What We’re Up Against: Software Lobby SIIA Spends Big to Stop CFAA Reform

To date, thousands of people have sent messages to Congress demanding reform of the Computer Fraud & Abuse Act through EFF alone, not counting the ones sent through our friends at Demand Progress and elsewhere. But the citizens of the Internet will need to shout even louder if we’re going to drown out the corporate interests that have already dedicated hundreds of thousands of dollars to influence lawmakers to change the CFAA for the worst.

Take, for example, the Software & Information Industry Association (SIIA), which describes itself as “the principal trade association for the software and digital content industry.” The group’s board of directors is made up of the captains of the computing industry, including executives from Oracle, Adobe, IBM, Red Hat and Intuit, each of which pay up to $125,000 a year in dues to the SIIA.  In 2012 alone, the SIIA dropped a whopping $880,000 to lobby Congress and federal agencies on digital issues.

In August 2012, before Aaron Swartz’s death, SIAA provided the federal government’s Intellectual Property Enforcement Coordinator with 19 pages of formal comments on the national policy on cyber affairs. One section is titled, “Preserving and Improving the Computer Fraud and Abuse Act.” Regarding the bi-partisan efforts led by Senators Chuck Grassley, Al Franken and Mike Lee to reform the  “exceeding authorized access” part of the law so it doesn’t criminalize terms of service violations, SIIA wrote:

We, therefore, urge that the IPEC in the Joint Strategic Plan state its opposition to proposals that would limit the definition of “exceeds authorized access” in the CFAA in any way that would prevent its application to violation of contractual obligations or agreements.

Now we expect that some of the companies on SIIA’s membership roster actually are sympathetic to fixing the CFAA, especially in light of Aaron’s death.  And of course, many rank-and-file employees are already independently voicing their opposition to the law. Yet, these companies’ dues funded at least three lobbyists who were working on the hill last year to oppose even modest CFAA reform.

As we’ve written before, the CFAA has been expanded and morphed since it originally passed in 1984 so that it now threatens draconian and out-of-proportion punishments for acts that cause little or no economic harm. It has also been used to threaten innovators and security researchers. Worse, since the Justice Department's expansive interpretation would criminalize website terms of service violations, the CFAA threatens to turn virtually everyone online into a criminal. The SIAA is directly opposing this last portion, the one that has broad support by actual users of websites.

After all, many sites alter their terms of service with little or no notification and these terms are written incredibly broadly to allow websites to refuse service to users for practically any reason. No user could reasonably be expected to understand or even follow the myriad of terms they implicitly agree to everyday. For example, EFF recently outlined numerous news agencies with terms of service that forbid minors from visiting their sites; even Seventeen magazine’s website until recently barred users under 18.

The Department of Justice’s computer-crimes prosecution manual even encourages U.S. Attorneys to pursue this legal theory, describing it as “relatively easy to prove.” 

Thus, at least ba