CFAA 2013: Congress’ New Draft Could Incarcerate Teenagers That Read News Online

 @redletterdave on April 04 2013 12:23 PM
Cybersecurity
Minors could become "criminals" by misrepresenting their age to access news sites, according to proposed changes to an anti-hacking law. Reuters

Reading the news should be an essential habit, especially for students and children, yet anyone under 18 found browsing through the news online could hypothetically face jail time under the latest draft of proposed changes to the Computer Fraud and Abuse Act, which is supposed to be “rushed” to Congress during its “cyber week” in the middle of April.

You can read these proposed alterations to the bill in its entirety here.

According to the new proposal floated by the House Judiciary Committee, the CFAA, which was originally passed in 1984 as a measure to thwart hacking, would be amended to treat any violation of a website’s Terms of Service – or an employer’s Terms of Use policy – as a criminal act. Under the proposed changes, users could be punished and possibly even prosecuted for accessing a website in a way it wasn’t meant to be used.

Applied to the world of online publications, this could be a dangerous notion: For example, many news websites’ Terms of Use warn against any users under a certain age using their site. In fact, the Hearst Corporation’s entire family of publications, which includes Popular Mechanics, the San Francisco Chronicle and the Houston Chronicle, all include this language, written in all caps:

“YOU MAY NOT ACCESS OR USE THE COVERED SITES OR ACCEPT THE AGREEMENT IF YOU ARE NOT AT LEAST 18 YEARS OLD. IF YOU DO NOT AGREE WITH ALL OF THE PROVISIONS OF THIS AGREEMENT, DO NOT ACCESS AND/OR USE THE COVERED SITES.”

Hearst isn’t alone. Many publications, including organizations that institute paywalls to access their site, warn against children and teenagers accessing their “services.” The Miami Herald and U-T San Diego disallow users under 18 – even NPR doesn’t allow teenagers to access its “services” without legal consent, and even after that, don’t allow them to “submit any User Materials.”

According to the Department of Justice, this would mean anyone under 18 found accessing these sites -- either to read or comment on a story -- could, at least in theory, face criminal charges.

Several news sites like the New York Times, Boston Globe and NBCNews have loosened their policy restrictions, only forbidding users under the age of 13. However, this would mean that curious 12-year-olds that misrepresent their ages by accessing these news sites would be "criminals," according to the DOJ’s take on the new CFAA draft.

Last year, the Ninth Circuit of Appeals issued an important decision in the case of the United States v. Nosal, finding that employees who access workplace computers in violation of corporate policy aren’t breaking federal anti-hacking laws.

“Basing criminal liability on violations of private computer use policies can transform whole categories of otherwise innocuous behavior into federal crimes simply because a computer is involved,” Judge Alex Kozinski warned at the time. “Employees who call family members from their work phones will become criminals if they send an email instead. Employees can sneak in the sports section of the New York Times to read at work, but they’d better not visit ESPN.com. And Sudoku enthusiasts should stick to the printed puzzles, because visiting www.dailysudoku.com from their work computers might give them more than enough time to hone their Sudoku skills behind bars.”

Though the Justice Department could argue that the vast majority of cases against minors may never be prosecuted, the Ninth Circuit warned at the time that “seldom-prosecuted crimes invite arbitrary and discriminatory enforcement,” which means there’s nothing stopping a prosecutor from singling out CFAA violators, just as Internet activist Aaron Swartz was singled out and hounded under the same law for years, up into his suicide on Jan. 11.

With the House Judiciary Committee ready to introduce its proposed changes to the CFAA, many organizations are speaking out against the law. On Wednesday, the hacktivist collective known as Anonymous started the “#ReformCFAA” trend on Twitter, spreading news about the potential consequences of an expanded CFAA to its thousands of followers.

The Electronic Frontier Foundation is tackling the Computer Fraud and Abuse Act with its own alternative proposals, which include eliminating duplicative penalties and reducing some computer crimes from felonies to misdemeanors. The organization also offers ways to contact your congressman about "fixing" the CFAA.

Follow Dave Smith on Twitter

Join the Discussion