TO MANY WHO conduct work or research related to digital security, the legislation meant to protect against computer crimes has morphed into something harmful. The 1986 law, the U.S. Computer Fraud and Abuse Act, has been repeatedly described as vague and ineffectual — allowing overzealous prosecutors to saddle hacktivists and low-level criminals with excessive sentences.
Now, thanks to a legal challenge to the CFAA, the Department of Justice is for the first time releasing its 2014 guidelines on how prosecutors should charge computer crimes — when someone exceeds “authorized” access on a computer. (First Look Media, the publisher of The Intercept, is a plaintiff in the case.)
The Department of Justice acknowledges that “laws addressing the misuse of computers have not kept pace uniformly with developments in technology and criminal schemes” though it maintains that the law remains “important” in prosecuting cybercrimes.
Some of the prosecutions under the CFAA have proved controversial. Aaron Swartz, a well-known internet activist who downloaded academic journals en masse, faced years of grueling legal trials under the CFAA before he committed suicide. And Andrew Auernheimer was found guilty of conspiracy to violate the CFAA by uncovering AT&T customer data exposed on the company website.