Computer Fraud And Abuse Act 2013: New CFAA Draft Aims To Expand, Not Reform, The 'Worst Law In Technology'.
"The Computer Fraud and Abuse Act is the most outrageous criminal law you've never heard of," (http://www.newyorker.com/online/blogs/newsdesk/2013/03/fixing-the-worst-law-in-technology-aaron-swartz-and-the-computer-fraud-and-abuse-act.html#ixzz2OqkyZSgC) said Tim Wu from The New Yorker. "It bans 'unauthorized access' of computers, but no one really knows what those words mean."
Despite the dangerous reach of the Computer Fraud and Abuse Act as it currently stands 6 the CFAA was the same law used by prosecutors to (http://www.ibtimes.com/aaron-swartz-case-us-doj-drops-all-pending-charges-against-jstor-liberator-days-after-his-suicide) torment late Internet activist Aaron Swartz prior to his suicide on Jan. 11 -- the House Judiciary Committee has actually proposed a number of
A to the law in a new draft, which (https://www.techdirt.com/articles/20130324/14342822435/rather-than-fix-cfaa-house-judiciary-committee-planning-to-make-it-worse-way-worse.shtml) Tech Dirt says will be "rushed" to Congress during its "cyber week" in the middle of April.
You can read the (https://s3.amazonaws.com/s3.documentcloud.org/documents/627265/sr-005-xml.pdf) proposed Computer Fraud and Abuse Act draft in its entirety here .
Among the many additions, the (https://s3.amazonaws.com/s3.documentcloud.org/documents/627265/sr-005-xml.pdf) new CFAA draft expands the number of ways one could be found guilty by punishing anyone who "conspires to commit" violations in the same way as those that have already "completed" the offense, also adding computer crimes as a form of "racketeering activity" to allow the Department of Justice to hit computer criminals with further charges in court. But once you're found guilty, the new CFAA endorses more severe punishments for any offenders by raising the maximum sentences available for certain violations.
Here's an example of the extreme nature of these recommended punishments: Aaron Swartz, who (http://www.ibtimes.com/aaron-swartz-case-us-doj-drops-all-pending-charges-against-jstor-liberator-days-after-his-suicide) illegally tapped into and downloaded millions of scholarly papers from digital journal archive JSTOR while visiting the Massachusetts Institute of Technology (MIT), faced four charges under section (a)(4) of the CFAA, with a maximum sentences of five years per charge for a possible total of 20 years in jail. While many lawyers and experts have (https://www.eff.org/document/eff-cfaa-revisions-penalties-and-access) recommended reducing these penalties or removing them entirely, the new draft actually increases the maximum for each charge under (a)(4) to 20 years, which means Swartz could have been forced to serve a whopping 80 years in prison. (http://james.grimmelmann.net/) NYU law professor James Grimmelman on Monday (https://twitter.com/grimmelm/status/316219596338257920) called this notion "simply obscene."
But what's perhaps most troubling is how the new CFAA bill actually expands the law to include accessing information for an "impermissible purpose," which means even if you have the right to access the information in the first place, it's still considered a crime if someone deems you are misusing your access in some way.
According to (http://www.volokh.com/2013/03/25/house-judiciary-committee-new-draft-bill-on-cybersecurity-is-mostly-dojs-proposed-language-from-2011/) law expert Orin Kerr , the language in the new CFAA would make it a felony to "lie about your age on an online dating profile if you intended to contact someone online and ask them personal questions," or if you violate the Terms of Service on a government website.
"In short, this is a step backward, not a step forward," Kerr said. "This is a proposal to give DOJ what it wants, not to amend the CFAA in a way that would narrow it."
The Electronic Frontier Foundation is tackling the Computer Fraud and Abuse Act with its (https://www.eff.org/deeplinks/2013/02/rebooting-computer-crime-part-3-punishment-should-fit-crime) own proposals to legislature , which include eliminating duplicative penalties and reducing computer crimes from felonies to misdemeanors, and the organization also offers ways to (https://action.eff.org/o/9042/p/dia/action/public/?action_KEY=9005) contact your congressman about fixing the CFAA.