If Congress Won't Fix The CFAA, President Obama Should Order The DOJ To Stand Down

from the get-with-the-program dept

Tim Wu has an excellent article in the New Yorker, talking about the Computer Fraud and Abuse Act (CFAA), and specifically about how it was used against Aaron Swartz, declaring it the worst law in technology. Much of it covers similar ground to what we've covered before, but it also makes some really good points towards the end about how the Obama administration really needs to pull back on its reliance on the law in so many cases. First, he notes that simply relying on "prosecutorial discretion" is not enough, since we've seen that doesn't work:
The broadest provision, 18 U.S.C. §1030(a)(2)(c), makes it a crime to “exceed authorized access, and thereby obtain… information from any protected computer.” To the Justice Department, “exceeding authorized access” includes violating terms of service, and “any protected computer” includes just about any Web site or computer. The resulting breadth of criminality is staggering. As Professor Kerr writes, it “potentially regulates every use of every computer in the United States and even many millions of computers abroad.” You don’t have to be a raving libertarian to think that might be a problem. Dating sites, to borrow an example from Judge Alex Kozinski, usually mandate that you tell the truth, making lying about your age and weight technically a crime. Or consider employer restrictions on computers that ban personal usage, like checking ESPN or online shopping. The Justice Department’s interpretation makes the American desk-worker a felon.

When judges or academics say that it is wrong to interpret a law in such a way that everyone is a felon, the Justice Department has usually replied by saying, roughly, that federal prosecutors don’t bother with minor cases—they only go after the really bad guys. That has always been a lame excuse—repulsive to anyone who takes seriously the idea of a “a government of laws, not men.” After Aaron Swartz’s suicide, the era of trusting prosecutors with unlimited power in this area should officially be over.
He notes (as we have) that it doesn't look like Congress is really taking the matter that seriously yet. But he also notes that we don't have to wait for Congress. The DOJ should make it a stated policy not to interpret the law in such a ridiculous manner.
There is a much more immediate and effective remedy: the Justice Department should announce a change in its criminal-enforcement policy. It should no longer consider terms-of-service violations to be criminal. It can join more than a dozen federal judges and scholars, like Kerr, who adopt a reasonable and more limited interpretation. The Obama Administration’s policy will have no effect on civil litigation, so firms like Oracle will retain their civil remedies. President Obama’s DREAM Act enforcement policy, under which the Administration does not deport certain illegal immigrants despite Congress’s inability to make the act a law, should be the model. Where Congress is unlikely to solve a problem, the Administration should take care of business itself.

All the Administration needs to do is to rely on the ancient common-law principle called the “rule of lenity.” This states that ambiguous criminal laws should be construed in favor of a defendant. As the Supreme Court puts it, “When choice has to be made between two readings of what conduct Congress has made a crime, it is appropriate, before we choose the harsher alternative, to require that Congress should have spoken in language that is clear and definite.” So far, at least thirteen federal judges have rejected the Justice Department’s interpretation of the Computer Fraud and Abuse Act. If that’s not a sign that the law is unclear and should be interpreted with lenity, I don’t know what is.
Failing that -- and we've rarely seen a law enforcement agency take a weapon out of its own arsenal by choice -- Wu suggests that it's President Obama's responsibility to speak up and tell the DOJ to change its policies. He notes, "with just one speech, the President can set things right."
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: cfaa, doj, obama


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. This comment has been flagged by the community. Click here to show it
    identicon
    Anonymous Coward, 21 Mar 2013 @ 8:54am

    All laws that affect internet users are broken irrevocably! There should be no laws!

    link to this | view in thread ]

  2. icon
    silverscarcat (profile), 21 Mar 2013 @ 8:58am

    Re:

    Most of those laws are written for an analog world, not a digital one.

    link to this | view in thread ]

  3. identicon
    Anonymous Coward, 21 Mar 2013 @ 9:08am

    Re:

    Change "no" to "better" and you're correct.

    link to this | view in thread ]

  4. This comment has been flagged by the community. Click here to show it
    identicon
    out_of_the_blue, 21 Mar 2013 @ 9:12am

    Already done! DOJ went ONLY after a guy who violated physical security,

    and falsified a sub-net address. That's NOT every desk-worker.

    Here Mike is expecting an administration that's thrown out the entire "due process" -- all of English law back to before Magna Carta -- and claims the right to kill anyone anywhere anytime, YET Mike seems to expect that admin to step back and say "Whoa! We've gone too far prosecuting this guy who took these actions to liberate data!"



