Grassley, Franken Win Passage of Common Sense Amendment to Curb Over-Criminalization Of Computer Use

Copyright © 2011 Vanguard of Freedom

Did you know you could go to jail for not using your own name on Facebook?

“The little-known law at issue is called the Computer Fraud and Abuse Act. It was enacted in 1986 to punish computer hacking. But Congress has broadened the law every few years, and today it extends far beyond hacking. The law now criminalizes computer use that “exceeds authorized access” to any computer. Today that violation is a misdemeanor, but the Senate Judiciary Committee is set to meet this morning to vote on making it a felony…The problem is that a lot of routine computer use can exceed “authorized access.” Courts are still struggling to interpret this language. But the Justice Department believes that it applies incredibly broadly to include “terms of use” violations and breaches of workplace computer-use policies,” according to Orin S. Kerr, writing in the Wall Street Journal.

Kerr says in a hypothetical situation, that “President Obama could order the arrest of anyone who broke a promise on the Internet. So you could be jailed for lying about your age or weight on an Internet dating site. Or you could be sent to federal prison if your boss told you to work but you used the company’s computer to check sports scores online. Imagine that Eric Holder’s Justice Department urged Congress to raise penalties for violations, making them felonies allowing three years in jail for each broken promise. Fanciful, right? Think again. Congress is now poised to grant the Obama administration’s wishes in the name of “cybersecurity.”

Kerr is referring to The Computer Fraud and Abuse Act (“CFAA”),” an amendment made in 1986 to the Counterfeit Access Device and Abuse Act that was passed in 1984 and essentially states that, whoever intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains information from any protected computer if the conduct involved an interstate or foreign communication shall be punished under the Act.

“In 1996 the CFAA was, again, broadened by an amendment that replaced the term “federal interest computer” with the term “protected computer.”  While the CFAA is primarily a criminal law intended to reduce the instances of malicious interferences with computer systems and to address federal computer offenses, an amendment in 1994 allows civil actions to brought under the statute, as well.”  (Source: Wikipedia)

There are seven types of criminal activity enumerated in the CFAA:

1. obtaining national security information,
2. compromising confidentiality,
3. trespassing in a government computer,
4. accessing to defraud and obtain value,
5. damaging a computer or information,
6. trafficking in passwords,
7. threatening to damage a computer.

Attempts to commit these crimes are also criminally punishable.
Protected Computer the term “protected computer” means a computer:

(1) exclusively for the use of a financial institution or the United States Government, or, in the case of a computer not exclusively for such use, used by or for a financial institution or the United States Government and the conduct constituting the offense affects that use by or for the financial institution or the Government; or

(2) which is used in interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States.

Under a reading of current law argued in federal court by the Department of Justice, something as simple as checking your personal email account at work may be against the law.  By extension, this reading could also make it a federal felony for a father to use his son’s Facebook password to log into the son’s Facebook account and check messages and photos; for a 17 year-old to claim she is 18 in order to sell goods in certain online marketplaces; or even for using instant messenger on a computer at work

Kerr elaborates:  “If that sounds far-fetched, consider a few recent cases. In 2009, the Justice Department prosecuted a woman for violating the “terms of service” of the social networking site The woman had been part of a group that set up a MySpace profile using a fake picture. The feds charged her with conspiracy to violate the Computer Fraud and Abuse Act. Prosecutors say the woman exceeded authorized access because MySpace required all profile information to be truthful. But people routinely misstate the truth in online profiles, about everything from their age to their name. What happens when each instance is a felony?”

Kerr issues a dire warning:  “Remarkably, the law doesn’t even require devices to be connected to the Internet. Since 2008, it applies to pretty much everything with a microchip. So if you’re visiting a friend and you use his coffeemaker without permission, watch out: You may have committed a federal crime.”

(See Kerr Article Here)

In response to this two U.S. Senators have added an amendment to the law to “decriminalize” possible unintended violations that under current law could lead to severe legal, and possibily criminal ramifications for computer users.

Senators Chuck Grassley and Al Franken won approval of a common sense amendment that would clarify that the definition of “exceeds authorized access” in the Computer Fraud and Abuse Act does not include violations of internet terms of service agreements or non-government employment agreements restricting computer access.

The amendment was accepted by voice vote to the Personal Data Privacy and Security Act that is being considered by the Senate Judiciary Committee.

“When we sit down at home or at work, we check our email, read the news and generally go about our routine.  What we don’t know is that we may be in violation of federal criminal law based upon a violation of internet terms of service agreements or employment agreements for misusing computers,” Grassley said.  “This is a common sense solution that helps clean up some of the expansive provisions of our criminal code and ensures that innocent computer users are not federal criminals.”

“Our laws should protect people—not turn them into criminals for doing something as basic as checking Facebook or their Fantasy Football scores,” said Franken. “The amendment I introduced with Sen. Grassley does something very simple: it makes sure that if the only thing you’ve done wrong is violate a website’s Terms of Service or your employer’s computer use policy, you can’t be charged with a crime or sued in federal court.”

Vanguard of Freedom Network / Patriot Action Network / Liberty News Network