Orin Kerr On An Expanded Computer Fraud And Abuse Act
I know I promised to write about bugs next but I wanted to flag Orin Kerr’s important op ed in tomorrow’s Wall Street Journal. In United States v. Lori Drew, a federal prosecutor in Los Angeles brought charges against a woman for bullying her daughter’s teenage classmate. The case was premised on an expansive reading of the Computer Fraud And Abuse Act. Drew allegedly violated the act by lying about her identity on the social network MySpace and contributing to a young woman’s decision to commit suicide. A jury convicted Drew of a misdemeanor but, ultimately, the judge directed an acquittal.
In his op ed, Orin Kerr explains how Congress may be poised to expand the powers of prosecutors once again in the name of cyber-security. According to Kerr, changes to the CFAA might make it possible to charge the Lori Drew’s of the world with a felony. Here is an excerpt:
Breaching an agreement or ignoring your boss might be bad. But should it be a federal crime just because it involves a computer? If interpreted this way, the law gives computer owners the power to criminalize any computer use they don’t like. Imagine the Democratic Party setting up a public website and announcing that no Republicans can visit. Every Republican who checked out the site could be a criminal for exceeding authorized access.
As the Drew case shows, charging someone is not the same as convicting them. But you can certainly see the danger of an expanded CFAA. I hope Kerr’s comments give some representatives pause.