DOJ Wants To Scare You Straight When It Comes To Violating ToS Agreements; Proposes Amendment To CFAA

Last week, CNet’s Declan McCullagh highlighted some questionable steps made by the Department of Justice concerning online terms of service agreements. In short, the DOJ wants to change the CFAA so that violating an online user agreement a federal crime.

If you just threw your computer a side-eye and wailed a “what you talkin’ ‘bout Willis,” you’re not alone. Because if the Department of Justice succeeds in pushing through the measure, it’ll have a profound effect on how we interact with the World Wide Web.

First, A Bit About The Computer Fraud and Abuse Act

The Computer Fraud and Abuse Act passed in 1986 — long before the advent of popular Internet use and social networking — in an effort to reduce high-level computer cracking.

Ostensibly seen as the go-to bill when updates to computer hacking laws are desired, the CFAA has a long and distinguished amendment history. The provisions of the act have been broadened in 1988, 1994, 1996, 2001, 2002 and 2008. CFAA watchdogs believe extending the reach of the bill one more time will render it unconstitutional.

Government Officials Insist We Need To Follow Terms of Service Agreements to Fight “Serious Threats”

During last week’s hearing, the Department of Justice’s Deputy Computer Crime Chief, Richard Downing, thinks changes must be made to the Computer Fraud and Abuse Act if the U.S. is going to get serious about fighting identity theft, privacy breaches, and misuse of government databases.

To the chagrin of many legal analysts, the crux of Downing’s reasoning boils down to intimidation through unreasonable prosecution. Deputy Downing argued that moving forward it will be impossible “to deter serious insider threats through prosecution” and therefore prosecutors should have the ability to charge people based upon violating terms of service agreements on websites.

Legal Luminaries Warn DOJ To Tighten Up Terms of Service Language

Testifying against the proposed amendment was Orin S. Kerr, a George Washington University Law School professor and one of the preeminent CFAA scholars around. Kerr first began studying the Computer Fraud and Abuse Act in 1998 after joining the Computer Crime Division of the Department of Justice.

Back in August of this year, Kerr and several other legal luminaries took their CFAA concerns to the government and asked that the language of the bill be shored up to ensure that the average Internet user could not be prosecuted for trivial ToS violations. The Senate agreed with Kerr and complied with his language-changing request — a move the DOJ found “worrisome.”

Imagine A World Where Violating Terms of Service Is A Federal Crime

Since Google’s terms of service agreement stipulates that users must be of a legal age to enter into a contract, most people under the age of 18 would find themselves breaking the law thanks to a simple Google search. And those who dabble in online dating would have to think twice about reporting a taller height or shaving a few pounds off their profile – after all, according to most dating website user agreements, lying about personal statistics is forbidden.

Believe It Or Not, There Is A Compelling Argument For The DOJ Case

To the average freedom-loving American, these proposed measures sound outrageous and over-reaching. But it might surprise you that there is a group of online activists and moms who would love to see the DOJ succeed in this CFAA amendment undertaking – and it all has to do with cyberbullying.

Back in 2008, a federal judge dismissed the case of Lori Drew – a Missouri mom who allegedly became entangled into her child’s social life, supposedly set up a fake MySpace page to harass her child’s “enemy,” and sadly the child whom Drew allegedly tormented, committed suicide due to the cyberbullying.

In addition to acting as an unguent for cyberbullying, officials are looking to make this change as a way to find legal equilibrium for computer fraud, mail fraud and wire fraud. Currently, mail and wire fraud are punishable with a 20-year sentence, whereas the max penalty for computer fraud is only five years.

Want to keep up with how the government is fumbling Internet-related regulations? Sign up for the Kelly Law Firm newsletter.