Use a Computer, Go to Jail

How a federal law can be used to prosecute almost anyone who visits a website

If you are reading this column online at work, you may be committing a federal crime. Or so says the Justice Department, which reads the Computer Fraud and Abuse Act (CFAA) broadly enough to encompass personal use of company computers as well as violations of website rules that people routinely ignore.

In April the U.S. Court of Appeals for the 9th Circuit rightly rejected this view of the CFAA, which Chief Judge Alex Kozinski noted could conceivably make a criminal out of “everyone who uses a computer.” Unfortunately, other appeals courts have been more receptive to the Justice Department’s interpretation, which gives U.S. attorneys the power to prosecute just about anyone who offends or annoys them.

Congress passed the original version of the CFAA in 1984, when the Internet was in its infancy and the World Wide Web did not exist, to protect government computer systems and financial databases from hackers. As a result of amendments and technological developments, George Washington University law professor Orin Kerr explains in a 2010 Minnesota Law Review article, “the law that began as narrow and specific has become breathtakingly broad.” 

The 9th Circuit case involved David Nosal, who left the executive search firm Korn/Ferry International in 2004 and allegedly enlisted two former colleagues to feed him proprietary client information with an eye toward starting a competing business. Nosal was charged with conspiracy, mail fraud, trade secret theft, and violating the CFAA, which criminalizes unauthorized computer access in various circumstances.

Although Nosal’s confederates were authorized to use Korn/Ferry’s database, prosecutors argued that improperly sharing information with him rendered their access unauthorized. As Judge Kozinski noted, “the government’s construction of the statute would expand its scope far beyond computer hacking to criminalize any unauthorized use of information obtained from a computer.”

The felony Nosal was accused of committing involves unauthorized access “with intent to defraud.” But the CFAA also makes someone guilty of a misdemeanor, punishable by up to a year in jail, if he “intentionally accesses a computer without authorization or exceeds authorized access” and “thereby obtains…information.”

Based on the government’s definition of unauthorized access, Kozinski observed, that provision would apply to “large groups of people who would have little reason to suspect they are committing a federal crime,” such as employees who violate company policy by using workplace computers to play games, read blogs, watch YouTube videos, or check sports scores. Even people using their own computers on their own time could be prosecuted for violating “terms of service” they have never read by fibbing about their age or weight on dating sites, posting photos of other people without permission, or sharing content Facebook deems offensive.

Kerr notes that terms of service “are written extremely broadly to give providers a right to cancel accounts and not face any liability.” Hence “violating the TOS is the norm,” and criminalizing it “would give the government the ability to arrest anyone who regularly uses the Internet.”

That danger is not merely theoretical. Remember Lori Drew, the Missouri woman who was widely vilified in 2007 after she played a MySpace prank on a 13-year-old girl who later committed suicide? Although Missouri prosecutors concluded that Drew had broken no laws, Thomas O’Brien, then the U.S. attorney in Los Angeles, took it upon himself to prosecute her for violating the CFAA by disregarding MySpace’s TOS.

In 2009 U.S. District Judge George Wu threw out Drew’s conviction, ruling that O’Brien’s reading of the CFAA would make the law unconstitutionally vague, giving grandstanding prosecutors like him unbridled discretion while leaving their potential targets—pretty much everyone—uncertain about how to comply with the law. As Kozinski put it, “we shouldn’t have to live at the mercy of our local prosecutor.” 

Senior Editor Jacob Sullum is a nationally syndicated columnist. © Copyright 2012 by Creators Syndicate Inc.

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  • sarcasmic||

    frist!

  • Raistlin||

    Bill Frist?

  • rafuzo||

    "Unfortunately, other appeals courts have been more receptive to the Justice Department’s interpretation, which gives U.S. attorneys the power to prosecute just about anyone who offends or annoys them."

    Isn't that the purpose of just about every law written in the past 80 years?

  • Jesse James Dean||

    good point. And the answer is pretty much yes

  • ¿Ex Nihilo?||

    Three felonies a day.

    As Bastiat said

    “When law and morality contradict each other, the citizen has the cruel alternative of either losing his moral sense or losing his respect for the law.”

    It seems legislatures and prosecutors are doing everything within their power to make people lose respect for the law.

  • sarcasmic||

    It seems legislatures and prosecutors are doing everything within their power to make people lose respect for the law their moral sense.

    ftfy

  • Jesse James Dean||

    I was thinking this myself. Nihilo, this is by design, as we are not supposed to have our own sense of morals. We are supposed to obey without question.

  • ||

    "When you control the [internet], you control... inforMAtion."

