I’ve blogged a bunch about the dangerous scope of the Computer Fraud and Abuse Act (CFAA), and the remarkable fact that Congress seems poised to make the penalties in the act even higher. So here’s an update: The Senate Judiciary Committee held a hearing yesterday on the proposals to expand the CFAA. No one other than government officials were even invited to testify. When asked if they wanted to have more power, the government officials responded that yes, they did.
Senator Leahy touched on the incredible scope of the CFAA at around the 50-minute mark, and he asked DOJ official James Baker what assurances he can give that DOJ won’t abuse the incredible power the statute arguably confers over all computer users. Baker responded that DOJ is restrained by the fact that it has to answer to the Judiciary Committee to explain what it has been doing, and that on the whole DOJ has not abused its power in the past. The former answer is puzzling, given that I don’t think DOJ has ever actually explained its view of the CFAA or ever been asked to defend any of its individual prosecutions in the 27 years the statute has been on the books. And the latter answer amounts to “trust us,” which is rarely a heart-warming answer coming from the federal government.
I’ve co-signed a letter together with various liberal and conservative organizations urging the Senate to define the scope of the CFAA before enhancing its penalties yet again. You can read the letter here.