On Tuesday, the Obama administration announced a new “cybersecurity legislative proposal” supposedly aimed at “[giving] the private sector and government the tools they need to combat cyber threats at home and abroad.”

In a half-hearted attempt to “modernize” the Computer Fraud and Abuse Act (CFAA), an act that has only been updated a handful of times since its inception in 1984, the following changes have been proposed:

Harsher sentences:

Allowing the government to not only charge people under the CFAA, but under federal racketeering (RICO) laws as well:

A provision that states that even if you did not commit a crime, if the government finds you tried and failed, or if they find you “conspired” to commit a crime, you will be punished as if you had actually committed the crime. This ties in neatly with the new RICO provisions – the DOJ can now claim that this “conspiracy” means that you are part of a “criminal enterprise,” thus enhancing the charges the government can file against you. (In the past, the DOJ has defined “conspiracy” as being in the same Internet Relay Chat room or posting on the same message boards where so-called “crimes” are being discussed.)

As Rob Graham explains, even if information is publicly available, you can now get in trouble for accessing it if the person who posted it decides they don’t want you to see it. We are already seeing this in cases like that of Andrew “weev” Aurenheimer, who was prosecuted for accessing information that AT&T did not properly secure.

And these are just some of the more egregious low-lights.

Under the guise of “cybersecurity,” we once again see how the government is willing to restrict our freedoms to give us the illusion of safety. Steps to do such things as “simplify and standardize” disclosures of security breaches mean nothing when, as in the case of Stratfor, the FBI can order a company to delay notifying customers of an intrusion so that they can continue their “investigation.”

The proposed changes will do nothing to stop the overzealous prosecution of political dissidents, and, in fact, will only punish them more by now allowing the government to prosecute them under federal RICO statutes as well as under the CFAA.

In a particularly disheartening move, the modernized CFAA still does not recognize distributed denial of service (DDoS) attacks as covered under the First Amendment right to free speech. As seen in the case of the PayPal 14 and Operation Payback, DDoS attacks are often used by activists as sort of a digital sit-in, an action that, were it undertaken in the real world, would result in no more than a small fine and misdemeanor charge for, at most, disorderly conduct. Instead, activists who currently engage in this form of protest can, if prosecuted for their actions, face years in jail, fines in the hundreds of thousands of dollars, and the burden of carrying a felony conviction on their criminal record for the rest of their life.

It is clear that even with these changes, the CFAA is still as outmoded, draconian, and over-reaching as ever. More intervention by the state will not fix the CFAA, or any other oppressive law that supports the systemic inequalities and injustices that plague our society. What is needed is not more “reformed” laws, but a complete restructuring of the system that oppresses us all. In short, the answer is not to attempt to “fix” the CFAA, but to abolish it all together.

Love and rage,

Grace North