At EFF, we have spent years fighting the Computer Fraud and Abuse Act (CFAA). The law was aimed at computer crime, but it is both vague and draconian—putting people at risk for prison….
At EFF, we have spent years fighting the Computer Fraud and Abuse Act (CFAA). The law was aimed at computer crime, but it is both vague and draconian—putting people at risk for prison sentences for ordinary Internet behavior. Now, we are asking the Supreme Court to step in and stop dangerous overbroad interpretations of the CFAA.
The CFAA was passed more than 30 years ago, before the invention of the World Wide Web. Consequently, the law is hard to make sense of in our increasingly digital world. Some courts have rightly interpreted the law narrowly, focusing on hacking and other illegal computer intrusions. But other courts have bought into tactics used by creative prosecutors, who argue that when the statute outlaws “exceeding authorized access” to a computer, it also covers violating the “terms of service” of websites and other apps.
Let’s be clear: violating a website’s “terms of service” is very easy to do. You’ve probably done it repeatedly. It can include things like logging into your spouse’s bank account, checking your personal email on your work computer, or sharing a social media password—all behavior that companies may not like, but should not result in criminal penalties. If violating terms of use is a crime, then private companies across the country get to decide who goes to prison for what, instead of lawmakers. That’s a dangerous result that puts us all at risk.
Now, a former Georgia police officer who was wrongly convicted under the CFAA is asking the Supreme Court to take his case. In Van Buren v. United States, Van Buren was accused of taking money in exchange for looking up a license plate in a law enforcement database. This was a database he was otherwise entitled to access, meaning the CFAA is the wrong law to use when prosecuting his alleged behavior. In our amicus brief filed today with the Center for Democracy and Technology and New America’s Open Technology Institute, EFF argues that Congress intended to outlaw computer break-ins that disrupted or destroyed computer functionality, not anything that the service provider simply didn’t want to have happen.
It’s time we got some clarity about the CFAA. We hope the Supreme Court takes Van Buren and agrees on a narrow interpretation of this messy and confusing law.