tor is an extension of this allowing users to use Aaron's jottit.com framework to easily create pages hosted on hidden services. Naturally, pages created via jot2tor are accessible from tor2web. Aaron and I actually worked on both of these projects until his death.<br />
*: OliverDay ('''Cambridge''')<br />
More information about what help we need is at: https://tor.jottit.com<br />
<br />
=== Access ===<br />
* Fork the Law ([[User:Christie|Christie]] ([[User talk:Christie|talk]]), SF) Fork the Law has spent the last few months working out what ordinary people need to know in order to effect legislative change. We're now working on condensing this down to a set of technical design requirements. We'd like to dig into turning the requirements into code, integrating existing open source applications and other services wherever possible. The repository for the development effort is https://github.com/fork-the-law/hancock.<br />
<br />
* [http://freelawproject.org Free Law Project] - non-profit providing free access to primary legal materials, developing legal research tools, and supporting academic research on legal corpora. Creators of CourtListener and Juriscraper. Easiest project for new contributor would be to extend juriscraper to cover another state court website not yet covered. See code on bitbucket.org. <br />
*: Free Law Machine is a virtual machine containing all dev tools and code one needs to get started.<br />
*: See also the "Free the Law" project @ HLS<br />
<br />
* [http://peerlibrary.org/ PeerLibrary] is a new open source project and a service providing collaborative reading, sharing and storing. Users can upload publications they want to read (currently in PDF format), read them in the browser in real-time with others, highlight, annotate and organize their own or collaborative library. PeerLibrary provides a search engine to search over all uploaded open access publications. Additionally, it aims to collaboratively aggregate the open layer of knowledge on top of this publications through public annotations and references user will add to publications. In this way publications would not just be available to read, but accessible to the general public as well. Currently, it is aiming at scientific community and scientific publications, but could be deployed for any other field (a StackExchange-like family is envisioned).<br />
*: [https://github.com/peerlibrary/peerlibrary source code] (build with [http://meteor.com/ Meteor])<br />
*: [https://archive.org/details/PeerLibraryPreview screencast of a prototype]<br />
*: [http://okcon.org/2013/09/12/okcon-2013-guest-post-peerlibrary-open-scientific-knowledge/ OKCon blog post about the ideas behind the project]<br />
*: [https://twitter.com/PeerLibrary @PeerLibrary]<br />
<br />
=== Personal archive ===<br />
*Archiving Aaron's writings (psawaya, '''SF'''). I think it'd be helpful to produce an archive of Aaron's writings, as the formatting on his blog isn't well-organized or good for reading on mobile devices. Some projects might include producing ePub and MOBI versions, organizing and tagging his writing, making it searchable, and perhaps even making it annotatable. It may be possible to build off of [https://github.com/joshleitzel/rawthought this project]. I recall not finding a Creative Commons declaration on Aaron's blog, though this project certainly seems to be in alignment with his ideals. Yan suggested talking about it with Noah Swartz.<br />
*: Interest: JoshL, SJ ('''Cambridge'''), JamesGrimm<br />
<br />
* Abelson Report ''TL;DR'' ('''Cambridge'''). Distillation and restating the Report to the President, such that more people can join in the conversations around the issues specific to MIT. [https://hackpad.com/TL-DR-lSAvXSwRYpH Ongoing project page]<br />
<br />
* Getting projects their own articles on Wikipedia<br />
*: James ('''Cambridge''')<br />
<br />
=== Legal Fixes ===<br />
* [[/CFAA|'''Repeal the CFAA''']]: SJ, Andy (Cambridge). The CFAA is broken; noone but prosecutors like it. Building a constructive, normative replacement, and strategies for getting support at all levels: executive, policy, law, prosecution, activists, cyberwar. Cooperating with Aaron's Law and EFF work; but also tackling. <br />
*: Most discussions of "CFAA reform" have been incremental, in a framework of discussing what changes to current law are possible and would help fix recent problems; as opposed to describing why CFAA is broken and what proportionate and moral laws in that space wold look like. <br />
