Cybersecurity: Crime and Espionage

Opposition to the House Computer Fraud and Abuse Act (CFAA) Draft

By Paul Rosenzweig
Tuesday, April 2, 2013, 2:29 PM

Last week I noted that the House Judiciary Committee was  circulating a proposal to reform the Computer Fraud and Abuse Act that was mostly a wish list for the Department of Justice.  Yesterday a diverse group of organizations and individuals (of whom I was one) sent a letter to the Committee urging the Committee to reconsider the draft.  As we said, the draft would:

●Obliterate the sensible line between criminal attackers and legitimate users who are
authorized “to obtain or alter the same information” but do so in a manner or with a motive
disfavored by the server owner or expressed in unilateral terms of service (TOS) or
contractual agreements;
● Substantially increase maximum penalties for many violations to 20 years or more, giving
prosecutors a heavy hammer to hang over individuals charged with borderline offenses,
and ensuring even minor violations with little or no economic harm (which ought to be
misdemeanors at most) will be punished as felonies; and
● Make all CFAA violations a RICO predicate