    Take a loopy tour of Techdirt.com! You always end up same place!
    http://techdirt.com/
    Where Mike daily proves the value of an economics degree.
    05:11:51[g-122-6]

    link to this | view in thread ]

  5. identicon
    Anonymous Coward, 21 Mar 2013 @ 9:19am

    Re: Already done! DOJ went ONLY after a guy who violated physical security,

    Fascist regimes can do thing like execute idiots, so you are playing a high risk game supporting fascists positions.

    link to this | view in thread ]

  6. identicon
    Anonymous Coward, 21 Mar 2013 @ 9:21am

    Re:

    It's not that internet users don't want laws but that we don't want bad laws for the sake of laws. Or for the sake of making a politician's career look good. Or for the sake of fighting for control with other governments or bodies within the same government. Or one-sided agenda focused laws for large lobbying corporations.

    link to this | view in thread ]

  7. identicon
    Anonymous Coward, 21 Mar 2013 @ 9:22am

    Re: Already done! DOJ went ONLY after a guy who violated physical security,

    Checking your personal email at work, that's a crime.

    link to this | view in thread ]

  8. identicon
    Anonymous Coward, 21 Mar 2013 @ 9:22am

    Re: Already done! DOJ went ONLY after a guy who violated physical security,

    Visiting blog sites to make irrational comments. That's a crime.

    link to this | view in thread ]

  9. identicon
    VMax, 21 Mar 2013 @ 9:29am

    Re: Re: Already done! DOJ went ONLY after a guy who violated physical security,

    “Talkin’ out of turn? That’s a paddlin’ erm... Crime

    link to this | view in thread ]

  10. identicon
    Anonymous Coward, 21 Mar 2013 @ 9:33am

    Yes, the Executive/DOJ should pick and choose which laws it personally believes are A'ok and enforce only them. It's not like Congress should receive any deference as required by the Constitution. Perhaps I am being a bit formal, but it is up to the Article III courts to make such decisions. Case cite: Marbury v. Madison.

    link to this | view in thread ]

  11. icon
    MonkeyFracasJr (profile), 21 Mar 2013 @ 9:34am

    Re: Re:

    Adding the phrase "on the internet" to the end of a statement does not create a whole new universe requiring a special set of laws to be RE-created. Fraud is fraud the use of a computer does not change that. The only thing that changed is how it was done. Using everyone's favorite analogy the automobile: If you unlawfully break in to a house it doesn't matter if you use a crow bar or a car bumper, the illegal act is breaking in and not what tool you used to do it with.

    link to this | view in thread ]

  12. identicon
    Anonymous Coward, 21 Mar 2013 @ 9:49am

    The same president who threw a hissyfit when Congress' "Congress can order the army to attack civilians" bill might have impeded his ability to order the army to attack civilians? I doubt it.

    link to this | view in thread ]

  13. icon
    DH's Love Child (profile), 21 Mar 2013 @ 10:00am

    Re:

    I may be wrong here.. but this article isn't saying the DOJ shouldn't enforce the CFAA, only that they change their interpretation to not include violating TOS as a criminal act.

    link to this | view in thread ]

  14. identicon
    Eponymous Coward, 21 Mar 2013 @ 10:01am

    www.weareallfelonsnow.com

    Here's an idea if anyone wants to run with it:

    Create a parody site of this situation where by going to the webpage you're forced to agree to a TOS that is impossible to adhere to. Some brief examples would be have it explicitly stated in the TOS to not agree to it or even read it in it's entirety, to not view the page following after it's agreed to (which may just spell out how insane this whole thing is if you did read it), do not close the webpage after agreeing to it ever, do not link to this page nor like it on any social site, give control of your computer over to those who oporate said page, and any other crazy assertion that's impossible to follow thus making any visitor an automatic felon. A feln generator of sorts...

    link to this | view in thread ]

  15. identicon
    Anonymous Coward, 21 Mar 2013 @ 10:09am

    'with just one speech, the President can set things right'

    and you honestly expect Obama to do the right thing here? dont be so ridiculous! he wont risk taking anything away from any Law Enforcement Agency that reduces the hold he has over the American people. and as for Congress doing anything first? not a hope in hell! we have seen the sort of stupid statements and questions Senators have come out with this week (Gohmert, for example), and the idiotic bills that have been mentioned! they haven't got a friggin' clue, nor do they care!!

    link to this | view in thread ]

  16. icon
    John Fenderson (profile), 21 Mar 2013 @ 10:17am

    Re: Already done! DOJ went ONLY after a guy who violated physical security,

    and falsified a sub-net address


    What does that even mean? He did no such thing, in any case. I suspect you're talking about him changing the MAC address -- which has nothing to do with network addresses, let alone subnet address. If so, then "falsify" is an interesting and inflammatory word to use. What is a "falsified" MAC address?

    As far as violating physical security goes -- where did he do that? He didn't pick any locks. He did trespass, but why is such a trivial misdemeanor of interest to the DOJ?

    link to this | view in thread ]

  17. icon
    ECA (profile), 21 Mar 2013 @ 11:21am

    Hmmm?

    makes it a crime to “exceed authorized access, and thereby obtain… information from any protected computer.”

