Right now, a bill is floating around in the House of Representatives that would make it explicitly illegal – a felony – to violate certain terms of service. Sound crazy? That’s because it is – but it’s also real. Which is why we need to talk about it. Below, I’ll explain what the situation is, and what we should all try to do to help.
Computer Fraud and Abuse Act, the short version
There is a law that’s been on the books since 1984 called the Computer Fraud and Abuse Act, or CFAA. It’s a big law, and has recently come up due to a number of “hackers” facing prosecution under the CFAA. One of these hackers was Aaron Swartz, who helped create RSS, Creative Commons, and Reddit, and killed himself in January amidst ongoing prosecution under the CFAA.
Swartz got in trouble for downloading a bunch (read: millions) of scholarly articles from a service called JSTOR. He did so by accessing it through the network of the Massachusetts Institute of Technology. The problem here is that Swartz potentially faced up to 30 years in prison. Many people think that is far too harsh a sentence for what was, by all accounts, a victimless crime.
There have been a number of other similar cases recently – one against “AT&T iPad hacker” Andrew “Weev” Auernheimer, and another against Reuters’ deputy social media editor Matthew Keys – but the complaints are all the same: Penalties under the CFAA are too strong.
Another problem with the CFAA – which was passed before the Internet existed – is that it prohibits “unauthorized access” of a “protected computer.” But nowhere does the law define what either of those two terms mean – thus, the courts have had to sort this out. That’s led to more confusion, and more problems.
For example, prosecutors have charged people in the past under the CFAA for violating the terms of service of a website, based on the argument that doing so constituted “unauthorized access.”
In other words, the federal government has the power to send you to jail if you lie about your name or age on Facebook, which are against the rules. You could theoretically be put behind bars for sharing your Pandora password. Will you? Probably not – but that doesn’t mean the government should have that power.
This is a problem, clearly. But it’s not getting any better; in fact, it could get worse.
OK, so the problems people have with the CFAA are that it’s penalties are too harsh, and what exactly “unauthorized access” and “protected computer” mean is anyone’s guess. Since Swartz’s death, people have been pushing for Congress to fix the CFAA. A recently surfaced “draft bill” (meaning it’s still in its earliest stages) that would amend the CFAA shows that the House Judiciary Committee wants to do exactly the opposite of what the people have called for. Worse, it could make it even easier to go after those of us who violate terms of service.
See the draft bill text here (PDF).
According to the Center for Democracy & Technology – a balanced, trusted rights advocacy group – updating the CFAA with the new language “would push the law in the exact wrong direction, dramatically heightening penalties while giving the government and civil litigants more latitude to prosecute or sue average Internet users who happen to violate a Web site’s terms of service or an employer’s computer use policy.”
As the Electronic Frontier Foundation aptly points out, many news websites (and other services) prohibit users under the age of 18, and more often 13, from accessing the website, according to the terms of service. (This rule is in the terms to help ensure these companies don’t violate the Children’s Online Privacy Protection Act (COPPA), which prohibits the unauthorized collection of personal data of kids 12 and under.) If kids of the wrong age do access these sites, they would be “criminals” according to the U.S. Department of Justice.
Not on my watch
While it is vitally important to protect our financial data and information related to national security out of the hands of hackers, there appears to be no good reason to make terms of service violations a criminal offense. (Please, speak up if you have one!) If you agree, there are a couple of things you can do.
First, sign up for the EFF’s call to action against the CFAA. Next, do the same for Demand Progress’ campaign. And finally, call your representatives in Congress, and tell them exactly how you feel about the CFAA and the changes outlined above.
Terms of service and privacy policies are important to read and understand – that’s why T&C exists. But clicking “I Agree” without reading first should never send you to jail.