Did Marco Rubio's Campaign Violate The CFAA? Will He Commit To Reforming It?

from the broken-law dept

We've talked a lot in the past few years about the desperate need to reform the CFAA -- an absolutely horrible "anti-hacking" law that has been stretched and broadened and twisted by people over the years, such that it's frequently used to "pile on" charges when nothing else will stick. If you want to go into a lot more detail, you can listen to the podcast we recently did about the CFAA, or listen to this wonderful podcast that Reply All did about the CFAA (where I also make a brief appearance). But one of the biggest problems with it is that it considers you to be a dangerous hacker if you access a computer/network "without authorization" or if you merely have "exceeded authorized access." It's that latter phrase that often causes trouble. What does it even mean? Historically, cases have been brought against employees who use their employer's computers for non-work related things, against someone for supposedly failing to abide by MySpace's terms of service and for downloading too many academic journals that were freely available for downloading on MIT's campus network.

Keep that in mind as you read this Associated Press story about how Presidential candidate and current Florida Senator Marco Rubio's "low-budget" Presidential campaign office got free internet access for a bit:
At one of the campaign's Nevada offices, staffers tried to do their part to live up to the less is more mantra. After noticing a pizza place next to a campaign office had free wireless internet that required a password, a staffer walked over and bought two pieces of pizza and asked for the internet access code.

But the cost-cutting measure was short-lived. After about three weeks, the pizza place caught on and asked the Rubio team to stop.
It's not at all difficult to see how that could be "exceeding authorized access" under the statute. After all, it's pretty clear that the intent of the access is for customers while they're in the restaurant. That seems to be confirmed by the fact that the pizza place asked the Rubio campaign to knock it off once it discovered what was going on. Now, for it to be a felony, there needs to be $5,000 worth of damage -- but considering that in another recent case, the DOJ turned a single news article defacement (that lasted just 40 minutes) into a supposed $929,977 in damages, I'm sure some creative math can make the use of the WiFi into something greater than $5,000. You just need to argue that the congestion on the WiFi likely turned off customers who may not ever come back, and the value of those losses exceeds $5,000.

Now, Rubio hasn't really been involved at all in the debate over the CFAA and reforming it. The only official "policy" line he has even closely related to it on his campaign issues page suggests he'd favor making the CFAA punishments even worse: "Use American power to respond harshly to international cyber attacks on American citizens, businesses, and governments." Of course, that's focused on foreign attacks, so may not apply directly.

Either way, this seems like something an enterprising political reporter might want to ask the Rubio campaign, seeing as they themselves may have potentially committed a felony under the current CFAA.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: access, cfaa, cfaa reform, internet access, marco rubio


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    bureau13 (profile), 16 Nov 2015 @ 10:55am

    I don't see this holding up

    They asked for the code, and were given it. Unless they were specifically instructed to only use it in the restaurant, which is doubtful, or if they continued to use it after being asked to stop, there is no case for claiming that they exceeded authorized access.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Essential Reading
Techdirt Insider Chat
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.