The undersigned civil liberties groups write to express our opposition to Title IV of S.482, the Defending American Security from Kremlin Aggression Act of 2019. Title IV—titled the International Cybercrime Prevention Act—would unnecessarily expand the Computer Fraud and Abuse Act (CFAA), 18. U.S.C. § 1030, without fixing any of the law’s existing problems. The CFAA already threatens beneficial security research, and Title IV, which increases penalties and expands the statute’s scope, will only make that threat worse.
Title IV would also create broad new authority for the government to obtain court orders to stop violations of the CFAA, or to order third parties to do so on its behalf. This could result in severe collateral damage, yet Title IV fails to provide any protections and gives users no recourse if their systems are harmed.
We stand strongly opposed to Title IV of S.482 in its current form.