Is Electronic Snooping OK If You Have Good Intentions?
Should journalists or security researchers be able to access your home network and change settings without your permission, or snoop on your email and web browsing traffic, in order to further their research? I would think the answer is obviously no, even if the research is legitimate. But two stories that ran last week seem to be expressing dismay at restrictions placed on journalists or security researchers by the Computer Fraud and Abuse Act that allegedly prohibit them from doing exactly that. The issue is significant because, in the wake of several controversial prosecutions (Lori Drew, Aaron Swartz, Andrew Auernheimer (a/k/a “weev”)), there is considerable pressure building to amend the CFAA. I think it would be a serious mistake to amend the CFAA, or any other electronic intrusion statute, to permit journalists or security researchers — or possibly anyone describing themselves as such, such as bloggers or hobbyists — from accessing poorly secured home networks or private communications just out of curiosity.
Here’s Forbes privacy blogger Kashmir Hill on a security flaw in a home automation system: