If Congress Won't Fix The CFAA, President Obama Should Order The DOJ To Stand Down
from the get-with-the-program dept
Tim Wu has an excellent article in the New Yorker, talking about the Computer Fraud and Abuse Act (CFAA), and specifically about how it was used against Aaron Swartz, declaring it the worst law in technology. Much of it covers similar ground to what we've covered before, but it also makes some really good points towards the end about how the Obama administration really needs to pull back on its reliance on the law in so many cases. First, he notes that simply relying on "prosecutorial discretion" is not enough, since we've seen that doesn't work:The broadest provision, 18 U.S.C. §1030(a)(2)(c), makes it a crime to “exceed authorized access, and thereby obtain… information from any protected computer.” To the Justice Department, “exceeding authorized access” includes violating terms of service, and “any protected computer” includes just about any Web site or computer. The resulting breadth of criminality is staggering. As Professor Kerr writes, it “potentially regulates every use of every computer in the United States and even many millions of computers abroad.” You don’t have to be a raving libertarian to think that might be a problem. Dating sites, to borrow an example from Judge Alex Kozinski, usually mandate that you tell the truth, making lying about your age and weight technically a crime. Or consider employer restrictions on computers that ban personal usage, like checking ESPN or online shopping. The Justice Department’s interpretation makes the American desk-worker a felon.He notes (as we have) that it doesn't look like Congress is really taking the matter that seriously yet. But he also notes that we don't have to wait for Congress. The DOJ should make it a stated policy not to interpret the law in such a ridiculous manner.
When judges or academics say that it is wrong to interpret a law in such a way that everyone is a felon, the Justice Department has usually replied by saying, roughly, that federal prosecutors don’t bother with minor cases—they only go after the really bad guys. That has always been a lame excuse—repulsive to anyone who takes seriously the idea of a “a government of laws, not men.” After Aaron Swartz’s suicide, the era of trusting prosecutors with unlimited power in this area should officially be over.
There is a much more immediate and effective remedy: the Justice Department should announce a change in its criminal-enforcement policy. It should no longer consider terms-of-service violations to be criminal. It can join more than a dozen federal judges and scholars, like Kerr, who adopt a reasonable and more limited interpretation. The Obama Administration’s policy will have no effect on civil litigation, so firms like Oracle will retain their civil remedies. President Obama’s DREAM Act enforcement policy, under which the Administration does not deport certain illegal immigrants despite Congress’s inability to make the act a law, should be the model. Where Congress is unlikely to solve a problem, the Administration should take care of business itself.Failing that -- and we've rarely seen a law enforcement agency take a weapon out of its own arsenal by choice -- Wu suggests that it's President Obama's responsibility to speak up and tell the DOJ to change its policies. He notes, "with just one speech, the President can set things right."
All the Administration needs to do is to rely on the ancient common-law principle called the “rule of lenity.” This states that ambiguous criminal laws should be construed in favor of a defendant. As the Supreme Court puts it, “When choice has to be made between two readings of what conduct Congress has made a crime, it is appropriate, before we choose the harsher alternative, to require that Congress should have spoken in language that is clear and definite.” So far, at least thirteen federal judges have rejected the Justice Department’s interpretation of the Computer Fraud and Abuse Act. If that’s not a sign that the law is unclear and should be interpreted with lenity, I don’t know what is.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Already done! DOJ went ONLY after a guy who violated physical security,
Here Mike is expecting an administration that's thrown out the entire "due process" -- all of English law back to before Magna Carta -- and claims the right to kill anyone anywhere anytime, YET Mike seems to expect that admin to step back and say "Whoa! We've gone too far prosecuting this guy who took these actions to liberate data!"
Take a loopy tour of Techdirt.com! You always end up same place!
http://techdirt.com/
Where Mike daily proves the value of an economics degree.
05:11:51[g-122-6]
[ link to this | view in chronology ]
Re: Already done! DOJ went ONLY after a guy who violated physical security,
[ link to this | view in chronology ]
Re: Already done! DOJ went ONLY after a guy who violated physical security,
[ link to this | view in chronology ]
Re: Re: Already done! DOJ went ONLY after a guy who violated physical security,
[ link to this | view in chronology ]
Re: Already done! DOJ went ONLY after a guy who violated physical security,
[ link to this | view in chronology ]
Re: Already done! DOJ went ONLY after a guy who violated physical security,
What does that even mean? He did no such thing, in any case. I suspect you're talking about him changing the MAC address -- which has nothing to do with network addresses, let alone subnet address. If so, then "falsify" is an interesting and inflammatory word to use. What is a "falsified" MAC address?
As far as violating physical security goes -- where did he do that? He didn't pick any locks. He did trespass, but why is such a trivial misdemeanor of interest to the DOJ?
[ link to this | view in chronology ]
Re: Re: Already done! DOJ went ONLY after a guy who violated physical security,
[ link to this | view in chronology ]
Re: Already done! DOJ went ONLY after a guy who violated physical security,
WHAT are you talking about?!? His MAC address ?
That's a machine address that should be unique to a network/sub-net. Changing MACs helps in troubleshooting as NO 2(or more) computers can have the same MAC(just like an IP address). I've had to do it on occasion at home because of computer disconnects, network freezes, and the like.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
www.weareallfelonsnow.com
Create a parody site of this situation where by going to the webpage you're forced to agree to a TOS that is impossible to adhere to. Some brief examples would be have it explicitly stated in the TOS to not agree to it or even read it in it's entirety, to not view the page following after it's agreed to (which may just spell out how insane this whole thing is if you did read it), do not close the webpage after agreeing to it ever, do not link to this page nor like it on any social site, give control of your computer over to those who oporate said page, and any other crazy assertion that's impossible to follow thus making any visitor an automatic felon. A feln generator of sorts...
