EFF Files Brief In Support Of 'Cannibal Cop' To Keep The CFAA From Becoming Even MORE Abusive

from the strangest-of-bedfellows dept

Despite acquitting Valle on the conspiracy charge, the court upheld the CFAA conviction, believing that the restrictions placed on Valle concerning the database—which permitted him to access any part of the database as long as it was for a valid law enforcement purpose—was an access restriction, not a use restriction, simply because of the way the restriction was phrased. The distinction between "access" and "use" restrictions is critical because serious prison time is at stake. Congress clearly intended the CFAA to criminalize the act of breaking into computer systems a person is not allowed to be in otherwise, but violating a use restriction—a (usually written) policy that governs the purposes for which someone can use their access—is clearly not that.

Most critically, the court set a dangerous precedent. As we’ve repeatedly warned, this theory of CFAA liability gives employers and website owners the power to make behavior illegal through simply adopting use restrictions in their corporate policies or terms of use, which in turn criminalizes a broad range of innocuous everyday behaviors—like checking personal email or the score of a baseball game.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

The US legal system took a step towards criminalizing thought when a New York court convicted a former NYPD officer of conspiring to kidnap, rape, kill and eat 100 women . The evidence against Gilberto Valle included chat logs and internet searches.The details uncovered were nightmarish. But at the end of it all, it only amounted to Valle giving his very vivid imagination a long leash. On appeal, the court overturned the conspiracy charges , stating that Valle's "conspiracy" was little more than thoughtcrime, something the legal system isn't* in the business of punishing. (And yet, "conspiracy" remains a valid criminal charge -- one used extensively by the FBI to bag its handcrafted "terrorists." Go figure.)*About a million caveats apply.But the court left one charge on the table: a CFAA violation. During the course of Valle's fantasizing, he used police databases to look up information on one of his "victims." This, of course, is an egregious abuse of his position and access, but it is not -- as the EFF argues -- a CFAA violation The EFF has filed an amicus brief in Valle's case (now before the Second Circuit Court), arguing for this charge to be overturned as well. In it, the EFF points out that Valle's unauthorized access didn't involve him actuallyinto the NYPD's computers -- a key element of CFAA charges. Instead, hehad access. He just didn't haveto do what he did.So, while Valle's abuse of his access was certainly immoral, possibly illegal under a New York state law, and a clear violation of NYPD policy, it wasthe sort of circumvention Congress had in mind when it crafted the bill. There should definitely be consequences for this activity (including Valle being subject to civil rights lawsuits from the violated party[ies]), but there definitely shouldbe a finding that violating an internal use policy is a federal crime.As it stands now, the decision reached by the lower court poses a serious threat to nearly anyone with access to computers/networks provided by their employers.It's the worst cases -- ones with less-than-sympathetic defendants -- that result in the worst precedents. Valle's extended, detailed cannibalistic fantasies are hard to defend, even knowing that he never followed through with the lurid plans he dreamed up. Free speech is toughest to defend when it's composed of brutal and depraved fantasies that include any number of hideous criminal acts. But the lower court saw it for what it was: thoughts, not deeds.Now, there's one detail left, but it's hardly a minor one. The remaining charge -- if left standing -- seriously lowers the bar for criminal charges under the CFAA , a law that is already severely flawed . And so, the EFF joins the battle on behalf of a former NYPD officer who abused his position to further his violent fantasies in hopes of protecting far-more-centered members of the general public from abuse at the hands of a broken law.

Filed Under: cfaa, computer hacking, gilberto valle, misuse, nypd, unauthorized use

Companies: eff