DOJ seeks to expand Computer Fraud and Abuse Act
Congress should expand the Computer Fraud and Abuse Act so that violations no longer incur penalties that are weaker than those of analogous offline crimes, said Richard Downing, the Justice Department's deputy chief for computer crime, during a House Judiciary subcommittee hearing Nov. 15.
Downing said the DOJ also wants to expand the CFAA so DOJ can prosecute trafficking not just in passwords but also in other information used to confirm user identities such as biometric data and smart cards.
He additionally requested that the language be amended to cover any protected computer, not just government and financial institution computers.
Downing acknowledged the controversy surrounding the scope of the CFAA--for example, that it criminalizes any violation of online terms of service. But he rejected the notion that the DOJ would expend its resources on trivial cases.
Orin Kerr, a law professor at George Washington University, disagreed and called for a narrower scope for the CFAA. He asserted that he is a criminal because he says on his Facebook profile that he lives in Washington, D.C. when in fact he lives in Arlington, Va. False information violates Facebook's terms of service and therefore violates federal law, Kerr said.
James Baker, a lecturer at Harvard Law School, acknowledged that the CFAA's ambiguity could lead the Justice Department to target harmless activities but he expressed doubt as to whether the DOJ has ever overreached. He recommended that Congress use its oversight powers to ensure that the DOJ focus on the worst offenders.
Former Homeland Security Department Secretary Michael Chertoff agreed that too much caution would be counterproductive. "It would not be a triumph of civil liberties to keep the U.S. government from protecting computers so the Chinese government could get on our computers," he said.
- go to the hearing webpage (webcast available)
Leahy opposes 3-year mandatory minimum for critical infrastructure hacking
House Cybersecurity Task Force suggests incentives, info-sharing
House Republicans stand up GOP-only cyber task force