Why the CFAA's Excessive Criminalization Needs Reform

It's past time for Congress to reform the Computer Fraud and Abuse Act (CFAA)—the law used in the aggressive prosecution of the late activist and Internet pioneer Aaron Swartz. While Aaron's case made national headlines, it was only of one of many instances where the CFAA has been used to threaten draconian penalties against defendants in situations where little or no economic harm had occurred.

Unfortunately, last week, the House Judiciary Committee floated changes to the CFAA that are the exact opposite of reforms proposed by EFF and a host of other organizations. The proposed changes increase penalties across the board, expand the scope of the statute, and criminalize new actions. These changes are completely unnecessary, as the the CFAA already duplicates many crimes written into other laws. The changes only make the law much worse.

Below are just some of the many instances where the CFAA is redundant. Some of these examples are directly drawn from the DOJ's own Computer Crimes Manual. Other examples include claims companies can pursue—like breach of contract, tortious interference, and other state laws—instead of pushing for Congress and the Justice Department to criminalize website terms of service and employee terms of use violations.

 

Violation of the CFAAWhat It IsCrimes the CFAA Duplicates1030(a)1Accessing a computer without authorization to obtain classified information

• 18 USC § 794: Prohibits gathering or delivering defense information to aid a foreign government
• 18 USC § 1362: Interfering with government communication systems
• 18 USC § 793: Gathering, transmitting or losing defense information

1030(a)2Accesses a computer without authorization and obtaining information

• Breach of contract
• Conversion
• 15 USC § 6821: Fraudulent accessing financial information
• 17 USC §§ 1201-1202, 1204: Circumventing technological measures aimed at protecting copyrighted works for financial gain
• 18 USC § 2511: Intercepting electronic communications
• 18 USC § 1832: Theft of trade secrets
• 18 USC § 2701: Unlawful access to stored communications

1030(a)3Accesses a computer without authorization used by the US government

• 18 USC § 1343: Fraud by wire, radio, or television

1030(a)4Accesses a computer with the intent to defraud or to obtain information more than $5,000.

• Breach of contract
• Conversion
• Intentional interference with prospective economic advantage
• 17 USC §§ 1201-1202, 1204: Circumventing technological measures aimed at protecting copyrighted works for financial gain
• 18 USC § 1343: Fraud by wire, radio, or television
• 18 USC § 1341: Federal mail fraud
• 18 USC § 1832: Theft of trade secrets

1030(a)5(A) Intentionall