The House Judiciary Committee is set to present Congress with a new draft of the Computer Fraud and Abuse Act of 1984 (CFAA) next month, offering up a slew of expansions to a set of laws already derided by freedom watchers for its sweeping powers — and punishments — over nebulous computer “crimes” with arbitrary definitions.
Written into the revised version of the Act is a new provision, one that would make it a crime to use digital equipment to access information for an “impermissible purpose.” According to cyber law scholar (and former attorney for the U.S. Department of Justice) Orin Kerr, that means you could be found guilty of committing a felony if you lie about your age in an online dating profile, once you’ve gone on to begin a conversation with anyone you intend to get to know better.
The scenarios for which such draconian legislation could theoretically apply are endless. Mike Masnick of Techdirt posits a hypothetical case in which a parent who fibs to Facebook in order to help his 12-year-old child sign up for an account (the Facebook age requirement is 13) could be subject to felony charges.
In addition, those who are authorized to access protected information, whether in government or in the private sector, could face charges if they can be proven to have misused the privilege. Given the proposed draft’s vague language — “even if the accesser may be entitled to obtain or alter the same information in the computer for other purposes” — demonstrating someone has misused their access privileges is open to almost any interpretation that suits a hungry prosecutor’s whim.
Kerr describes the “new” CFAA language as “really, really broad:”
It would make it a felony crime for anyone to violate the TOS [terms of service] on a government website. It would also make it a federal felony crime to violate TOS in the course of committing a very minor state misdemeanor…In short, this is a step backward, not forward. This is a proposal to give DOJ what it wants, not to amend the CFAA in a way that would narrow it.
The draft also proposes that anyone who uses a computer in any attempt to commit a crime — even if they never follow through with the criminal act itself — should be prosecuted, so long as the government can demonstrate what ill will the suspect was harboring at the time he was tapping the keys.
The kicker: Kerr points out that nearly everything in the current rewrite is actually a copy-paste job from a version of the Act that President Barack Obama’s Department of Justice helped draft, and attempted to push through Congress, back in 2011.
Columbia University’s Tim Wu — himself a 2008 adviser to the Obama campaign — blasted the DOJ’s justification of how it wouldn’t abuse any newfound powers earlier this month in a blog for the New Yorker, calling CFAA “the most outrageous criminal law you’ve never heard of” and demolishing the whole “trust your government” line:
When judges or academics say that it is wrong to interpret a law in such a way that everyone is a felon, the Justice Department has usually replied by saying, roughly, that federal prosecutors don’t bother with minor cases—they only go after the really bad guys. That has always been a lame excuse—repulsive to anyone who takes seriously the idea of “a government of laws, not men.”
The 40-member Judiciary Committee (23 Republicans and 17 Democrats) is expected to make a fast dash to get their draft passed during mid-April, when a gout of legislation aimed at regulating the digital space is expected to push through Congress all at once.