*: We're trying to describe what effective policy would look like, starting from scratch. Policy, Legal, Social, Tech/Security, and Prosecutorial norms which make sense. <br />
*: [[/CFAA|Project details]] and analysis<br />
<br />
* Prosecutorial Overreach/Underreach: The DOJ turns a blind eye to war criminals and Wall St crooks yet throws the book at activists like Aaron. I've registered 14 domains that are variations of the three main prosecutors in Aaron's trail (i.e. carmenortiz.org, stephenheymann.org, etc.) The names Carmen Ortiz and Stephen Heymann are already synonymous with abuse of power. Let's cement that while drawing attention to other activists/whistleblowers who are being prosecuted for non-crimes. While we're at it, let's give prosecutors something useful to do by highlighting well documented but unprosecuted crimes (I'm looking at you John Yoo/Jamie Dimon/James Clapper).<br />
<br />
* Restore the Fourth placeholder. We'll know more closer to the date about which of our projects would benefit the most from this. Options include the various encrpytion/meshnet/other coding aspects, blog posts and other content development, or drafting policy documents and researching for coalition-building.<br />
<br />
=== Privacy and other software tools ===<br />
* Mailpile (brennan, Berlin): https://github.com/pagekite/mailpile<br />
<br />
* Indie Box: Set up our own web applications on cheap Linux devices (like the Raspberry Pi) in our own homes: http://indieboxproject.org/<br />
<br />
* Client-side encryption (Daniel, SF): a library for creating web apps that encrypt user data before sending it to the server. This is an attempt at keeping the convenience of cloud storage while retaining data privacy.<br />
<br />
=== Transparency ===<br />
* SecureDrop (yan/micah/garrett?/james?, SF): a platform for whistleblowers to transfer documents to newspapers directly. See https://github.com/freedomofpress/securedrop.<br />
*: Our ongoing documentation / q&a site is https://securedrop.hackpad.com. You can also find us on oftc #securedrop-dev.<br />
* SecureDrop (samthetechie, Berlin) https://pressfreedomfoundation.org/securedrop + https://github.com/freedomofpress/securedrop.<br />
*: Is there a place for people to publish already? <br />
<br />
* Transparency Toolkit (shidash, ?): Unfortunately Shidash is unavailable, but maybe someone else could do it?<br />
<br />
* Overview Project (Ian, SF): an open-source tool to help journalists (or anyone!) find stories in large sets of documents, by automatically sorting them according to topic and providing a fast visualization and reading interface. It's a way to quickly make sense of huge leaks, FOIA responses, and document dumps using a combination of clever algorithms and human intuition. Remember, transparency is meaningless if nobody's watching. Homepage: http://overview.ap.org/ Source: https://github.com/overview<br />
<br />
=== Activism tools ===<br />
* Taskforce (Sina, SF): https://taskforce.is are a group of developer volunteers working on a range of different activism tools and campaigns, aiming to improve the tools available to citizens and organizations advocating for better technology policy.<br />
** Two projects we'd love to collaborate on are: <br />
*** '''An SMS campaigning tool''' - Similar to MobileCommons, but open source. We have funding from Twilio that will enable this to exist as a "warning broadcast system" for people interested in tech advocacy. How it should work: The system would allow a user to sign up (either via SMS or via a web form) to receive SMS updates about tech advocacy projects. When a user signs up they immediately receive a text confirming their signup, and they can opt out any time. Admins can send messages to all subscribers via an admin interface. <br />
*** '''Crowdsourced anti-apathy platform''' - There's quite a bit of apathy with regards to surveillance in both the tech community and in the general public. We've been brainstorming to try and figure out how we can effectively convince people that it matters. Our best proposal thus far is to create a system to crowdsource the most convincing content, videos, photos and articles from around the web. Users would then be able to upvote the things that they found the most convincing.<br />
**Feel free to hack away. If you have any questions, feel free to email me (Email: [mailto:sina.khanifar@gmail.com], SMS: 949-878-8202). Also see https://github.com/tfrce and https://taskforce.is</div>192.54.222.3