Hacker News new | past | comments | ask | show | jobs | submit login

Well, in class actions, individual class-member damages are often small. Like $50 or whatever. But there are millions of class members.



Also tried and failed. Something legal about failing a test for appropriate aggregation.

Edit: A snippet of an article about the Halperin case...

'the court says that it can’t aggregate the harm to other putative class members to satisfy the damage threshold unless the damage arises out of a “single act.” And that poses a problem as the complaint is currently pled. The surreptitious install of the program by thousands of consumers (and putative class members) is not a “single act,” so Halperin can’t rely on this “act” when aggregating. Halperin argued that he shouldn’t be subject to the no-aggregation rule.'


So how come botnets aren't legal?


Sounds like you're trying to compare a civil class action lawsuit to a criminal case.

Additionally, if the botnet does what it typically does..that is, coordinate to attack a specific website, that sounds a lot like a "single act".

I'm not trying to argue with you, just noting that others have tried to persue your line of thought and failed.

Edit: Regarding "I'm just wondering how ads/trackers get such a pass from CFAA"

To date, they get a pass because nobody can show $5k damages for a "single act". Of course, that may not be the only defense strategy they could employ. It's worked well enough thus far that they haven't needed to argue anything else.

In the reverse direction, where an end user does something like "add some funny thing to the url" on a popular website, it's easy to show $5k of damages, because the target isn't one person's home PC.


I'm just wondering how ads/trackers get such a pass from CFAA. My initial comment was about JavaScript, but Halperin is about adware install! And isn't merely creating botnets illegal? Even if you use them only for good things.


OK, so there are criminal and civil liabilities for pwning corporate websites. But it's OK for corporate websites to pwn user devices. Because there's a $5K damages threshold for CFAA, and also a damages threshold for tort class representatives.

That's arguably a huge bug in the legal system. Maybe there's a niche for private compensation services. Anonymously crowd-funded. Somali model.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: