from the hysterical-hackers dept
The implications of this are somewhat ridiculous. It basically allows the government to charge someone twice for the same thing, if they used a computer as part of the process of accessing those documents. That's what's happened with Manning. In short: accessing the information is a crime under the Espionage Act and using a computer to do it is a second crime under the CFAA. Even if you think that leaking information to the press is a form of espionage (and we think even that's ridiculous), the idea that you get charged with a second felony just because a computer was used is absolutely ridiculous. It's just yet another example of the overcriminalized world we live in today -- especially when it comes to technology.
In fact, as the Judiciary Committee Report on the 1996 amendment to the CFAA makes clear, Congress explicitly based (a)(1) of the CFAA off 793(e) of the Espionage Act. “The bill would bring the protection for classified national defense or foreign relations information maintained on computers in line with our other espionage laws,” the report says. The original CFAA, written in 1984 was modeled on another part of the Espionage Act, section 794, which has never been used in leak cases. But Congress wanted it tailored after 793(e), a statute that in recent years has been used to prosecute a record number of leakers. (Compare the text here and here.)
The statutes are so similar, in fact, it’s hard to tell them apart even when reading the Judiciary Committee’s explanation about how they differ:
Although there is considerable overlap between 18 U.S.C. 793(e) and section 1030(a)(1), as amended by the NII Protection Act, the two statutes would not reach exactly the same conduct. Section 1030(a)(1) would target those persons who deliberately break into a computer to obtain properly classified Government secrets then try to peddle those secrets to others, including foreign governments. In other words, unlike existing espionage laws prohibiting the theft and peddling of Government secrets to foreign agents, section 1030(a)(1) would require proof that the individual knowingly used a computer without authority, or in excess of authority, for the purpose of obtaining classified information. In this sense then, it is the use of the computer which is being proscribed, not the unauthorized possession of, access to, or control over the classified information itself.
Did you get all that? The Judiciary Committee basically copy-pasted the Espionage Act into the CFAA, but forbid "use of the computer" rather than accessing the documents. So there you have it: they specifically wanted to make the isolated act of using a computer a separate crime.