Why the CFAA's Excessive Criminalization Needs Reform
It's past time for Congress to reform the Computer Fraud and Abuse Act (CFAA)—the law used in the aggressive prosecution of the late activist and Internet pioneer Aaron Swartz. While Aaron's case made national headlines, it was only of one of many instances where the CFAA has been used to threaten draconian penalties against defendants in situations where little or no economic harm had occurred.
Unfortunately, last week, the House Judiciary Committee floated changes to the CFAA that are the exact opposite of reforms proposed by EFF and a host of other organizations. The proposed changes increase penalties across the board, expand the scope of the statute, and criminalize new actions. These changes are completely unnecessary, as the CFAA already duplicates many crimes written into other laws. The changes only make the law much worse.
Below are just some of the many instances where the CFAA is redundant. Some of these examples are directly drawn from the DOJ's own Computer Crimes Manual. Other examples include claims companies can pursue—like breach of contract, tortious interference, and other state laws—instead of pushing for Congress and the Justice Department to criminalize website terms of service and employee terms of use violations.
| Violation of the CFAA | What It Is | Crimes the CFAA Duplicates |
| 1030(a)1 | Accesses a computer without authorization to obtain classified information |
|
| 1030(a)2 | Accesses a computer without authorization and obtaining information |
|
| 1030(a)3 | Accesses a computer without authorization used by the US government |
|
| 1030(a)4 | Accesses a computer with the intent to defraud or to obtain information more than $5,000. |
|
| 1030(a)5 | (A) Intentionally damaging a computer.(B) Recklessly damaging a computer by intentional access. (C) Negligently causing damage to a computer without authorization. |
|
| 1030(a)6 | Trafficking in passwords |
|
| 1030(a)7 | Extortion involving computers |
|
Even under EFF's reform, all of these other statutes could still be used to go after legitimate crimes, and it will still be a serious crime under the CFAA for an outsider to steal proprietary information, to knowingly transmit codes that cause damage to a computer, to traffic in passwords, or engage in extortion by using threats of intrusion.
Go here to tell you Congressional representative to reform the CFAA so it can only used to go after real criminals, instead of security researchers, activists, innovators, and entrepreneurs.
Recent DeepLinks Posts
-
Mar 1, 2016
-
Feb 29, 2016
-
Feb 29, 2016
-
Feb 29, 2016
-
Feb 29, 2016
Deeplinks Topics
- Fair Use and Intellectual Property: Defending the Balance
- Free Speech
- Innovation
- International
- Know Your Rights
- Privacy
- Trade Agreements and Digital Rights
- Security
- State-Sponsored Malware
- Abortion Reporting
- Analog Hole
- Anonymity
- Anti-Counterfeiting Trade Agreement
- Biometrics
- Bloggers' Rights
- Broadcast Flag
- Broadcasting Treaty
- CALEA
- Cell Tracking
- Coders' Rights Project
- Computer Fraud And Abuse Act Reform
- Content Blocking
- Copyright Trolls
- Council of Europe
- Cyber Security Legislation
- CyberSLAPP
- Defend Your Right to Repair!
- Development Agenda
- Digital Books
- Digital Radio
- Digital Video
- DMCA
- DMCA Rulemaking
- Do Not Track
- DRM
- E-Voting Rights
- EFF Europe
- Encrypting the Web
- Export Controls
- FAQs for Lodsys Targets
- File Sharing
- Fixing Copyright? The 2013-2016 Copyright Review Process
- FTAA
- Genetic Information Privacy
- Hollywood v. DVD
- How Patents Hinder Innovation (Graphic)
- ICANN
- International Privacy Standards
- Internet Governance Forum
- Law Enforcement Access
- Legislative Solutions for Patent Reform
- Locational Privacy
- Mandatory Data Retention
- Mandatory National IDs and Biometric Databases
- Mass Surveillance Technologies
- Medical Privacy
- National Security and Medical Information
- National Security Letters
- Net Neutrality
- No Downtime for Free Speech
- NSA Spying
- OECD
- Offline : Imprisoned Bloggers and Technologists
- Online Behavioral Tracking
- Open Access
- Open Wireless
- Patent Busting Project
- Patent Trolls
- Patents
- PATRIOT Act
- Pen Trap
- Policy Analysis
- Printers
- Public Health Reporting and Hospital Discharge Data
- Reading Accessibility
- Real ID
- RFID
- Search Engines
- Search Incident to Arrest
- Section 230 of the Communications Decency Act
- Social Networks
- SOPA/PIPA: Internet Blacklist Legislation
- Student and Community Organizing
- Student Privacy
- Stupid Patent of the Month
- Surveillance and Human Rights
- Surveillance Drones
- Terms Of (Ab)Use
- Test Your ISP
- The "Six Strikes" Copyright Surveillance Machine
- The Global Network Initiative
- The Law and Medical Privacy
- TPP's Copyright Trap
- Trans-Pacific Partnership Agreement
- Travel Screening
- TRIPS
- Trusted Computing
- Video Games
- Wikileaks
- WIPO
- Transparency
- Uncategorized
eff.org/nsa-spying
