I'm honesty curious what crime this would be. If I rent time on someone else's server, and they look at what I'm doing on that server, what illegal thing has happened?
AWS terms do not assign their customers any rights to any physical computer. And the AWS customer agreement gives Amazon the authority to access your data for certain purposes.
I'm not sure I've ever heard of anyone prosecuted under the CFAA for accessing a computer that they physically own and physically control. AWS is a service, not a computer rental.
> We will not access or use Your Content except as necessary to maintain or provide the Service Offerings, or as necessary to comply with the law or a binding order of a governmental body.
The CFAA uses wording like "exceeds authorized access", which Amazon would absolutely be guilty of if they went into your database to spy on your product listings.
If they could go after Aaron Swartz for using authorized access in an unauthorized way, it seems likely it could be applied here.
"One reason we could charge the price we did for the service is that we were treating the data we had access to as an investment. Thus the data we accessed was done so to ensure the service could be maintained."
Would a judge accept that argument? From me? No. From the lawyers Amazon can afford? I wouldn't be comfortable betting either way.
A reminder that the legal system is designed to serve the wealthy, and few are wealthier than Amazon. It's not absolute, but the little guy isn't going to walk away with Bezo's fortune in damages.
> In practice, any ordinary computer has come under the jurisdiction of the law, including cellphones, due to the interstate nature of most Internet communication.
If I buy my spouse a phone, and secretly bug it, I'm still violating wiretap laws, even if it's technically mine.
If I'm renting an apartment, my landlord can't install a camera in the bathroom, even if they're the owner of the building.
Ownership doesn't change the fact that the law says "exceeds authorized access". Amazon agrees to only access the computer I'm renting from them in very specific scenarios. If they violate that, it looks like a pretty clear CFAA violation.
Huh, WTF?! Your FBI used to railroad random kiddies for messing around with poorly programmed dynamic pages and now you’re arguing there’s nothing wrong if a hosting provider trespasses and mines your private property?!
The rules the FBI/DoJ applies to kids on irc are not the same rules the FBI/DoJ applies to multibilliondollar infrastructure companies and/or trusted military defense contractors (Amazon is both).
Equal protection or application of computer crime law (perhaps, any law) in the USA is a fiction. It would be practically illegal to invent and run a web spider today, for instance, if they didn’t already exist as a concept. (France recently decided this was true for news link aggregation; Google must pay the newspapers for reproducing their headlines. I’m glad hosted RSS readers aren’t outlawed so far, but under these sorts of restrictive legal interpretations you could see how they might be. Google doing AMP, of course, gets a free pass.)
If you don’t believe me about the web spider thing, try making a complete download of Twitter for the purpose of making a tweet search index and see if you get to continue owning your house. (My theory is that Clearview is allowed to do it for Instagram because they’re using the database to provide services to law enforcement/military, so those groups want it to continue to exist free of prosecution.)
Bummer that actively collaborating with violent types like pigs and military seems to be the only way to avoid jail if you want to build large novel data systems with interesting public datasets today. This sort of freedom to experiment with new/neat algorithms over published documents got us Google; today these same companies will get you raided if you dare download/index their data. (Facebook’s idea famously started out scraping public yearbook photos. Try scraping Facebook now.)
Amazon owns the computer and grants you limited rights to use it, in exchange for the money you pay them. It's basically the opposite of a script kiddie hacking into someone else's web server.
Now, indiscriminate access to your content might violate whatever commitments Amazon made to you in their terms of service; I have not read them for a long time and can't remember what the language is specifically. But that would not be a matter for the FBI.
Assuming that the information would be behind at least a password entrance that a user had setup, Amazon breaking through that would be considered illegal unless they had a court order or something. They can peer into metadata that your machine creates but I think looking at private information on a server that they lease out would be illegal. Maybe I'm just hopeful?
