I have posted a draft new article online: Vagueness Challenges to the Computer Fraud and Abuse Act, forthcoming in a symposium issue of the Minnesota Law Review. Here’s the abstract:
This Article argues that the void for vagueness doctrine requires courts to adopt narrow interpretations of the Computer Fraud and Abuse Act. On its face, the CFAA has become extraordinarily broad. Recent amendments indicate that Congress has largely abandoned the job of identifying what conduct involving computers should or should not be a federal crime. Congress has broadened the statute so far that the courts must now narrowly construe the statute to save its constitutionality.
This Article demonstrates how courts should narrowly construe the statute under the void for vagueness doctrine by focusing on two recent criminal prosecutions: United States v. Drew, which considered whether Terms of Service violations trigger CFAA liability, and United States v. Nosal, which asked whether it violates the CFAA for employees to access their employers’ computers in ways contrary to their employers’ interests. These two prosecutions show the critical role of vagueness doctrine in interpreting the CFAA, pointing to a future of judicial narrowing of the statute.
As you might guess from the abstract, the draft article builds on the basic arguments I used in the Lori Drew case. This article presents the broader context of the problem and the important role of the vagueness doctrine in construing the statute. (Unfortunately, the article will be published before the Supreme Court hands down the trio of vagueness cases presently on its docket; I suspect those decisions may give a considerable boost to the claims I make here.)
To download the article, click on the link above and then click on “download” and then hit the SSRN button.