Wired - The nation’s premier anti-hacking law poses a threat to the civil liberties of millions of Americans who use computers and the internet and could lead to the arrest and prosecution of many users who violate the law on a regular basis, says a former federal prosecutor who wants the Computer Fraud and Abuse Act revised.
“In the Justice Department’s view, the CFAA criminalizes conduct as innocuous as using a fake name on Facebook or lying about your weight in an online dating profile. That situation is intolerable,” says Orin Kerr, George Washington University law professor and a former federal prosecutor in the Justice Department’s Computer Crime and Intellectual Property Section in the Criminal Division.
Currently, the law punishes anyone who “intentionally … exceeds authorized access, and thereby obtains information from any protected computer.”
Kerr is testifying on Tuesday before the House Judiciary Committee’s Subcommittee on Crime, Terrorism, and Homeland Security, and is asking Congress to amend the law to narrow how prosecutors can interpret what it means to exceed authorized access on a computer.
When the legislation was first enacted in the 1980s, it specifically targeted computer hacking and other computer misuse, Kerr argues in a written version of the testimony (.pdf) he plans to give. But since then, Congress has broadened the statute significantly four times, expanding the law’s reach and rendering it “unconstitutionally vague.”
The law as it currently stands allows prosecutors to criminally prosecute users for violating an internet service provider’s terms of service agreement, something that would normally be a breach of contract issue handled in civil court rather than through criminal prosecution. More