    So,
    your kids get on your computer..YOUR COMPUTER..
    you told them they could use it..
    They THEN, get it infected..

    Is it the kids problem?
    The ISP, the SITES, the Advertisers??

    You are given access at work to a computer..ITS NOT SECURE, and it gets infected..WHO is at fault?

    This seems to be an IDIOT CLAUSE, to protect IDIOTS from not protecting themselves and the systems..

    Someone LEAVES the computer Access logged in..someone ELSE uses the computer...with that persons Access..WHO IS TO BLAME?

    Im sorry..these are BASIC security issues that have to be discerned and CONTROLLED BY THE ADMIN/CREATOR/...

    link to this | view in thread ]

  18. icon
    dennis deems (profile), 21 Mar 2013 @ 11:32am

    Re:

    You're going to burst a blood vessel.

    link to this | view in thread ]

  19. identicon
    Anonymous Coward, 21 Mar 2013 @ 11:46am

    In 2007 I recall searching for some kind of applicable law when EA put the problematic Securom on their game discs with absolutely no mention of it anywhere. I wondered how it was lawful for them to install anything on someone's computer without their knowledge or consent, that collected information without the users' knowledge or consent, and was not uninstalled along with the program it wrapped (ticking all the boxes indicating spyware/malware according to the FTC).

    I also recall EA personnel stating that to reveal Securom usage would have been a violation of the anti-circumvention clause of the DMCA, which I'd never heard of, and yes, I wish I had screenshot it back then, it was removed from existence shortly thereafter. EA did have to admit that Securom was responsible for software conflicts and other issues afflicting paying customers (not that EA resolved those issues in any satisfactory way, but...it's EA).

    I came across the CFAA but, not being fluent in legalese, could only gather that it applied to government computers. Apparently that isn't the case and the DOJ could have prosecuted EA, or any other company that did such, to the fullest extent of their interpretation of THE LAW.

    Instead I'm a potential felon for reading TechDirt at work.

    link to this | view in thread ]

  20. identicon
    Anonymous Coward, 21 Mar 2013 @ 12:01pm

    Re: Re:

    TOS has already been interpreted as outside the CFAA (the Lori Drew case). The case here has nothing to do with TOS.

    link to this | view in thread ]

  21. identicon
    Anonymous Coward, 21 Mar 2013 @ 12:14pm

    Re: Re: Re:

    Yes, but a JUDGE did that, not the prosecutors.

    link to this | view in thread ]

  22. identicon
    Anonymous Coward, 21 Mar 2013 @ 12:31pm

    Re: Re: Re: Re:

    That is what judges do all the time, and their decisions serve as precedent...

    link to this | view in thread ]

  23. icon
    special-interesting (profile), 21 Mar 2013 @ 12:48pm

    Is personal opinion but ALL weapons should be under the control of the Defense Department. (with the exception of citizen held weaponry) Spy agencies in charge of killing anyone anyone plus the nearby innocent civilians? No way. NSA or White House is still out of the question. No way. Killing is for professionals and leave it at that.

    A separate agency is silly when compared to Democratic and the Three branches of government. Defense Department or nothing. (must keep clear on foreign or domestic issues)

    The actual invocation of a lethal response requiring the assistance of the Armed Forces creates the same scenario as a judicial review does. It creates the paperwork and documentation trail for an (grudgingly) required assault be it marines or drone missile.

    Please (more personal opinion) A request to end the congressionally approved war on terror. (Which arguably does not exist.) Write your local congressmen.

    reactionary: (more great posts)

    Anonymous and DH's Love Child; No, the justice branch must not fall into the 'interpretation of the law doctrine' trap. Every case must be examined by judge and jury in relation to basic constitutional law. Tossing out the ridiculous special interest influenced congressional sponsored nonsense is the control that our original founding fathers anticipated. Not anticipated are the special interest sponsored appointees to the judicial department. (ievil in any analysis)

    ECA; states the obvious.

    Anonymous: Secureom? Sounds like a root issue. Please elaborate. (anyone?) It's enforceable regardless of TOS notice.

    link to this | view in thread ]

  24. icon
    nasch (profile), 21 Mar 2013 @ 12:48pm

    Lenity

    This states that ambiguous criminal laws should be construed in favor of a defendant.

    I actually laughed when I read that. Kind of a sad, bitter laughter, at the thought that the DOJ would interpret laws to favor the defendant rather than themselves.

    link to this | view in thread ]

  25. icon
    John Fenderson (profile), 21 Mar 2013 @ 1:01pm

    Re: Re: Re: Re: Re:

    And yet, the DOJ acts as if violating the TOS does violate the CFAA. That's part of the problem.

    link to this | view in thread ]

  26. identicon
    Anonymous Coward, 21 Mar 2013 @ 1:39pm

    Re:

    Root issue? Irrelevant. It was the unannounced placement of software on someone's computer, that proceeded to affect personal computers in negative fashion, without the consent or knowledge of the user. It resulted in several class actions against EA resulting in the wristslap of requiring notice that Securom usage is included in game documentation and packaging.

