I was fascinated to see this very persuasive op-ed on the Computer Fraud and Abuse Act by a Mr. Patrick Harvard that was just posted an hour ago over at SFGate.com, which as far as I can tell means it is going to be in the San Francisco Chronicle. But I fear I have read it before: It appears to be a lightly rewritten version of my op-ed in today’s Wall Street Journal. The details, for those interested, below the fold.
My op-ed had a short intro and then began:
The little-known law at issue is called the Computer Fraud and Abuse Act. It was enacted in 1986 to punish computer hacking. But Congress has broadened the law every few years, and today it extends far beyond hacking. The law now criminalizes computer use that “exceeds authorized access” to any computer. Today that violation is a misdemeanor, but the Senate Judiciary Committee is set to meet this morning to vote on making it a felony.
Mr. Harvard’s piece begins:
In 1986, Congress drafted the Computer Fraud and Abuse Act to protect government computers from malicious hacking attacks. Since its enactment, this bill has been broadened every few years, and its reach now extends far beyond hacking.
Currently, this law criminalizes computer use that “exceeds authorized access” to any computer, but violating it is only a misdemeanor. The Senate Judiciary Committee, however, met today to discuss changing the violation from a misdemeanor to a felony.
Hmm, that sounds familiar. Later in the article. I offered an example of a prosecution based on an extremely broad theory of the statute:
In 2009, the Justice Department prosecuted a woman for violating the “terms of service” of the social networking site MySpace.com. The woman had been part of a group that set up a MySpace profile using a fake picture. The feds charged her with conspiracy to violate the Computer Fraud and Abuse Act. Prosecutors say the woman exceeded authorized access because MySpace required all profile information to be truthful. But people routinely misstate the truth in online profiles, about everything from their age to their name. What happens when each instance is a felony?
Mr. Harvard writes something eerily similar:
In 2009, the Justice Department charged a woman with conspiracy to violate the Computer Fraud and Abuse Act. She was part of a group that set up a Myspace page with a fake picture. According to prosecutors, the woman “exceeded authorized use” because Myspace required all profile information to be truthful. Wow! So, lying on the Internet is illegal now?
How many people have used fake names on E-mail accounts, lied about their age or weight on social networking sites?
I also thought it would be helpful to talk about the CFAA civil cases:
By a strange coincidence, so did Mr. Harvard:
I also thought a paragraph on the wide scope of “computer” would be helpful:
Remarkably, the law doesn’t even require devices to be connected to the Internet. Since 2008, it applies to pretty much everything with a microchip. So if you’re visiting a friend and you use his coffeemaker without permission, watch out: You may have committed a federal crime.
You may be shocked to learn that Mr. Harvard had almost the identical idea:
The law has also been expanded so that it doesn’t only apply to devices hooked up to the internet. Since 2008, it has applied to anything with a microchip in it. So, be careful using that automated vending machine at work. If you fail to follow proper procedure, you could find yourself facing federal charges.
I concluded by talking about the significance of the switch from a misdemeanor to a felony:
Until now, the critical limit on the government’s power has been that federal prosecutors rarely charge misdemeanors. They prefer to bring more serious felony charges. That’s why the administration’s proposal is so dangerous. If exceeding authorized access becomes a felony, prosecutors will become eager to charge it.
You guessed it, so did Mr. Harvard:
Currently, the only government limitation regarding this bill is that federal prosecutors rarely charge misdemeanors. If “exceeding unauthorized access” becomes a felony, prosecutors will be more likely to pursue it.
It looks like Mr. Harvard just began posting over at Benzinga.com, which is some sort of media company that feeds content to newspapers. Does anyone want to see if his four prior efforts also share a certain resemblance to pieces posted already on the Web?