If you are reading the web, playing a Facebook game, or watching a YouTube video, you could be violating the Computer Fraud and Abuse Act of 1984 – at least according to the way the Justice Department has interpreted it in several recent cases. The law was originally passed to protect government computer systems and financial databases from hackers, but amendments and new interpretations by federal prosecutors have taken a well defined law into broad interpretation. While some courts have given Federal prosecutors hope that such a board interpretation of the law is okay, other courts have called b*llsh*t on it. Reason Magazine has a great article on the topic, but we drill down into the reasons why you should be worried.
In April of this year the U.S. Court of Appeals for the 9th Circuit rejected the arguments of government prosecutors who tried to use the CFAA for a different kind of crime. The case in question involved David Nosal, who left Korn/Ferry International in 2004 and then allegedly tried to use two former colleagues to feed him "proprietary client information" to start a similar but competing business. This led to Nosal being charged with conspiracy, mail fraud, trade secret theft, and violating the CFAA. While Nosal’s "accomplices" were authorized to use Korn/Ferry’s database, prosecutors tried to argue in court that sharing the information with Nosal rendered their access unauthorized.
The presiding Chief Judge for the Ninth Circuit Court of Appeals, Alex Kozinski told prosecutors that their interpretation of the law would make a criminal out of "everyone who uses a computer." He added that "the government’s construction of the statute would expand its scope far beyond computer hacking to criminalize any unauthorized use of information obtained from a computer."
Nosal was accused of committing unauthorized access "with intent to defraud" (a felony) but the law also makes someone guilty of a misdemeanor, punishable by up to a year in jail, if he or she "intentionally accesses a computer without authorization or exceeds authorized access" and "thereby obtains…information."
Such a board interpretation of the law would apply to "large groups of people who would have little reason to suspect they are committing a federal crime," according to Kozinski. As we mentioned in an earlier part of the story, such activities could include using workplace computers to play games, read blogs, watch YouTube videos, or to check sports scores. Even people using their own computers could be prosecuted for violating the "terms of service" they mostly ignore on websites by lying about their age or weight on dating sites, posting photos of other people without permission, or sharing content Facebook might deem offensive.
And that danger is not just some imaginary thing. As Reason Magazine points out, Lori Drew, the horrible Missouri woman who played a MySpace prank on a 13-year-old girl in 2007 that led to her committing suicide was affected by a creative interpretation of the law. When Missouri prosecutors decided that Drew had broken no laws, (now former) Los Angeles U.S. attorney Thomas O’Brien decided to try to prosecute her for violating the CFAA by disregarding MySpace’s Terms of Service. She was inevitably convicted, but in 2009 U.S. District Judge George Wu threw out Drew’s conviction, ruling that O’Brien’s use of the CFAA would make the law unconstitutionally vague giving prosecutors discretion while leaving their potential targets uncertain if they are complying with the law.
Source: Reason Magazine