Swartz suicide shines light on federal anti-hacking law

Federal Computer Fraud and Abuse Act is applied too broadly in alleged data theft cases, critics say

By , Computerworld |  Security, Aaron Swartz, data theft

In recent years, several employers have turned to the CFAA in data theft cases involving past or current employees. Federal courts have been somewhat split on how to deal with such cases,

In 2012, the U.S. Court of Appeals for the Ninth Circuit held that an employee with valid access to corporate data could not be held liable under CFAA if he or she later misused that access to steal or sabotage the data.

The judges in that case noted that CFAA applied specifically to external hackers and violations of computer access controls.

Last September, the U.S. Court of Appeals for the Fourth Circuit came to the same conclusion in a case involving an individual who used his valid access right to misappropriate data from his employer.

The Fourth Circuit judges characterized CFAA as a statute that could not be used to target individuals who access computers or information in bad faith, or who disregard a use policy.

Other appellate courts, including the Eleventh, Fifth and Seventh Circuit courts however have arrived at the opposite conclusion, ruling that CFAA can be used to prosecute individuals in such cases.

The vastly different interpretations of the statute by various courts shows why CFAA needs to be reviewed, Fakhoury noted.

"What has happened over the years is that the CFAA has been amended and extended by Congress so much it has become a very complicated patchwork of laws that has gone well beyond any of its original [intent]," said Eric Goldman, a professor at the Santa Clara University School of Law in California.

The problem with the CFAA is that it could be used to prosecute relatively minor crimes, Goldman said.

"Anyone who misrepresents their name, age, location or other information when signing up for a web service is in a sense violating that site's terms of service and could theoretically at least be in violation of the CFAA," he said.

"We have this very broad federal anti-trespassing statue that is incredibly powerful," Goldman said

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is jvijayan@computerworld.com.

Read more about security in Computerworld's Security Topic Center.


Originally published on Computerworld |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness