The First Amendment and the Computer Fraud and Abuse Act collided last month when the UK arrested WikiLeaks founder Julian Assange on, among other things, a US extradition request for computer crime. He has since been sentenced to 50 weeks in a British prison. For roughly seven years before his arrest, he’d been living in the Ecuadorian Embassy in London, but on April 11, the Ecuadorian government withdrew his asylum. Now the UK courts will evaluate the US’s request to send Assange to Virginia to stand trial in federal court for a single felony charge of conspiracy to commit unauthorized access to a government computer, a violation of the Computer Fraud and Abuse Act (CFAA).

WIRED OPINION ABOUT Tor Ekeland is a Brooklyn lawyer, and represents people accused of computer crimes in federal and state courts nationally. He can be found on Twitter at @TorEkelandPLLC.

After Assange’s arrest, many reached out to ask me about the CFAA. For years, I've represented hackers in federal criminal cases nationally involving the CFAA, including Lauri Love, whom the US unsuccessfully tried to extradite from the UK. The US indicted Love in three separate federal courts in New York, New Jersey, and Virginia, for hacking of a number of government sites including NASA, the FBI, the United States Sentencing Commission, and the Bureau of Prisons. This was part of #OpLastResort, in protest of the CFAA prosecution and death of computer science pioneer Aaron Swartz, whose suicide in 2013 was widely viewed as resulting from a draconian CFAA prosecution. Whether intended or not, the CFAA makes it easy for a prosecutor to bring felony computer crime charges even when there’s little or no harm.

The CFAA is the federal government's primary anti-hacking statute. Created in 1984, it prohibits unauthorized access to a computer, system, or network and unauthorized deletion, alteration, or blocking of access to, data or information. It is both a civil and criminal statute, meaning that people and businesses can use it to sue each other for private wrongs, and the government can use it to put you in jail for public wrongs. Its dual nature gives rise to a problematic feature: most of the law interpreting it comes from civil cases where the stakes aren't as high as in a criminal case. Thus, the quality of reasoning in civil cases, despite frequent lip service from courts to the contrary, isn't as robust as in a hard-fought criminal case. Because at the end of the day, if you lose a civil case you just lose money. If you lose a criminal case, you lose your liberty. But the CFAA doesn’t clearly tell you all the ways it can be used to take away your liberty.

The core problem with the Computer Fraud and Abuse Act is that it doesn't clearly define one of the central things it prohibits: unauthorized access to a computer.

The core problem with the Computer Fraud and Abuse Act is that it doesn't clearly define one of the central things it prohibits: unauthorized access to a computer. The courts across the country aren't any help on this front, issuing conflicting decisions both with other jurisdictions and often within their own. Under the CFAA, what is a felony in one jurisdiction is legal in another. This lack of definitional clarity allows prosecutors to charge felonies even when the harms are minimal, questionable, or just political views that DOJ doesn't like. This is a serious problem, given that much political speech and protest these days is done with computers. And DOJ has previously used the CFAA in a politically charged prosecution.

In 2011, DOJ charged the politically outspoken Aaron Swartz under the CFAA for going into an open server closet at MIT, a mecca of modern American hacking, and downloading academic articles—many of which were publicly funded—for public distribution. Even though the extent of any harm was questionable—this was a mere copying of articles—DOJ charged him with felony unauthorized access to a computer, unauthorized damage to a protected computer, felony aiding and abetting of both, and wire fraud. He faced a maximum sentence of decades and large fines. The punishment sought was strikingly disproportionate to the alleged harm.

On January 11, 2013, Aaron Swartz killed himself before there was any trial. Swartz's death was a loss to our society, given the innovations he contributed to it, like codeveloping RSS and cofounding Reddit. Many, myself included, view his prosecution as a political one directed against Swartz’s belief that information should be free.

Likewise, the Assange prosecution looks more like an attack on core political speech protected by the First Amendment than a proper exercise of prosecutorial discretion. Assange is facing a single count indictment for conspiracy to violate the CFAA. The indictment stems from an incident in 2010 when Assange allegedly told then-Army private Chelsea Manning, who was leaking classified materials to Assange to be published on WikiLeaks, that he would help her crack a password to gain access to military computers. Prosecuting Assange for a computer crime sidesteps the elephant in the room: this is the prosecution of a publisher of information of interest and importance to the public about our government. The First Amendment protects the act of publishing that information. Therefore, the act being prosecuted is inextricably linked to the act of obtaining this information because the charged crime is conspiracy to access the system with the information of public import. Prison time for Assange might deter others from publishing information that exposes the inner workings of government.