DOJ: Fibbing on web sites should be a crime

The U.S. Department of Justice is defending computer hacking laws that make it a crime to use a fake name on Facebook or lie about your weight in an online dating profile.

In a statement obtained by CNET that's scheduled to be delivered tomorrow, the Justice Department argues that it must be able to prosecute violations of Web sites' often-ignored, always-unintelligible "terms of service" policies.

The law must allow "prosecutions based upon a violation of terms of service or similar contractual agreement with an employer or provider," Richard Downing, the Justice Department's deputy computer crime chief, will tell the U.S. Congress tomorrow.

Scaling back that law "would make it difficult or impossible to deter and address serious insider threats through prosecution," and jeopardize prosecutions involving identity theft, misuse of government databases, and privacy invasions, according to Downing.

The law in question, the Computer Fraud and Abuse Act, has been used by the Justice Department to prosecute a woman, Lori Drew, who used a fake MySpace account to verbally attack a 13-year old girl who then committed suicide. Because MySpace's terms of service prohibit impersonation, Drew was convicted of violating the CFAA. Her conviction was later thrown out.

What makes this possible is a section of the CFAA that was never intended to be used that way: a general-purpose prohibition on any computer-based act that "exceeds authorized access." To the Justice Department, this means that a Web site's terms of service define what's "authorized" or not, and ignoring them can turn you into a felon.

On the other hand, because millions of Americans likely violate terms of service agreements every day, you'd have a lot of company.

A letter (PDF) sent to the Senate in August by a left-right coalition including the ACLU, Americans for Tax Reform, the Electronic Frontier Foundation, and FreedomWorks warns of precisely that. "If a person assumes a fictitious identity at a party, there is no federal crime," the letter says. "Yet if they assume that same identity on a social network that prohibits pseudonyms, there may again be a CFAA violation. This is a gross misuse of the law."

Orin Kerr, a former Justice Department computer crime prosecutor who's now a professor of law at George Washington University, says the government's arguments are weak.

Kerr, who is also testifying tomorrow before a House Judiciary subcommittee, told CNET today that:

The Justice Department claims to have an interest in enforcing Terms of Use and computer use policies under the CFAA, but its examples mostly consist of cases in which the conduct described has already been criminalized by statutes other than the CFAA. Further, my proposed statutory fix (see the second proposal in my testimony) would preserve the government's ability to prosecute the remaining cases DOJ mentions while not raising the civil liberties problems of the current statute.

Kerr's testimony gives other examples of terms of service violations that would become criminal. Google says you can't use its services if "you are not of legal age to form a binding contract," which implies that millions of teenagers would be unindicted criminals. Match.com says you can't lie about your age, criminalizing the profile of anyone not a model of probity.

"I do not see any serious argument why such conduct should be criminal," Kerr says.

The Justice Department disagrees. In fact, as part of a broader push to rewrite cybersecurity laws, the White House has proposed (PDF) broadening, not limiting, CFAA's reach.

Stewart Baker, an attorney at Steptoe and Johnson who was previously a Homeland Security assistant secretary and general counsel at the National Security Agency, has suggested that the administration's proposals to expand CFAA are Draconian. Uploading copyrighted YouTube videos twice "becomes a pattern of racketeering," with even more severe criminal penalties, "at least if Justice gets its way," Baker wrote.

In a kind of pre-emptive attack against Kerr's proposed fixes, the Justice Department's Downing says the CFAA properly criminalizes "improper" online activities.

"Businesses should have confidence that they can allow customers to access certain information on the business's servers, such as information about their own orders and customer information, but that customers who intentionally exceed those limitations and obtain access to the business's proprietary information and the information of other customers can be prosecuted," Downing's prepared remarks say.

[tsigili]

The things that go on, on line, are really pretty amazing. There has to be, some kind of limitations on what people can get away with, on line.

[DonaldPennington]

I looked into the documents you based this story on. The author really seems to be reaching. Grasping at straws in the wind to get readers? After what CBS did to Ron Paul, it's no surprise you lost a few.

[13054]

An oath to the "constitution" is a terms of service or similar contractual agreement. Go after those people first, then we'll talk.

[rsimpson69]

"...but that customers who intentionally exceed those limitations and obtain access to the business's proprietary information and the information of other customers can be prosecuted,"

Sounds like the definition of fraud under the current law... what more is needed?

[longtree-2009]

guess doj has nothing better to do. doj should be going after all those sites that publish someone's name, address, telephone, relatives, age and so much more. instead of things getting better these days, they are getting worse. doj is overlooking the gun giveaway in fast/furious, solyndra where really awful crimes are being committed against taxpayers. what about the companies who received bailouts giving their ceos huge amounts of money in the millions, like fannie and freddie. guess the nation is completely corrupt beyond repair. pelosi and others enriching themselves with insider trading based on what comes across congress, pelosi being lobbied heavily by visa. and doj worries about lies on the net?

[dickcntsn]

"A few extra pounds" will no longer be acceptable!

[FerdFerkle]

More lawyers...more money to be made.

[ddaryl1]

politicians like to our faces daily and get away with it, but we are going to worry about what the little guys says about his or her age and weight.

How many attack ads will we be bombarded with that will be nonfactual and yet billion$$$$ will be spent on them and allowed

[dogsoul]

...yeah, this is complete b.s. - basically, this is one among a thousand instances where they create some law that EVERYBODY violates, such that they can then choose to prosecute anybody they wish virtually at will... especially if it's in the media & will get some ambitious prosecutor good press.

[rightbehind]

This is the wrong kind of big government.

[Void-Master]

There is no "right" kind of *big* government.