Congress Debating If Putting A Fake Name On Facebook Should Be A Felony

from the how-to-turn-the-whole-world-into-felons dept

The problem is that a lot of routine computer use can exceed "authorized access." Courts are still struggling to interpret this language. But the Justice Department believes that it applies incredibly broadly to include "terms of use" violations and breaches of workplace computer-use policies.



Breaching an agreement or ignoring your boss might be bad. But should it be a federal crime just because it involves a computer? If interpreted this way, the law gives computer owners the power to criminalize any computer use they don't like.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

On Wednesday, George Washington Law professor and former federal prosecutor Orin Kerr authored an op-ed in The Wall Street Journal, posing the question "Should faking a name on Facebook be a felony?" He was, of course, talking about the infamous Computer Fraud and Abuse Act (CFAA), which Congress is preparing to update. The CFAA, as has been noted here many times, is a federal law passed in the '80s and initially designed to combat malicious computer hacking, but which has become bloated, stretched and over-applied in the years since.At the root of many of the arguably overreaching applications of the CFAA is the prohibition on conduct which "exceeds authorized access" to a computer system. According to Kerr:And Professor Kerr should know, he was the attorney who defended Lori Drew when she was charged with a felony for making a fake MySpace profile. The Justice Department's position that a violation of a terms of service constitutes a federal crime basically makes the Federal government the enforcer of private contracts. Got an employee spending too much time on Facebook? Turn them in to the Feds. Someone posting comments you just don't like on your blog? Call the DOJ. Or threaten to. The chilling effect alone should be enough to keep your users in line.Would you believe that some politicians are even thinking of making the billProfessor Kerr's primary concern expressed in the op-ed was that the CFAA was going to be amended to makeof the CFAA a felony. Hopefully, this won't pan out. The original Administration proposal (pdf) did increase the baseline punishment for any violation of the CFAA (including exceeding authorized access) from a misdemeanor level offense (less than one year) to a felony. But, thankfully, the Judiciary Committee didn't take the Administration's suggestion. Lets hope it stays that way as this bill makes its epic journey through the Washington legislative sausage maker.There is yet a glimmer of rational-thought hope. Senators Grassley and Franken have introduced an amendment (pdf) which would modify the definition of "exceeds authorized access" toviolations of a TOS, if that's the only basis for the charge of violating the CFAA, effectively improving the CFAA instead of making it worse. Fingers crossed that the amendment makes it in.

Filed Under: cfaa, felony, hacking, orin kerr, terms of service