Today, a group of entrepreneurs and startups sent a letter to the House Judiciary Committee urging it to reform the draconian Computer Fraud and Abuse Act (CFAA). The letter, organized with the help of TechFreedom, the Competitive Enterprise Insitute, and the Center for Democracy and Technology (CDT), explains how the CFAA stifles entrepreneurs and cripples the creation of innovative services. The group is part of a larger coalition of groups like EFF, CDT, and the ACLU, which are calling on Congress to reform the CFAA after the aggressive prosecution of Aaron Swartz. Please join the fight by telling Congress to fix the bill.
The letter will be delivered in time for a hearing of the House Judiciary Committee, which will meet Wednesday to discuss the crimes associated with cybersecurity threats like IP theft and computer hacking. The letter, which includes groups that range from the Internet Infrastructure Coalition to O'Reilly Media, provides a voice to innovators and entrepreneurs who have seen the CFAA used as a deterrent to innovation.
The letter acknowledges the need to criminalize malicious hacking, but noted that the current law goes far beyond that:
[D]eterring digital criminals can be done without criminalizing harmless contractual breaches and imposing felony liability on developers of innovative technologies. In the nearly three decades since the CFAA’s enactment, the law has lost its way.
In the hearing, members will likely discuss the CFAA. One witness, Professor Orin Kerr, has pushed to reform the CFAA for quite some time. Kerr will be a contrast to the Business Software Alliance, which is in favor of proposals introduced last year by President Obama. Those proposals attempted—and thankfully failed—to increase some of the penalties in the CFAA by 10 years. Every year a hearing like this takes place and every year Congress proposes, but never passes, more penalties for computer crimes.
This year is different. It's time to fight back. The CFAA allowed prosecutors to charge Aaron with over 35 years in prison and $1 million in fines. Originally designed to protect government computers, it now covers almost any computer, and criminalizes an access to a computer without authorization that merely “obtains information.” One of its many problems is that it doesn't define "without authorization," and has been subject to aggressive interpretations. Companies and the government have used the vagueness to stifle innovation and overzealously prosecute violations of terms of service as crimes.
The House Judiciary Committee should hold a markup exclusively on Aaron's Law in order to present it to the House floor for a vote. Users from across the spectrum have rallied around Aaron's death to push to change the law. And the courts are already moving in the right direction—both the Fourth Circuit and Ninth Circuit have ruled against the criminalization of a terms of service violation.
The committee's members are also calling for much-needed change. Zoe Lofgren has proposed (PDF) Aaron's Law, which makes sure the Fourth and Ninth Circuit rulings are reflected in the law. EFF has also proposed revisions, which aim to protect innovation and decrease the penalties found in the law. Professor Kerr has also introduced his own proposals.
Please join the fight by adding your company’s name to the letter calling for CFAA reform. Please email Mark.
It's time for House Judiciary Committee to listen to users, the courts, its members, and even its own witness. Let's reform this law so that it can no longer be used against people like Aaron. Please go here to tell your representative to support reform.
Update: The newest version of the letter can be found here.