EFF has long been concerned about the Computer Fraud and Abuse Act (CFAA), a federal law that allows people to be sued civilly and charged criminally with a host of anti-hacking offenses.
2011 has been a landmark year for prosecutions under the statute, with the feds pursuing aggressive, high-profile cases against members of Anonymous and LulzSec, as well as open access advocate Aaron Swartz.
Among other things, the CFAA makes it illegal to "intentionally access a computer without authorization or exceed authorized access, and thereby obtain . . . information from any protected computer."
This is a bad idea because it would give companies great coercive power to criminalize behavior they don't like, harming the interests of consumers and innovation.
Some companies tried to push the law far beyond its limits again in 2011. In Sony v. Hotz, a case that eventually settled, Sony claimed that users violate the CFAA when they access their own video game consoles in ways Sony doesn't like.
And in Lee v. PMSI, Inc., a company struck back against a former employee who filed suit for wrongful termination, unsuccessfully arguing that she violated the CFAA by spending too much time surfing the Internet at work in violation of company policy.
As these cases unfolded in the courts, the Obama Administration pushed to expand the scope of the CFAA and enhance penalties, which is a dangerous move when it's so unclear what the law criminalizes.
Thankfully, Senators Grassley, Franken and Lee introduced a proposal to clarify that it's generally not a crime to violate website terms of service or acceptable use policies. Though we think the amendment could be even better, it's a step in the right direction and we hope the Senate passes it in 2012.
Cross-posted from Electronic Frontier Foundation