The internet became a thing on August 6, 1991.
Every day since users have feared their private information, credit cards and social security number would be stolen. Since the World Wide Web became publicly available that day in August, many groups and individuals have been hell-bent on getting your information and just like computers have evolved over the years, so has hacking.
Laws, however, have not kept pace with the criminal innovations for computer hacking.
Today, the Supreme Court is hearing one of the final steps in the biggest hacking case to come before the nation’s highest court involving the Computer Fraud and Abuse Act (CFAA), written in the 1980s. The case centers on when an individual “exceeds authorized access” to a computer, as defined by that law.
The CFAA is a piece of legislation instituted in 1986 that internet freedom advocates have described as “the worst law in technology.” The CFAA makes it illegal for computer users to access another computer or exceed authorized access without permission.
The issue with the CFAA is that it’s ambiguous and open to interpretation. And many argue that because it was written before the internet became what it is today, it is a hollow law.
Today’s case before the court involves Nathan Van Buren, a former Georgia police officer, who was convicted of violating the CFAA by searching police records on behalf of an acquaintance. A Georgia court convicted Van Buren in 2017 after a man paid him $6,000 to search through a law enforcement database on his behalf.
The other man, Andrew Albo, was working undercover for the FBI and told Van Buren he was trying to learn if a local stripper was working as an undercover cop.
Van Buren has argued that, as a police officer, he had permission to search the license plate database.
The original intent of the law was in response to concerns that computer-related crimes might go unpunished. The plot twist is that it was a movie that prompted the law in the first place. In the original computer crime bill, it cited the 1983 techno-thriller movie WarGames as “a realistic representation of the automatic dialing and access capabilities of the personal computer.” The movie is about a teenager (played by Matthew Broderick) from Seattle who breaks into a U.S. military supercomputer which was programmed to predict possible outcomes of nuclear war and unwittingly he almost starts World War III.”
At odds with trying to keep our personal information safe is the desire to keep the internet free and open.
A fierce proponent of the open access movement, which promotes free and easy access to the world’s knowledge online, was Aaron Swartz. He was considered a technological genius who took the “free and open” mantra to the maximum. In mid-July 2011, Swartz tried to ‘liberate’ data from an academic website and he was charged with violating federal hacking laws for downloading millions of academic articles from a subscription database service that MIT had given him access to via a guest account. If convicted, Swartz would have faced up to 35 years in prison and a $1 million fine.
Before the case went to trial, Swartz hung himself on January 11, 2013.
Free and Open
His death sparked the need to add clarifying language to the CFAA. This resulted in Aaron’s Law, named for the lasting influence of Aaron Swartz. Aaron’s Law was introduced in the United States Congress in 2013 but it did not pass Congress.
Congress has, however, amended the CFAA somewhat regularly, with changes occurring in 1989, 1994, 1996, and 2002. The controversial U.S. Patriot Act greatly impacted the CFAA in 2001, and the 2008 Identity Theft Enforcement and Restitution Act also affected the scope of the CFAA.
In 2015 President Obama proposed expanding the CFAA but met opposition because it could potentially make many regular Internet activities illegal.
Despite the many changes, proponents of the failed Aaron’s Law argued that the CFAA is too vague. Because of the wording of the CFAA, users who violate terms of service can face prison time. Another major error in the CFAA is that because of redundancies, individuals can be tried for the same crime more than once under different provisions. These redundancies enable charges to compound and allow for disproportionately severe penalties for those convicted.
At the Supreme Court hearing on Monday, the court’s nine justices seemed to have a range of views on the CFAA. Some seemed ready to accept the government’s broad reading of the statute, while others worried that doing so could criminalize a lot of innocuous online activity.