New Computer Fraud and Abuse Act Bill

Rep. Lofgren – image from WikiCommons:

Last week (on June 20, 2013), Representatives Zoe Lofgren (D-CA), James Sensenbrenner (R-WI), Mike Doyle (D-PA), Yvette Clarke (D-NY), and Jared Polis (D-CO) introduced a new (bipartisan) version of Rep. Lofgren’s prior bill to modify the Computer Fraud and Abuse Act (“CFAA”). The new bill, “Aaron’s Law Act of 2013,” is named for Aaron Swartz (the computer programmer behind RSS and Internet activist who committed suicide in the midst of being prosecuted for allegedly violating the CFAA).

One of the frequently-litigated issues concerning the CFAA is the scope of activity to which it applies. See CFAA: The Wait for the Supreme Court ContinuesAaron’s Law Act of 2013, if passed, would amend the CFAA to legislatively adopt the narrow interpretation of the law.

To do so, the bill would strike “exceeds authorized access” in section 1030(e)(6) (which is the definitional section) and replace it with “access without authorization,” which would be defined to have a three part test. Specifically, it would be defined to mean:  “(A) to obtain information on a protected computer; (B) that the accesser lacks authorized to obtain; and (C) by knowingly circumventing one or more technological or physical measures that are designed to exclude or prevent unauthorized individuals from obtaining that information.”

The bill would then modify the CFAA throughout to replace “unauthorized access, or exceeding authorized access, to a” with “access without authorization of a protected” and to strike “exceeds authorized access.”

Finally, the bill would  eliminate section 1030(a)(4) as redundant (one might question whether it is in fact redundant) and modify the penalties section, with the main goal of making the criminal penalties proportionate the harm caused by the crime.

Given the Obama’s continuing initiative to combat intellectual property theft (see Obama Administration Issues New Strategic Plan for Intellectual Property Enforcement) and the fact that the CFAA has been used more and more in recent years to target trade secrets misappropriation, it will be interesting to see what happens with bill, as it could be viewed by the Obama Administration as counter to its efforts.