Computer Fraud and Abuse Act: Is It Too Broad?

Email a Friend

Jordan Kovnot is the privacy fellow at the Fordham Center on Law and Information Policy.

The law that internet troll Andrew Auernheimer (aka Weev) was indicted under — the Computer Fraud and Abuse Act — has come under increasing examination from internet activists and legal scholars in recent years, Kovnot told New Tech City host Manoush Zomorodi. 

"The reason it's getting scrutiny is because it can be interpreted very broadly by prosecutors," Kovnot said. "The way that the law is written, it penalizes the unauthorized access of a computer or someone who exceeds their authorized access. What that means is largely up to a prosecutor."

In November, Auernheimer was convicted of two counts of conspiracy to access AT&T servers when he took the email addresses of about 120,000 iPad 3G users and passed them to the website Gawker. He will be sentenced on February 25 and faces up to 10 years in prison. 

Auernheimer's case has received a lot of attention since internet activist Aaron Swartz committed suicide in January. Swartz was also being prosecuted under CFAA, and his family said that the government was partly to blame for his death. 

"Aaron's death is not simply a personal tragedy. It's the product of a criminal justice system rife with intimidation and prosecutorial overreach," Swartz's family wrote in a statement. 

Kovnot said the CFAA has come under attack as a result of these high-profile cases. In addition, the law, written in 1984, is now seen as outdated.

Yet, reform is no easy task.

"There's hesitancy to create a new law that could become obsolete very quickly," he said.