[matthewmarkus]

If the CFAA doesn't apply to sys admins working at the highest levels of authorization, it seems to be a useless law. Foreign actors can simply hire sys admins to access whatever they want, no need for hacking.

I really do think the court has opened Pandora's box on this one. They should've voided the statute for vagueness if that was the concern. As it stands now, it has to be one of the dumbest laws on the books.

[JumpCrisscross]

> Foreign actors can simply hire sys admins to access whatever they want, no need for hacking

This is prosecutable under a myriad of existing laws. CFAA was specifically crafted to deter and punish hacking. As far as I know, that's still very much a thing.

[treis]

It's not immediately clear which laws. The whole point of the CFAA was that existing trespass & theft laws don't really work for digital files.

[JumpCrisscross]

> not immediately clear which laws

Yes it is, theft of trade secrets [1].

[1] https://www.justice.gov/opa/pr/former-dow-research-scientist...

[pbhjpbhj]

Espionage is illegal.

[wslack]

> If the CFAA doesn't apply to sys admins working at the highest levels of authorization, it seems to be a useless law. Foreign actors can simply hire sys admins to access whatever they want, no need for hacking.

It's still illegal to steal IP. But no, you can't charge a janitor with keys to the whole building for breaking and entering if he uses those keys to steal something.

You charge him for theft.

[LocalPCGuy]

Companies have a responsibility to vet their employees, first. I don't know how that is affected by the CFAA being a bit more constrained than it was before, which was extremely overly broad.

I strongly disagree with your assessment (re: Pandora's box, dumbness), but I do think and acknowledge it is a law worthy of being replaced with one more up to date and more clear.

[ByteJockey]

It prevents you from using someone else's credentials to access the system.

It prevents a whole bunch of other sophisticated attacks as well, but let's be honest, people just giving out their password or using a really weak password is the most likely scenario.