    /21st century Newman

  • VG Zaytsev||

    "There's no way to rule innocent men. The only power any government has is to crack down on criminals. Well, when there aren't enough criminals, one makes them. One declares so many things to be a crime that it becomes impossible for men to live without breaking laws. Who wants a nation of law-abiding citizens? What's there in that for anyone? But just pass the kinds of laws that can neither be observed nor enforced nor objectively interpreted - and you create a nation of lawbreakers - and then you cash in on guilt. Now that's the system, ... that's the game, and once you understand it, you'll be much easier to deal with."
  • Jesse James Dean||

    George Carlin?

  • Brandon Magoon||

    Ayn Rand.

  • CockGobbla||

    OT:

    But where were the jury members in Ghostbusters II?

  • CockGobbla||

    Also, why were they restrained from bearing their proton packs? Weren't they duly deputized representatives of the government during the battle with Gozer?

  • Tulpa the White||

    So, two examples of the broad interpretation being rejected by the courts, and zero of it being accepted (other than an ominous "other courts have been more receptive" line, which doesn't even mean they accepted it).

  • anon||

    I got a different read on the article than you; I read the article as an example of executive branch creep due to legislators being either too ignorant or too apathetic to write a law that could be enforced justly.

  • niobiumstudio||

    I don't think it was just trying to scare people over something nobody will ever be prosecuted over for complete BS (like MySpace TOS) - I think the bigger picture is that outdated, overload broad laws just get more broad as time goes by. I think it is just a warning to keep an eye out for aging laws that start to allow the entire country to be prosecuted due to technological/social changes. Also a warning to hold legislators to a higher standard to pass better written laws that stand the test of time. Imagine if the constitution was written like this?

  • Rich||

    As Judge Kozinski noted, "the government's construction of the statute would expand its scope far beyond computer hacking to criminalize any unauthorized use of information obtained from a computer."

    Serious question: In this sort of law, how exactly is "information" defined?

  • anon||

    Any knowledge imparted upon the defendant; it's not limited to actual data or paperwork.

  • Ed Reid||

    The Terms of Use of many blog sites, including the Washington Times, The Atlantic, Newsweek, Social Media Today, etc. require users to agree to "indemnify, hold harmless and defend" the blog owners. Arguably, users who do not have the financial resources to do so are committing fraud by using the sites.

  • niobiumstudio||

    I know you are being sarcastic, but you are allowed to act as your own council in court!

  • Ed Reid||

    That would cover the "defend", but not the "indemnify" and "hold harmless".

    I am not being sarcastic. I have reviewed the TOU of every site where I have commented; and, I have ceased commenting on those which have the "indemnify, hold harmless and defend" clause.

  • LarryA||

    I know you are being sarcastic, but you are allowed to act as your own council in court!

    That would be defending yourself. The TOS requires you to defend the blog owners, and you can't act as their attorney in court.

  • ||

    I have a business that I run out of my home. I have one computer. I 'cheat' my employer (myself) on a regular basis by using his/my computer for things like reading H+R between business activities. Do I fire myself first, or report myself to the authoritahs first...? Never mind, I just figured it out... I'm the boss, I can choose a course of action depending on the mood I'm in and whether that lazy, computer surfing, parasitic a'hole employee (me) is pissing me off enough. You know, kinda like the standard libertarian top hat and monocle management style.

  • R C Dean||

    the standard libertarian top hat and monocle management style

    So, its the cat o' nine tails for you, eh?

  • Mr. FIFY||

    Yet another example of Future America.

  • joy||

    Nosal was charged with conspiracy, mail fraud, trade secret theft, and violating the CFAA, http://www.zonnebrilinnl.com/z......htmlwhich criminalizes unauthorized computer access in various circumstances.

  • Rich M||

    This article is almost word for word the same as the April 18th article on the same topic. ( http://reason.com/archives/201.....o-slackers )

    Couldn't come up with anything original?

  • pjibs||

    " Remember Lori Drew, the Missouri woman who was widely vilified in 2007 after she played a MySpace prank on a 13-year-old girl who later committed suicide?"
    A "prank"? Wow; yours is a tough-shit world. Drew should not have been prosecuted. But that was no 'prank' my friend. That was hard-core aggression against a weak opponent.

GET REASON MAGAZINE

Get Reason's print or digital edition before it’s posted online

  • Video Game Nation: How gaming is making America freer – and more fun.
  • Matt Welch: How the left turned against free speech.
  • Nothing Left to Cut? Congress can’t live within their means.
  • And much more.

SUBSCRIBE

advertisement