• The Heritage Network
    • Resize:
    • A
    • A
    • A
  • Donate
  • Fixing the Computer Fraud and Abuse Act—The Right Way

    The Computer Fraud and Abuse Act (CFAA) is a well-meaning law that is hopelessly overbroad. It starts from an unobjectionable premise—there ought to be a law that makes it a crime to hack into someone else’s computer without their permission—but it has gone off the rails.

    The policy prescriptions to fix it offered by the trio of Senators Chuck Grassley (R–IA), Al Franken (D–MN), and Mike Lee (R–UT) are far superior to the competing effort being advanced by Senator Patrick Leahy (D–VT), chairman of the Senate Judiciary Committee.

    The problem begins with the language of the CFAA (18 U.S.C. § 1030), which makes it a crime to access a computer “without” or “in excess” of “authorization.” In some ways, both of these make sense, especially if you substitute the word permission for the legal term “authorization.” If I haven’t given you permission to use my computer at all, or if I have given it to you only for a limited purpose, and you go rooting around in my cyber-files, that’s something that clearly ought to be punished.

    But how do we determine what the limits of your “authorization” are? Since the term is not defined in the law, the courts have looked to contractual agreements that govern the use of a computer or Internet system. These agreements are known as the “Terms of Service” or “ToS.” They are those long, detailed legal terms that everyone clicks on to “accept” before they sign up for, say, a Facebook account.

    But, as a diverse group of concerned groups recently pointed out, this means that private corporations can in effect establish what conduct violates federal criminal law when they draft such policies.

    And those polices are often very broad. For example, many companies limit your use of the Internet for personal purposes. Spending excessive time checking your fantasy football team roster is probably a bad idea, but it shouldn’t be a federal crime. We told the story of another abuse in the Heritage book One Nation Under Arrest about how Lori Drew was prosecuted for violating the MySpace rules against using a pseudonym—again, a really bad idea, but not a federal offense.

    Senators Grassley, Franken, and Lee take a better approach. They simply say that the CFAA can’t be used to prosecute contractual violations. Violations of a contact should be left to contract law and the civil arena, not federal criminal court.

    Senator Leahy’s amendment is more complicated. As Professor Orin Kerr points out, it sets a monetary threshold, allowing prosecution if the act “involves” more than $5,000. But it doesn’t say what “involve” means. Worse, the amendment allows the prosecution of ToS violations involving certain categories of information (trade secrets, for example), but those categories are hopelessly overbroad and, in effect, swallow the entire fix.

    When the issue comes up for consideration later this week, the better solution would be to let the civil law deal with civil matters and not rely on federal criminal law for contract disputes.

    Posted in Legal [slideshow_deploy]

    3 Responses to Fixing the Computer Fraud and Abuse Act—The Right Way

    1. jmc says:

      Al Franken had a good idea? It must be lonely!

    2. NEAL RASMUSSEN says:


    3. Anonymous says:

      Sanctions on those who harbor – or the UN Path to get action.

    Comments are subject to approval and moderation. We remind everyone that The Heritage Foundation promotes a civil society where ideas and debate flourish. Please be respectful of each other and the subjects of any criticism. While we may not always agree on policy, we should all agree that being appropriately informed is everyone's intention visiting this site. Profanity, lewdness, personal attacks, and other forms of incivility will not be tolerated. Please keep your thoughts brief and avoid ALL CAPS. While we respect your first amendment rights, we are obligated to our readers to maintain these standards. Thanks for joining the conversation.

    Big Government Is NOT the Answer

    Your tax dollars are being spent on programs that we really don't need.

    I Agree I Disagree ×

    Get Heritage In Your Inbox — FREE!

    Heritage Foundation e-mails keep you updated on the ongoing policy battles in Washington and around the country.