Thursday, September 15, 2011


"You are fined one credit for a violation of the Verbal Morality Statute."
-computer, Demolition Man

The "Computer Fraud and Abuse Act" was passed in 1986, intended to deal with hacking and similar crimes. The principle behind the law is to stop hacking, cracking, and so on across state lines. Originally its scope was pretty narrow, but over the years congress every so often adds to the bill to make it cover just a little bit more.

For example, not long ago the bill was added to so that it covers "unauthorized use" of a computer in order to obtain:
  • Information contained in a financial record of a financial institution, or contained in a file of a consumer reporting agency on a consumer.
  • Information from any department or agency of the United States
  • Information from any protected computer if the conduct involves an interstate or foreign communication
or to defraud and gain value using someone's computer. The bill also was expanded to include viruses and harmful computer programs.

And now, President Obama wants to expand the bill even more. At the Wall Street Journal, Orin Kerr writes:
The law now criminalizes computer use that "exceeds authorized access" to any computer. Today that violation is a misdemeanor, but the Senate Judiciary Committee is set to meet this morning to vote on making it a felony.

The problem is that a lot of routine computer use can exceed "authorized access." Courts are still struggling to interpret this language. But the Justice Department believes that it applies incredibly broadly to include "terms of use" violations and breaches of workplace computer-use policies.

Breaching an agreement or ignoring your boss might be bad. But should it be a federal crime just because it involves a computer? If interpreted this way, the law gives computer owners the power to criminalize any computer use they don't like. Imagine the Democratic Party setting up a public website and announcing that no Republicans can visit. Every Republican who checked out the site could be a criminal for exceeding authorized access.
Say you use someone else's name to write a comment on a blog, or use someone's open Facebook account to type something silly or embarrassing on it. That goes across state lines and is potentially a federal crime, according to the Obama justice department.

Here's an example Kerr gives of how this can work out. This really happened:
In 2009, the Justice Department prosecuted a woman for violating the "terms of service" of the social networking site The woman had been part of a group that set up a MySpace profile using a fake picture. The feds charged her with conspiracy to violate the Computer Fraud and Abuse Act. Prosecutors say the woman exceeded authorized access because MySpace required all profile information to be truthful.
In other words, the Obama Justice Department wants to criminalize you violating a website's terms of service. Its not good enough that the website can penalize you or throw you off, they want you to face federal sanction.

And its not only federal law enforcement that would be involved, this proposed change would allow people to sue one another for such shenanigans. Did that guy claim he made more money than he really does on Sue him. Does that girl's photo of her face not show how fat she really is? Sue her.

At worst, this is breach of promise, something the federal government should only have any interest in if it causes notable financial damage. Making me sad because the girl of my dreams turns out to have been photoshopped is not sufficient cause for the feds to kick down her door.

The philosophy behind even considering such an expansion of federal power reveals much about the Obama administration. Granted, we knew they thought government should be involved more in everyone's life, but this unveils a level of desire for this that is suggested only in cautionary science fiction novels. The Obama Administration will make sure you're nice if they have to drag you off to jail to do so.

No comments: