Experts Scratching Their Heads At House Judiciary's Awful CFAA Reform Proposal

from the why-would-they-do-this? dept

On Monday, we broke the news of the House Judiciary Committee circulating a terrible bill that would make the Computer Fraud and Abuse Act (CFAA) much worse, rather than better. It would expand definitions and make it even easier for the Justice Department to go after people for harmless activity. In fact, even the part we originally thought might fix one of the worst parts of the CFAA actually makes it worse.

Now that the bill has been out a few days, various experts on the CFAA are scratching their heads about why the House Judiciary Committee is even bothering with this draft bill. As Orin Kerr notes, this seems to be a basic rehash of the DOJ's attempt 2 years ago to expand the CFAA. He suggests (and we agree) that the Judiciary Committee stop taking DOJ language from 2011 and start dealing in the present, and deal with the very real problems with the CFAA, and not just with a DOJ who wants more power.
They’re looking for feedback, so here is mine: Stop taking DOJ’s language from back in 2011 and packaging it as something new. Based on a quick read, it seems that the amendments for 1030 in the new draft are mostly copied from a bill that Senator Leahy offered (with substantial input from DOJ, as I understand it) back in November 2011. I criticized that language here. The new circulating draft also adopts the sentencing enhancements (minus mandatories) and the proposed 1030a that DOJ advocated in May 2011. I criticized that initial DOJ language here. (There’s also a breach notification provision in the new language, but I haven’t followed that issue closely; I don’t know if that proposal is also based on old language.)

[....] This language is really, really broad. If I read it correctly, the language would make it a felony to lie about your age on an online dating profile if you intended to contact someone online and ask them personal questions. It would make it a felony crime for anyone to violate the TOS on a government website. It would also make it a federal felony crime to violate TOS in the course of committing a very minor state misdemeanor. If there is a genuine argument for federal felony liability in these circumstances, I hope readers will enlighten me: I cannot understand what they are.
Of course, when we brought up similar examples in our original post, people said we were overreacting. Hmm. Meanwhile Paul Rosenzweig, the former Deputy Assistant Secretary for Policy at Homeland Security is similarly stumped by the direction of the reform.
My quick review and reaction to this bill is that it seems to answer most of what the Department of Justice wants with very little for the internet online community in return. Most notably the bill would make violations of the CFAA predicate acts for a RICO criminal charge — what this means is that if you engage in just two instances of violating the CFAA, then you are engaged in a pattern of racketeering, with substantial criminal penalties and .. .since the criminal definitions translate directly to civil liability .. a very significant possibility of a “bet the company” civil suit. Not a move designed to foster innovation, I think.
Hopefully, the House Judiciary Committee goes back to the drawing board on this, and takes a closer look at things like Aaron's Law, which is being developed to cut back on the excesses of the CFAA, rather than expand them.

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Anonymous Coward, 27 Mar 2013 @ 5:48am

    rather than scratch their heads just over the ridiculous changes proposed for the CFAA, the more important and worrying things are
    a)how did these people ever get voted in to be Senators? the other choices must have been even more diabolical or they were forced out of the race
    b) it doesn't take a rocket scientist to know where these ridiculous changes have stemmed from (entertainment industries!), but having proof would be a help. anyone know when the various meetings took place and who attended?
    c) when something like this happens, it is usually because the proposers have more skeletons in their closets, so what are they trying to hide that warrants such harsh punishments for transparency?

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Insider Shop - Show Your Support!

Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.