Former Department of Justice computer crimes prosecutor Orin Kerr has told a House subcomittee that the Computer Fraud and Abuse Act (CFAA) poses a threat to civil liberties.
The House Judiciary Subcommittee on Crime, Terrorism and Homeland Security is considering amendments to the CFAA, which currently includes a general ban on any act that ‘exceeds authorized access’.
This makes it illegal to violate terms of service such as those imposed by, say, Facebook. But, says Justice Department deputy section chief Richard Downing, its a necessary provision.
“Some have argued that the definition of ‘exceeds authorized access’ in the CFAA should be restricted to disallow prosecutions based upon a violation of contractual agreements with an employer or service provider,” he says.
“We appreciate this view, but we are concerned that that restricting the statute in this way would make it difficult or impossible to deter and address serious insider threats through prosecution.”
But, said Kerr in his testimony, many, if not most, computer users violate this provision on a regular basis.
“In the Justice Department’s view, the CFAA criminalizes conduct as innocuous as using a fake name on Facebook or lying about your weight in an online dating profile,” he says.
“That situation is intolerable. Routine computer use should not be a crime.”
Kerr points out that, given that Google’s terms of service require users to be of an age to form a contract with Google, any 17-year-old researching a term paper has violated them.
And because Match.com bars users from providing inaccurate information, lying about your weight is breaking the law.
All this might seem theoretical – but the provision has been invoked in law at least once. Three years ago, a Missouri woman who’d taunted a teenage girl into suicide was charged over her use of a fraudulent MySpace profile and found guilty – although the conviction was later overturned.