Document Type
Article
Publication Date
2-2025
Language
en-US
Abstract
Computer science research sometimes brushes with the law, from red-team exercises that probe the boundaries of authentication mechanisms, to AI research processing copyrighted material, to platform research measuring the behavior of algorithms and users. U.S.-based computer security research is no stranger to the Computer Fraud and Abuse Act (CFAA) and the Digital Millennium Copyright Act (DMCA) in a relationship that is still evolving through case law, research practices, changing policies, and legislation
Amid the landscape computer scientists, lawyers, and policymakers have learned to navigate, anti-fraud laws are a surprisingly under-examined challenge for computer science research. Fraud brings separate issues that are not addressed by the methods for navigating CFAA, DMCA, and Terms of Service that are more familiar in the computer security literature. Although anti-fraud laws have been discussed to a limited extent in older research on phishing attacks, modern computer science researchers are left with little guidance when it comes to navigating issues of deception outside the context of pure laboratory research.
In this paper, we analyze and taxonomize the anti-fraud and deception issues that arise in several areas of computer science research. We find that, despite the lack of attention to these issues in the legal and computer science literature, issues of misrepresented identity or false information that could implicate anti-fraud laws are actually relevant to many methodologies used in computer science research, including penetration testing, web scraping, user studies, sock puppets, social engineering, auditing AI or socio-technical systems, and attacks on artificial intelligence. We especially highlight the importance of anti-fraud laws in two particular research fields that are of great policy importance in the current moment: attacking or auditing AI systems, and research involving legal identification.
Finally, guided by principles in research ethics, we suggest methods for computer scientists to navigate fraud and identity issues, as well as possible legal paths forward for policymakers to consider.
Recommended Citation
Madelyne Xiao, Andrew Sellars & Sarah Scheffler,
When Anti-Fraud Laws Become a Barrier to Computer Science Research
,
ACM CS+Law '25
(2025).
Available at:
https://doi.org/https://doi.org/10.48550/arXiv.2502.02767
Included in
Computer Law Commons, Legal Ethics and Professional Responsibility Commons, Science and Technology Law Commons
Comments
ACM Reference Format: Madelyne Xiao, Andrew Sellars, and Sarah Scheffler. 2025. When AntiFraud Laws Become a Barrier to Computer Science Research. In Symposium on Computer Science and Law (CSLAW ’25), March 25– 27, 2025, München, Germany. ACM, New York, NY, USA, 16 pages. https://doi.org/10.1145/3709025.3712206
ACM CS+Law '25, to appear