fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

US Supreme Court Restricts Broad Scope of CFAA Law

US Supreme Court Restricts Broad Scope of CFAA Law

Today, the US Supreme Court restricted the scope of the federal Computer Fraud and Abuse Act after overturning the conviction of a Georgia police officer who searched a police database for money.

As part of an FBI sting operation, Georgia police sergeant Nathan Van Buren was paid to search a law enforcement database for information about a particular license plate number. After providing the information, Van Buren was charged with a felony violation of the Computer Fraud and Abuse Act (CFAA).

The CFAA is a cybersecurity bill created in 1986 that prohibits unauthorized access to computer systems and networks or acts that “exceeds authorized access.” Due to the vague nature of the bill, the CFAA can be broadly interpreted to allow harmless actions such as violating a website’s terms of service or violating corporate policies by using work devices to access personal accounts on social sites.

However, Van Buren’s lawyers argued that the police officer had authorized access to the police database and did not exceed the authorized access given to him and should not be convicted under the CFAA.

Also Read: How to Prevent WhatsApp Hack: 7 Best Practices

Supreme court narrows scope of CFAA

In a 6-3 ruling in favor of Van Buren written by Justice Amy Coney Barret, the Court stated that while Van Buren’s actions were improper, they did not exceed his authorized access and did not fall under the CFAA.

“We must decide whether Van Buren also violated the Computer Fraud and Abuse Act of 1986 (CFAA), which makes it illegal “to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter,” reads the Supreme Court opinion.

“He did not. This provision covers those who obtain information from particular areas in the computer—such as files, folders, or databases—to which their computer access does not extend.”

“It does not cover those who, like Van Buren, have improper motives for obtaining information that is otherwise available to them.”

Barret’s opinion was joined by Justices Breyer, Sotomayer, Kaga, Gorsuch, and Kavanaugh.

In a dissenting opinion written by Justice Thomas and joined by Justice Roberts and Alito, Thomas argued that “the common law and statutory law have long punished those who exceed the scope of consent when using property that belongs to others.”

“In the end, the Act may or may not cover a wide array of conduct because of changes in technology that have occurred since 1984. But the text makes one thing clear: Using a police database to obtain information in circumstances where that use is expressly forbidden is a crime. I respectfully dissent.” – Justice Thomas.

Today’s ruling is seen as a step forward for critics of the CFAA and its overly broad interpretation.

“Today’s win is an important victory for users everywhere. The Court rightly held that exceeding authorized access under the CFAA does not encompass “violations of circumstance-based access restrictions on employers’ computers,” the EFF stated in a blog post about the ruling.

Also Read: 15 Best Tools For Your Windows 10 Privacy Settings Setup

“This means that private parties’ terms of service limitations on how you can use information, or for what purposes you can access it, are not criminally enforced by the CFAA,” the EFF added.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us