Today’s required reading is an op-ed in the Wall Street Journal by Orin Kerr :
Imagine that President Obama could order the arrest of anyone who broke a promise on the Internet. So you could be jailed for lying about your age or weight on an Internet dating site. Or you could be sent to federal prison if your boss told you to work but you used the company’s computer to check sports scores online. Imagine that Eric Holder’s Justice Department urged Congress to raise penalties for violations, making them felonies allowing three years in jail for each broken promise. Fanciful, right?
Think again. Congress is now poised to grant the Obama administration’s wishes in the name of “cybersecurity.”
The thrust of the changes is to make the misdeamor of exceeding authorized access a felony, punishable by three years imprisonment.
The problem is that a lot of routine computer use can exceed “authorized access.” Courts are still struggling to interpret this language. But the Justice Department believes that it applies incredibly broadly to include “terms of use” violations and breaches of workplace computer-use policies.
Breaching an agreement or ignoring your boss might be bad. But should it be a federal crime just because it involves a computer?
It’s unlikely that the DOJ will be trolling online dating sites to prosecute guys who add a couple of inches to height or gals who subtract a few pounds of weight, but it certainly opens the door to having a means to prosecute essentially everyone who has ever used the internet. In the op-ed, Orin gives past examples of abusive use of the CFAA, but by expanding its seriousness while criminalizing routine computer conduct, particularly when the basis for exceeding authorized access is privately conceived terms of service which can be pretty much anything the website owner chooses (by the way, use of SJ is prohibited unless you are wearing blue jeans and standing on your left leg; you’ve been warned).
And it’s not just the government, but provides a private cause of action as well:
The law even goes beyond criminal law. It allows civil suits filed by private parties. As a result, federal courts have been flooded with silly disputes. In one recent case, an employer sued a former employee for excessive Internet usage from work. The alleged offense: visiting Facebook and sending personal emails. In another case, a company posted “terms of use” on its website declaring that no competitors could visit—and then promptly sued a competitor that did.
And since the government has yet to gain much by way of computer savvy, President Obama’s smartphone notwithstanding, unauthorized use isn’t limited to your 4G connection.
Remarkably, the law doesn’t even require devices to be connected to the Internet. Since 2008, it applies to pretty much everything with a microchip. So if you’re visiting a friend and you use his coffeemaker without permission, watch out: You may have committed a federal crime.
Harvey Silverglate’s Three Felonies a Day seems downright benign in light of the expansion of the CFAA . And if you’re reading this, chances are pretty good that your government could, if it so chooses, prosecute you for a felony.
This is an important op-ed, and not only worth reading, but worth spreading so that everyone is aware of what the government has in mind, and how it will create felons of all of us.
Update: Via Kash Hill at Forbes, it appears that Senators Al Franken and Chuck Grassley have proposed an amendment that will remove certain of the worst elements of the changes from the CFAA.
…that felony-level unauthorized access not “include access in violation of a contractual obligation or agreement, such as an acceptable use policy or terms of service agreement, with an Internet service provider, Internet website, or non-government employer, if such violation constitutes the sole basis for determining that access to a protected computer is unauthorized.” The bill will now move forward to be considered by the Senate.
At least the most common sorts of internet activity won’t be sufficient to get your a room at Club Fed, though it leaves much untouched and qualifies what it does touch as being the “sole basis,” a highly dubious distinction.
Still, it’s notable that one strongly worded editorial by Orin (and perhaps some of his plagiarists?) affected the course of this law.
Discover more from Simple Justice
Subscribe to get the latest posts sent to your email.
A fine judge once told me that the Ohio General Assembly shouldn’t ever mess with criminal law. “They just fuck it up,” he said. He could as easily have been speaking of Congress.
Yep.
It would be nice if it took a supermajority to change a criminal law or pass a new one.
When a KGB general could, on a whim, imprison any ordinary Soviet citizen, it was a sign that the USSR was not a true democracy.
When a US Attorney can, on a whim, imprison any ordinary citizen (which they can as Silverglate shows), do we really live in a democracy? Is this what the founder’s envisioned?
What good does it do to have a separation of powers among the 3 branches, when the executive can characterize virtually any conduct as mail fraud, wire fraud, obstruction of justice (and now a CFAA violation)?
What good does it do to have fancy constitutional rights and, if you dare exercise them, the sentencing guidelines will crucify you? Soviet citizens also had freedom of speech, but if they dared exercise it, they got a prison sentence.