The Computer Fraud and Abuse Act (CFAA) is a reactionary law, passed in the 80’s in response to public and government fear about the movie WarGames, a Matthew Broderick flick where a hacker starts playing games with a sentient computer that runs Norad and almost starts WWIII. The premise of the movie, especially at the time, was completely ludicrous. However, that didn’t stop Congress from acting to stop scary hackers.
From such auspicious origins, this law has gone on to be used in myriad ways, including in the prosecution of Aaron Swartz, for downloading scientific journal articles (and which ultimately led to his suicide), and the prosecution of Andrew Aurnheimer (weev), for the crime of issuing GET requests to AT&T’s unprotected iPhone user api; in Aurnheimer’s case, the Feds had to do some legal jujitsu in order to turn Aurnheimer’s activities into a felony (the CFAA’s minimum charge is a misdemeanor). This legal jujitsu resulted in Aurnheimer’s conviction being overturned on appeal.
The Obama Administration intends to rectify the misdemeanor problem by making the minimum charge for a CFAA violation a felony, while at the same time reducing the bar for charging a crime under the CFAA. Never mind that both Swartz and Aurnheimer’s “crimes” involved accessing public information with a computer, albeit at a rate of speed that the government was uncomfortable with and against the wishes of those controlling the data.
The Washington Post has done a relatively good writeup on the enhancements to the CFAA here, so I don’t feel it necessary to elaborate on the entire thing. However, there is one part of the new proposed law that I haven’t seen discussed many places, and that relates to civil forfeiture.
For those not familiar, civil forfeiture is when the government sues property that was used in connection with a crime. For example, if you are driving a nice new Chevy Tahoe when you are caught selling drugs, the police can seize your car and take it as their own. The idea behind civil forfeiture is to deny criminals and their associates the spoils of their criminal enterprises.
However, these laws have been widely abused. For everything you need to know about the subject, you should read this terrifying piece in the New Yorker about what happens when authorities are left to enact civil forfeiture laws as they see fit. And this is only one very specific example of what has become a national problem. In fact, the Obama DOJ has recently prohibited local law enforcement from pursuing civil forfeiture claims in cases where the accused is not charged with a crime, which tells you everything you need to know about how this law was being applied.
However, that has not stopped the Obama Administration from putting these horrible laws into the revised CFAA. It isn’t enough that this law has led to the prosecution of people committing “crimes” involving little more than accessing a ton of publicly accessible data. Now, the Obama Administration wants to take away the property of the people caught committing said “crimes”. So parents can look forward to having their house taken away when their 18 year old son pisses off the wrong people using his computer.
Below is the proposed civil forfeiture language. The full proposed updates to the CFAA can be found here.
*note, I added links below to sections 2511 and 2512 of existing law (not in original), which defines the completely ambiguous scope of the activities for which the feds will now be able to take your property. i.e. “any person who intentionally manufactures, assembles, possesses, or sells any electronic, mechanical, or other device, knowing or having reason to know that the design of such device renders it primarily useful for the purpose of the surreptitious interception of wire, oral, or electronic communications, and that such device or any component thereof has been or will be sent through the mail or transported in interstate or foreign commerce“.