Aaron's Law Finally Introduced: Reform The CFAA
from the it's-about-time dept
Today, Zoe Lofgren and Jim Sensenbrenner in the House and Ron Wyden in the Senate introduced “Aaron’s Law,” an attempt to reform the widely abused CFAA, so that it no longer sweeps up innocent activity.
Vagueness is the core flaw of the CFAA. As written, the CFAA makes it a federal crime to access a computer without authorization or in a way that exceeds authorization. Confused by that? You’re not alone. Congress never clearly described what this really means. As a result, prosecutors can take the view that a person who violates a website’s terms of service or employer agreement should face jail time.
So lying about one’s age on Facebook, or checking personal email on a work computer, could violate this felony statute. This flaw in the CFAA allows the government to imprison Americans for a violation of a non-negotiable, private agreement that is dictated by a corporation. Millions of Americans — whether they are of a digitally native or dial-up generation — routinely submit to legal terms and agreements every day when they use the Internet. Few have the time or the ability to read and completely understand lengthy legal agreements.
The proposal tries to focus the law back to where it was intended when initially put in place:
It establishes a clear line that’s needed for the law to distinguish the difference between common online activities and harmful attacks.
Among those specific lines, it notes that a “mere breach of terms of service, employment agreements, or contracts are not automatic violations of the CFAA.” It also makes the penalties more reasonable, so people aren’t facing many years in jail for doing something minor. It’s well past due that the CFAA get fixed. Hopefully this is a start down that path.