"The idea that for downloading too many academic articles you could be facing decades in prison -- that's absurd."
So says a defense attorney and commentator on a law passed by the federal government nearly three decades ago to fight against computer crimes. That law -- the Computer Fraud and Abuse Act (CFAA) -- has not only imprisoned persons on serious federal charges involving hacking attempts geared toward bank fraud, identity theft and financially related Internet crimes, but has also been used by prosecutors to ensnare persons charged with arguably far lesser crimes.
Such as a man in Georgia who was caught using databases at his worksite to extract information about women he was interested in dating. He received a one-year sentence in a federal prison for that offense.
Prosecutors often use the CFAA to go after individuals they say exceeded authorized access on an employer's program. That can result in charges and potentially lengthy prison terms for alleged offenses such as downloading email lists or other acts that are deemed disallowed for being outside the scope of any legitimate business purpose.
That makes many people nervous, including some judges, one of whom noted in a recent case that under an overly expansive view of the CFAA and what is considered to be unauthorized access, "minor dalliances would become federal crimes." The judge was contemplating prosecution for things like reading personal email or temporarily visiting Facebook while on the job.
Critics of the CFAA say it is high time for courts across the country to gain a more uniform consistency about the law and what types of criminal charges can be brought under it and, importantly, to narrow its scope.
Until they do, persons who in some instances do nothing more than download lists or share information by email will continue to face dauntingly harsh criminal sentences, sometimes decades long in their duration.
Source: ABA Journal: "Hacker's hell: Many want to narrow the Computer Fraud and Abuse Act," Stephanie Francis Ward, May 1, 2013