TechCrunch reported Thursday on an interchange between Twitter co-founder Jack Dorsey and Lara Logan in which the former boy hacker delineates the difference between "criminal hacking" and the sort of activity that has fallen under "criminal" designations owing to the Computer Fraud and Abuse Act. He recounted to Logan how he was hired by a software firm after he found a security flaw in its security system through hacking. TechCrunch reprinting the dialogue:
Jack Dorsey: I found a way into the website. I found a hole. I found a security hole.
Lara Logan: Is that– are you– is that the same thing as hacking?
Jack Dorsey: It’s– ha– yes. Hacking– hacking is– hacking is– is–
Lara Logan: A crime.
Jack Dorsey: Well, no. Criminal hacking is a crime. Hacking is actually a–
Lara Logan: Hacking for a job application is not a crime?
Jack Dorsey: No, no, no, no, no. No, not a crime at all. And I emailed them and I said, “You have a security hole. Here’s how to fix it. And I write dispatch software.” And–
Lara Logan: And they hired you.
Jack Dorsey: And they hired me a week later. And it was a dream come true, which is a weird dream for a kid.
Hacker Andrew "Weev" Auernheimer was this week sentenced to 41 months in prison for finding a security flaw in AT&T's server, and leaking information to Gawker. As Weev told Salon, “The government asserted that after the fact, they can declare a given access to data anyone makes public ‘unauthorized’ and have you thrown in prison." Therein lies the risks of the dangerously broad CFAA.