Justice Department attorneys are asking Congress to take measures to clarify a 1986 law concerning computer fraud that critics say may be too broadly interpreted, the New York Times recently reported.
The Computer Fraud and Abuse Act
The Computer Fraud and Abuse Act was passed in the mid-1980s as an attempt to crack down on computer hackers who break into computer networks and steal information. However, several recent court cases have sparked growing concerns that the law is written too broadly, and could cause unfair conviction and sentencing for activities that are technically violations of the law, but are otherwise harmless. For example, an appeals court judge recently purported the idea that someone could be prosecuted under the Computer Fraud and Abuse Act for using work computers to check sports scores, or other activities the law was obviously not intended to denote as criminal. (At the time the law was written, the average individual did not have the level of access to computer networks or technology that exists today.)
Judge Alex Kozinski
One critic is Judge Alex Kozinski, who has suggested that the law could be misconstrued to make innocuous acts illegal simply because they violate company policy. “Employees who call family members from their work phones will become criminals if they send an email instead,” he writes. “Employees can sneak in the sports section of The New York Times to read at work, but they’d better not visit ESPN.com.”
Assistant Attorney General Leslie Caldwell
Assistant Attorney General Leslie Caldwell has similarly weighed in on the discussion, suggesting that the law needs to clarify that unauthorized access needs to be accompanied by intent for “nefarious purposes” in order to be categorized as criminal activity.
While up to now there have been no instances in which the law has been interpreted to wrongly criminalize people, several recent cases in the appeals courts have ventured into what critics consider to be shady territory, particularly regarding the misuse of trade secrets. Take, for example, a recent case involving former New York City police officer Gilberto Valle (aka, the “cannibal cop”) who was recently prosecuted for alleged online communications about kidnapping and eating women. The judge threw out most of the charges, but Valle was convicted for using a police department database to obtain a woman’s personal information unlawfully. Valle is appealing on the grounds that he was not technically breaking the law because he was authorized to access the database.
President Barack Obama recently drew attention to this issue as well, when he proposed certain changes to the Computer Fraud and Abuse Act. Congress is expected to begin discussions of cybersecurity measures in the coming weeks. It will be interesting to see what comes of this ongoing discussion.