A US District Court is questioning whether taking advantage of a computer bug is considered hacking under the Computer Fraud and Abuse Act (CFAA), reports Wired. The CFAA has long been used by the federal government to target a broad scope of computer-related incidents, even though it was intended to target hacking. The law has seen a renewed criticism for its wide usage after the death of Aaron Swartz, who was being prosecuted under the act, and now a court is trying to determine whether the law's scope has narrowed in light of a separate case that was recently decided.
A ruling last month determined that under the CFAA an employee is not considered to have exceeded legal access to a computer if they violate an employer's computer policies. Now a court is considering whether that decision changes the ability to prosecute two casino patrons who exploited a bug in video poker machines to increase their winnings, Wired reports. Though John Kane and Andre Nestor reportedly discovered the bug by accident during the course of normal play, they're being tried for having then used the bug to earn money on multiple occasions in two different states.
But the bug itself only involved playing the machines, and not physically manipulating them in any way that the casino wouldn't allow. This could make the incident less about the type of hacking that the CFAA is meant to cover, and more about simple computer misuse. Ruling that it was not considered hacking under the CFAA could further show a limiting of the law's scope, and — though it will need to be upheld — a federal magistrate judge has already determined that the law is not applicable here. Wired has an in-depth report on the two men's situation, and they note that the judge is likely to rule on the matter this month.