    Why is it okay for a company to do such a thing on such a grand scale but Swartz is prosecuted for downloading files that were there for no other reason but to be downloaded? Both involve interference with computers that do not belong to them.

    link to this | view in thread ]

  27. identicon
    Anonymous Coward, 21 Mar 2013 @ 2:13pm

    Oh don't worry we will never go for the small timers. Oh yeah except when you do something we don't like. If you speak up against us, then we accumulate all the small things you have ever done in your life to make you either shut up, discredit you or go to jail for 30 years.
    I wouldn't be surprised to see "embarrassing" information be leaked to the press in the future against anyone who challenges the wrong powerful person.

    link to this | view in thread ]

  28. icon
    Wally (profile), 21 Mar 2013 @ 2:34pm

    Sad to say it, but Obama isn't a part of the Judicial Branch...He's executive branch.....

    Mike Mansick:
    The US Supreme Court has to order the DOJ to stand down.

    link to this | view in thread ]

  29. icon
    nasch (profile), 21 Mar 2013 @ 4:09pm

    Re:

    Sad to say it, but Obama isn't a part of the Judicial Branch...He's executive branch.....

    Mike Mansick:
    The US Supreme Court has to order the DOJ to stand down.


    The DOJ is also part of the executive branch.

    link to this | view in thread ]

  30. identicon
    Anonymous, 21 Mar 2013 @ 5:01pm

    Right now, Obama is too busy kissing up to his Israeli masters.

    link to this | view in thread ]

  31. identicon
    Anonymous, 21 Mar 2013 @ 5:06pm

    Re:

    Agreed.

    link to this | view in thread ]

  32. icon
    JMT (profile), 21 Mar 2013 @ 6:02pm

    Re: Re: Already done! DOJ went ONLY after a guy who violated physical security,

    He has no idea what he's talking about. He's just parroting the DoJ claims that describes a common troubleshooting action as "hacking".

    link to this | view in thread ]

  33. icon
    special-interesting (profile), 21 Mar 2013 @ 7:21pm

    Re: Re:

    Was busy hat night and mixed matched posts. -embarrassed-

    I try to compose each post on a word processor before entry. Helps most of the time. Especially when detail, facts and links are needed.

    Except for the reactionary part most of the text should have been in the “Report Suggests Obama May Take Drones Away From The CIA” post.

    Getting to the point.

    Securom. Is it a rootkit? (I don't know) May not be but any monitoring or DRM program should be mentioned on the outside of the game box. Its more than basic courtesy. Another reason I wont trust EA products on any computer in house. I agree that an announcement is necessary.

    The Aaron Swartz issue was tragic and hope heads will roll (so to speak). This is what we get for allowing copyright lawyers into official positions.

    link to this | view in thread ]

  34. icon
    Anonymous Monkey (profile), 21 Mar 2013 @ 7:50pm

    Re: Already done! DOJ went ONLY after a guy who violated physical security,

    and falsified a sub-net address

    WHAT are you talking about?!? His MAC address ?
    That's a machine address that should be unique to a network/sub-net. Changing MACs helps in troubleshooting as NO 2(or more) computers can have the same MAC(just like an IP address). I've had to do it on occasion at home because of computer disconnects, network freezes, and the like.

    link to this | view in thread ]

  35. icon
    Mike Masnick (profile), 22 Mar 2013 @ 1:13am

    Re:

    Sad to say it, but Obama isn't a part of the Judicial Branch...He's executive branch.....

    Mike Mansick:
    The US Supreme Court has to order the DOJ to stand down.


    Um, DOJ is a part of the executive branch and reports to the President.

    link to this | view in thread ]

  36. identicon
    da, 25 Mar 2013 @ 10:18am

    'limited interpretation'

    "the Justice Department should announce a change in its criminal-enforcement policy. It should no longer consider terms-of-service violations to be criminal. It can join more than a dozen federal judges and scholars, like Kerr, who adopt a reasonable and more limited interpretation."

    you are correct that your suggestion would be a good approach. however, you have ignored the ideology that inspires the current regime. the Obama administration will only take a narrow interpretation on a law if it is a law that limits government power, never on one that empowers government. it is against their nature to limit their power, as they believe that all ppower should reside in a central government. they do not seem to care that our Nation was founded on the idea that individuals are sovereign, and delegate powers to their various levels of government. they also do not seem to care that our Constitution was written to protect that idea in practice. the People need to take back our power and our rights to stop these abuses!!!

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.