When Secret Service agents searched the home of Baltimore computer consultant Leonard Rose on May 8, he told them he did not have the purloined electronic document they were looking for. He cooperated fully, volunteering information about his work.
In trying to convince the agents of his innocence, however, he revealed that he was in possession of two programs that the Secret Service considers tools of computer crime. He thus stepped into the wide net of the Computer Fraud and Abuse Act.
The 1986 statute is part of an anti-computer-crime campaign that is inhibiting communication through computer networks and hindering the development of a vibrant electronic press. (See "Closing the Net," January.) The law is expected to be tested by Rose's case, which is scheduled for trial in federal court in April.
Aimed at fighting electronic trespassing, tampering, and theft, the Computer Fraud and Abuse Act prohibits communication of "information through which a computer may be accessed without authorization." The Electronic Frontier Foundation, which has filed a friend-of-the-court brief on Rose's behalf, argues that the law is unconstitutionally vague and overbroad, violating First Amendment rights of free speech and association.
If convicted under the statute, Rose could face up to two years in jail and tens of thousands of dollars in fines. The government claims he ran afoul of the act by using two programs, login.c and su.c, that are related to the AT&T-designed operating system, Unix. EFF attorney Mike Godwin says login.c has legitimate computer-security functions and that su.c simply could not have been used in the way the government alleges.
Furthermore, Godwin notes that the Computer Fraud and Abuse Act could be applied to a wide range of beneficial activities that violate no one's rights. For example, the law could be read to prohibit speeches, articles, or discussions about computer security, even among professionals whose business it is to prevent unauthorized access. Godwin suggests that the statute might be interpreted to bar journalists from reporting on weaknesses in the security of government computer systems.
"This statute hangs over citizens 'like a sword of Damocles,' threatening them with prosecution for any speech or writing relating to computer security," the EFF brief says. As a result, the law is likely to have a "direct and substantial chilling effect on research, education, and discussions concerning computer technology."