Tomorrow’s Wall Street Journal is running an op-ed I authored on the proposed amendments to the Computer Fraud and Abuse Act. It begins:
Imagine that President Obama could order the arrest of anyone who broke a promise on the Internet. So you could be jailed for lying about your age or weight on an Internet dating site. Or you could be sent to federal prison if your boss told you to work but you used the company’s computer to check sports scores online. Imagine that Eric Holder’s Justice Department urged Congress to raise penalties for violations, making them felonies allowing three years in jail for each broken promise. Fanciful, right?
Think again. Congress is now poised to grant the Obama administration’s wishes in the name of “cybersecurity.”
The little-known law at issue is called the Computer Fraud and Abuse Act. It was enacted in 1986 to punish computer hacking. But Congress has broadened the law every few years, and today it extends far beyond hacking. The law now criminalizes computer use that “exceeds authorized access” to any computer. Today that violation is a misdemeanor, but the Senate Judiciary Committee is set to meet this morning to vote on making it a felony.
The problem is that a lot of routine computer use can exceed “authorized access.” Courts are still struggling to interpret this language. But the Justice Department believes that it applies incredibly broadly to include “terms of use” violations and breaches of workplace computer-use policies.
Breaching an agreement or ignoring your boss might be bad. But should it be a federal crime just because it involves a computer?
UPDATE: Via e-mail, a reader points out that I misdescribed one case near the end of the op-ed. The Ticketmaster case I mentioned involved alleged unauthorized access beyond the TOS violations. My apologies for the error, which was entirely mine.