Computer crimes arrived on the legal landscape in the early 1980s. Law enforcement had relatively few criminal statutes under which to pursue investigations involving computers and wrongdoing. The only statutes then available were the federal wire and mail fraud statutes that could address some of the wrongdoing but not all.
In 1984, Congress responded with the Comprehensive Crime Control Act. This sweeping legislation included provisions that dealt with the unauthorized access and use of computers and computer networks. These provisions, found in 18 U.S.C. § 1030, made it a felony to access classified information through a computer without authorization and made it a misdemeanor to access financial records and credit histories stored by financial institutions. The provisions also made it a misdemeanor to trespass into a government computer.
But lawmakers continued to face legal challenges involving the use of computers and criminal activity. Finally, in 1986, Congress enacted the Computer Fraud and Abuse Act (CFAA) which effectively amended § 1030.
Congressional records reveal that lawmakers, with the CFAA, sought to strike an “appropriate balance between the Federal Government’s interest in computer crimes and the interests and abilities of the States to proscribe and punish such offenses.” This objective was accomplished by “limiting federal jurisdiction” to only those cases involving a compelling federal interest, such as “where computers of the federal government or certain financial institutions are involved or where the crime itself is interstate in nature.”
Instead of limiting government involvement, the CFAA actually created a new legal horizon by criminalizing other computer-related acts like theft of property through a computer involving a scheme to defraud or altering, damaging, or destroying data belonging to others. Lastly, the CFAA criminalized trafficking in passwords and similar items.
Similar to what it has done with child pornography-related offenses, Congress then embarked upon an amendment crusade either creating new criminal acts or enhancing penalties under the CFAA. Amendments were made in 1988, 1989, 1990, 1994, 2001, 2002, and 2008. Today’s version of the CFAA includes seven types of criminal activity listed fellow:
- Obtaining National Security Information: Section: (a)(1); Penalty: 10 (20) years.
- Accessing a Computer and Obtaining Information: Section: (a)(2); Penalty: 1 or 5 (10).
- Trespassing in a Government Computer: Section: (a)(3); Penalty: 1 (10) years.
- Accessing a Computer to Defraud & Obtain Value: Section: (a)(4); Penalty: 5 (10).
- Intentionally Damaging by Knowing Transmission: Section: (a)(5)(A); Penalty: 1 or 10 (20).
- Recklessly Damaging by Intentional Access: Section: (a)(5)(B); Penalty: 1 or 5 (20).
- Negligently Causing Damage & Loss by Intentional Access: Section: (a)(5)(C); Penalty: 1 (10).
- Trafficking in Passwords: Section: (a)(6); Penalty: 1 (10).
- Extortion Involving Computers: Section (a)(7); Penalty: 5 (10).
Still, this does not end the matter. Conspiracy to commit these offenses are crimes subject to prosecution under § 1030.
If you are charged with a computer crime, you will most likely be prosecuted under the (CFAA), a law that since it went into effect has been routinely panned, even being called the “Worst Law in Technology.”
What Makes the CFAA So Bad?
The CFAA, for example, not only makes it a crime for people to hack into computers for nuclear codes but also makes any act of gaining “unauthorized access” or “exceeding authorized access” to a computer illegal.
The law is extremely vague, allowing prosecutors to bring people up on serious federal charges for crimes as small as using a partner’s computer password to check something online or print a boarding pass.
In one well-known case, a journalist faced 25 years in prison for sharing the username and password to manage the content for the Los Angeles Times. He essentially shared the information in order to conduct a prank – an article title was changed for 40 minutes before it was taken down.
For this offense, he faced 25 years in prison.
It this the sort of punishment that really fits the crime?
To be fair, the CFAA was enacted in the ‘80s, when technology and computers were not part of everyday life. That, however, does not excuse the fact that Congress has not brought the legislation into today’s modern world. Instead, lawmakers have been bent on creating new offenses and/or harsher penalties to cover every conceivable aspect of computer use.
Empowering Prosecutors Disenfranchises Regular People
The most recent additions to the CFAA appear to limit prosecutors’ ability to bring up defendants on crimes under the CFAA. In reality, though, it gives them even more power.
The CFAA offers guidelines that prosecutors should consider before bringing someone up on charges. These are not requirements. Prosecutors can ignore the guidelines and proceed with the most damaging prosecution possible.
Under the CFAA the prosecutor is dealt a hand with two aces in the hole, making it difficult for the defendant to overcome because he or she cannot raise the prosecutor’s intent for bringing the charges in court.
Sandvig v. Lynch
Luckily, some organizations are taking action to fight this law.
When the CFAA bans “exceeding authorized access,” they often reference the actions that could go against a website’s terms of service. You know, that document you have to agree to (even though you never read it) in order to access a website in the first place? Violating the Terms of Service can get you in big trouble with the federal government.
According to the American Civil Liberties Union (ACLU), though, this seriously inhibits research and work that could be done through the Internet. For example, in order to uncover instances and patterns of racial discrimination, the ACLU has turned to academics, researchers, and journalists for evidence and statistics.
Researchers, though, are having trouble obtaining this data. The only course of action available to them is to use tactics such as giving false information, creating multiple accounts, and gathering public data.
When used for reasons like audit testing or uncovering discrimination, these tactics are allowed and encouraged by federal institutions. However, they are also commonly banned through a website’s terms of services page. By violating the terms of service, this research has essentially become a federal crime.
The ACLU’s lawsuit can hopefully shed some light as to how the CFAA is hurting our abilities to use the internet and criminalizing people who are using the internet in a lawful way.
Until then, the CFAA could result in decades in prison for anyone charged.
Facing Federal Penalties under the CFAA
Ultimately, despite the CFAA being an extremely controversial law for many reasons, it is still the law. Being charged under the CFAA is extremely serious. The severity of these charges has put many people in jail for decades.
If you charged with violating any provisions of the CFAA, or for any other type of computer crime, it is important to get in contact with a federal defense lawyer immediately. The prosecution has immense power against you. Fight back with a lawyer who can represent you and fight for your freedoms.