[ link to this | view in chronology ]
and you honestly expect Obama to do the right thing here? dont be so ridiculous! he wont risk taking anything away from any Law Enforcement Agency that reduces the hold he has over the American people. and as for Congress doing anything first? not a hope in hell! we have seen the sort of stupid statements and questions Senators have come out with this week (Gohmert, for example), and the idiotic bills that have been mentioned! they haven't got a friggin' clue, nor do they care!!
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Hmmm?
So,
your kids get on your computer..YOUR COMPUTER..
you told them they could use it..
They THEN, get it infected..
Is it the kids problem?
The ISP, the SITES, the Advertisers??
You are given access at work to a computer..ITS NOT SECURE, and it gets infected..WHO is at fault?
This seems to be an IDIOT CLAUSE, to protect IDIOTS from not protecting themselves and the systems..
Someone LEAVES the computer Access logged in..someone ELSE uses the computer...with that persons Access..WHO IS TO BLAME?
Im sorry..these are BASIC security issues that have to be discerned and CONTROLLED BY THE ADMIN/CREATOR/...
[ link to this | view in chronology ]
I also recall EA personnel stating that to reveal Securom usage would have been a violation of the anti-circumvention clause of the DMCA, which I'd never heard of, and yes, I wish I had screenshot it back then, it was removed from existence shortly thereafter. EA did have to admit that Securom was responsible for software conflicts and other issues afflicting paying customers (not that EA resolved those issues in any satisfactory way, but...it's EA).
I came across the CFAA but, not being fluent in legalese, could only gather that it applied to government computers. Apparently that isn't the case and the DOJ could have prosecuted EA, or any other company that did such, to the fullest extent of their interpretation of THE LAW.
Instead I'm a potential felon for reading TechDirt at work.
[ link to this | view in chronology ]
A separate agency is silly when compared to Democratic and the Three branches of government. Defense Department or nothing. (must keep clear on foreign or domestic issues)
The actual invocation of a lethal response requiring the assistance of the Armed Forces creates the same scenario as a judicial review does. It creates the paperwork and documentation trail for an (grudgingly) required assault be it marines or drone missile.
Please (more personal opinion) A request to end the congressionally approved war on terror. (Which arguably does not exist.) Write your local congressmen.
reactionary: (more great posts)
Anonymous and DH's Love Child; No, the justice branch must not fall into the 'interpretation of the law doctrine' trap. Every case must be examined by judge and jury in relation to basic constitutional law. Tossing out the ridiculous special interest influenced congressional sponsored nonsense is the control that our original founding fathers anticipated. Not anticipated are the special interest sponsored appointees to the judicial department. (ievil in any analysis)
ECA; states the obvious.
Anonymous: Secureom? Sounds like a root issue. Please elaborate. (anyone?) It's enforceable regardless of TOS notice.
[ link to this | view in chronology ]
Re:
Why is it okay for a company to do such a thing on such a grand scale but Swartz is prosecuted for downloading files that were there for no other reason but to be downloaded? Both involve interference with computers that do not belong to them.
[ link to this | view in chronology ]
Re: Re:
I try to compose each post on a word processor before entry. Helps most of the time. Especially when detail, facts and links are needed.
Except for the reactionary part most of the text should have been in the “Report Suggests Obama May Take Drones Away From The CIA” post.
Getting to the point.
Securom. Is it a rootkit? (I don't know) May not be but any monitoring or DRM program should be mentioned on the outside of the game box. Its more than basic courtesy. Another reason I wont trust EA products on any computer in house. I agree that an announcement is necessary.
The Aaron Swartz issue was tragic and hope heads will roll (so to speak). This is what we get for allowing copyright lawyers into official positions.
[ link to this | view in chronology ]
Lenity
I actually laughed when I read that. Kind of a sad, bitter laughter, at the thought that the DOJ would interpret laws to favor the defendant rather than themselves.
[ link to this | view in chronology ]
I wouldn't be surprised to see "embarrassing" information be leaked to the press in the future against anyone who challenges the wrong powerful person.
[ link to this | view in chronology ]
Mike Mansick:
The US Supreme Court has to order the DOJ to stand down.
[ link to this | view in chronology ]
Re:
Mike Mansick:
The US Supreme Court has to order the DOJ to stand down.
The DOJ is also part of the executive branch.
[ link to this | view in chronology ]
Re:
Mike Mansick:
The US Supreme Court has to order the DOJ to stand down.
Um, DOJ is a part of the executive branch and reports to the President.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
'limited interpretation'
you are correct that your suggestion would be a good approach. however, you have ignored the ideology that inspires the current regime. the Obama administration will only take a narrow interpretation on a law if it is a law that limits government power, never on one that empowers government. it is against their nature to limit their power, as they believe that all ppower should reside in a central government. they do not seem to care that our Nation was founded on the idea that individuals are sovereign, and delegate powers to their various levels of government. they also do not seem to care that our Constitution was written to protect that idea in practice. the People need to take back our power and our rights to stop these abuses!!!
[ link to this | view in chronology ]