What Changes to the CFAA Might Mean for IT Law
The Computer Fraud and Abuse Act (CFAA) has recently been brought into the spotlight for much criticism and debate. The CFAA is now on the table for revision, as Aaron’s Law.
The proposed law’s namesake, Aaron Swartz, was indicted on multiple counts under the CFAA in 2011 for downloading several million academic articles from the subscription database JSTOR. Swartz faced a maximum of 35 years in prison coupled with up to $1 million in fines, leading to his suicide while awaiting trial in January of 2013. The nature of Swartz’s infraction, and the excessive force with which he was pursued by prosecutors, alarmed many in the IT community and has brought the crime-to-punishment proportionality of the CFAA into question.
What is the CFAA?
The Computer Fraud and Abuse Act (CFAA) is a piece of U.S. legislation passed in 1986 that makes it a federal crime to access a protected computer without proper authorization or in excess of authorization.
Flaws in the CFAA
The main concern voiced about the CFAA is its ambiguous wording and potential to be abused by prosecutors. Originally passed in order to protect computers used by or for the United States government, interpretations of the CFAA have become exceedingly broad so as to include any ordinary computer, and thus affect many ordinary users. Common misdemeanors, such as breaching the terms of a service agreement, can be charged under the CFAA as a criminal offense subject to jail time. This is typical internet activity unintentionally engaged in by millions of innocent users and small businesses every day. The CFAA also enables a person to be charged multiple times for the same crime, allowing prosecutors to rack up counts and impose tougher penalties on defendants. With so much free range in its vague provisions, the CFAA has been criticized for permitting excessive power to prosecutors and threats to average users.
Aaron’s Law aims to revise and narrow the scope of the CFAA. The main goal is to distinguish between the typical computer user and hackers or criminals who are actual threats to cyber security. Aaron’s Law would revise the CFAA to offer a more clear, concrete law that would decrease the severity of violating a terms of service agreement, making such a violation a breach of contract rather than a felony, and eliminate the ability to press multiple charges for a single violation. These measures would hopefully reduce excessive power in the hands of prosecutors to overzealously punish defendants.
Despite the movement to decrease penalties for common computer activity, software companies remain persistent in efforts to actively target persons and businesses accused of cybercrimes, and continue to seek to harsh penalties even for minor violations. BSA│The Software Alliance has expressed that they are opposed to Aaron’s Law, and many software companies are pushing for a cyber-security bill with yet even tougher penalties than the CFAA in order to keep power in their hands to combat what they claim to be a rampant software piracy problem. It does not appear that Aaron’s Law will encourage software companies to follow suit in the effort to execute a more fair, moderate IT law.
Dorman Bell is a business and technology focused law firm based in Dallas, Texas and has a dedicated section to defend organizations against software license audits from software publishers and their trade organizations, such as BSA│The Software Alliance and Software and Information Industry Association. For more information, call us at (214) 736-718 or visit our contact page and we will get back with you as soon as possible. We look forward to serving you!!!