{"id":2537,"date":"2014-02-11T21:09:14","date_gmt":"2014-02-11T21:09:14","guid":{"rendered":"http:\/\/ncjolt.org\/?p=2537"},"modified":"2020-06-04T20:53:56","modified_gmt":"2020-06-04T20:53:56","slug":"justice-department-may-reform-controversial-anti-hacking-law","status":"publish","type":"post","link":"https:\/\/journals.law.unc.edu\/ncjolt\/blogs\/justice-department-may-reform-controversial-anti-hacking-law\/","title":{"rendered":"Justice Department May Reform Controversial Anti-Hacking Law"},"content":{"rendered":"<p>It\u2019s almost impossible to talk about the Computer Fraud and Abuse Act (the \u201cCFAA\u201d) without first mentioning Aaron Swartz. <a href=\"http:\/\/en.wikipedia.org\/wiki\/Aaron_Swartz\">Aaron Swartz<\/a> was a computer programmer and Internet activist who ran afoul of the Justice Department just a few years ago. Police arrested Swartz in 2011, after he allegedly accessed the computer network at the Massachusetts Institute of Technology and downloaded nearly 5 million journal articles from JSTOR, an online database. The case became instantly controversial as Swartz was essentially being charged with accessing an <a href=\"http:\/\/www.slate.com\/blogs\/crime\/2014\/01\/13\/aaron_swartz_cfaa_a_year_after_aaron_swartz_s_death_the_computer_fraud_and.html\">\u201cextraordinarily open\u201d<\/a> MIT network and, as Swartz-founded Demand Progress put it, <a href=\"http:\/\/arstechnica.com\/tech-policy\/2011\/07\/reddit-founder-arrested-for-excessive-jstor-downloads\/\">\u201cchecking too many books out of the library.\u201d<\/a> In January of 2013, roughly two years after he was arrested, Swartz committed suicide. While we\u2019ll never know exactly why Swartz chose to end his own life, many believe that his decision was due, in part, to the criminal charges levied against him by the government. <a href=\"http:\/\/www.techdirt.com\/articles\/20120917\/17393320412\/us-government-ups-felony-count-jstoraaron-swartz-case-four-to-thirteen.shtml\">Swartz was charged with 13 felony counts<\/a>, including several counts of wire fraud and computer fraud, and faced 35 years of prison time. All of these charges arose under the overbroad CFAA.<br \/>\nAfter Swartz\u2019s death, there was nearly universal call to reform the CFAA, which was described as outdated, vague, and, in regards to some punishments, redundant. In June of 2013, there was a bipartisan attempt to reform the CFAA when two senators introduced Aaron\u2019s Law, aimed at <a href=\"http:\/\/www.wired.com\/opinion\/2013\/06\/aarons-law-is-finally-here\/\">updating the CFAA to focus more on prosecuting dangerous online attacks and distinguishing common online activities<\/a>. Aaron\u2019s Law sought to curb prosecutorial discretion, remove redundant punishment provisions, and reform CFAA penalties. Unfortunately, congressional gridlock last summer meant that Aaron\u2019s Law was not passed, and <a href=\"http:\/\/www.washingtonpost.com\/blogs\/the-switch\/wp\/2014\/01\/11\/the-law-used-to-prosecute-aaron-swartz-remains-unchanged-a-year-after-his-death\/\">the CFAA remains unchanged today<\/a>. In fact, there have been moves to strengthen the CFAA\u2019s enforcement to include <a href=\"http:\/\/www.washingtonpost.com\/blogs\/the-switch\/wp\/2014\/01\/09\/prosecutors-used-this-cybercrime-law-against-aaron-swartz-now-a-senator-wants-to-strengthen-it\/\">\u201cattempted hacks, as well as conspiracies to hack.\u201d<\/a><\/p>\n<blockquote><p>Recently, however, the Justice Department stated in congressional testimony that it would be open to reforming the CFAA to make it more difficult for the government to prosecute minor computer infractions.<\/p><\/blockquote>\n<p>Recently, however, the <a href=\"http:\/\/www.washingtonpost.com\/blogs\/the-switch\/wp\/2014\/02\/07\/the-justice-department-used-this-law-to-pursue-aaron-swartz-now-its-open-to-reforming-it\/\">Justice Department stated in congressional testimony that it would be open to reforming the CFAA<\/a> to make it more difficult for the government to prosecute minor computer infractions. As the CFAA stands now, a violation can occur for simply violating a website\u2019s Terms of Service. When a ToS violation is as simple as misstating your age in a dating profile, the CFAA\u2019s harsh criminal penalties hardly seem appropriate. The Justice Department hasn\u2019t made it clear exactly what sort of CFAA reforms they\u2019d like to see, but their openness to the reform is a huge step for the department, which was so aggressive in the Swartz case. It\u2019s possible that the Justice Department is taking its lead from recent court cases. Two recent cases decided by the <a href=\"https:\/\/www.eff.org\/cases\/u-s-v-nosal\">Ninth<\/a> and <a href=\"http:\/\/blog.ericgoldman.org\/archives\/2012\/07\/4th_circuit_lim.htm\">Fourth<\/a> Circuits found that a ToS violation was not sufficient to violate the CFAA and that the CFAA could not be used to prosecute a violation of an employer\u2019s computer policies, respectively.<br \/>\nWhile reform for the CFAA may be slow in coming, it\u2019s important that the Justice Department at least recognizes the need for change. The CFAA was enacted in 1986, and cannot possibly keep up with today\u2019s advances in technology. With some calling harsh CFAA punishments the <a href=\"http:\/\/www.wired.com\/opinion\/2014\/01\/using-computer-drug-war-decade-dangerous-excessive-punishment-consequences\/\">\u201cnew War on Drugs,\u201d<\/a> the government must take care to ensure that the tragedy of Aaron Swartz can never happen again. Tailoring the CFAA to focus on serious, malicious cyber-attacks could help to accomplish just that.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>It\u2019s almost impossible to talk about the Computer Fraud and Abuse Act (the \u201cCFAA\u201d) without first mentioning Aaron Swartz. Aaron Swartz was a computer programmer and Internet activist who ran afoul of the Justice Department just a few years ago. Police arrested Swartz in 2011, after he allegedly accessed the computer network at the Massachusetts <a href=\"https:\/\/journals.law.unc.edu\/ncjolt\/blogs\/justice-department-may-reform-controversial-anti-hacking-law\/\" class=\"more-link\">&#8230;<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[51],"tags":[],"_links":{"self":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts\/2537"}],"collection":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/comments?post=2537"}],"version-history":[{"count":1,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts\/2537\/revisions"}],"predecessor-version":[{"id":7507,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts\/2537\/revisions\/7507"}],"wp:attachment":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/media?parent=2537"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/categories?post=2537"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/tags?post=2537"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}