Business, Economics and Jobs

CFAA: Some in Congress join fight to reform cybercrime law


Andrew “weev” Auernheimer addresses a gathering of supporters and journalists in a makeshift press conference shortly before entering the Newark court house where he was sentenced to a 41-month prison term on Monday. Prosecuted under the controversial Cyber Fraud and Abuse Act, Auernheimer was found guilty of one count of identity fraud and one count of conspiracy to access a computer without authorization after gaining access to an AT&T server using a scripting tool, taking the names and email addresses of 114,000 iPad 3G owners in June of 2010. (Screengrab/Screengrab)



Outrage over a controversial US cybercrime law has reached new heights. And, this time, internet activists have some powerful allies.

A number of lawmakers and legal scholars are joing the fight to reform existing legislation, defying the Obama administration's push for tighter cybersecuity measures.

The high-profile battle was highlighted this week when Andrew “weev” Auernheimer, a prominent netizen and one of the web’s most prolific trolls, arrived at a Newark jail to begin serving a 41 month-long prison term. Authorities charged Auernheimer with one count of identity fraud and one count of conspiracy to access a computer without authorization.

Auernheimer’s conviction and sentencing quickly became one of the most controversial legal battles in the history of cybercrime. Anger online intensified when activists noted that just one day prior to Auernheimer’s sentencing, two juveniles convicted of raping a 16-year-old girl were given one to two years in a detention facility — far less than the one given to Auernheimer.

More from GlobalPost: Opinion: Hacking vs. rape: Which is a crime more deserving of jail time?

“I’m going to prison for arithmetic. I add one to a fucking number on a public webserver and I aggregated this data and I gave it to a fucking journalist at that man’s publication. And this is why I’m going to prison?” shouted Auernheimer at a guerilla-style press conference outside of the Newark courthouse where he was to be sentenced. 

Auernheimer gained access to an AT&T server using a scripting tool, taking the names and email addresses of 114,000 iPad 3G owners in June 2010.

Along with others, including programmer and activist Aaron Swartz, journalist Matthew Keys and writer Barrett Brown, authorities prosecuted Auernheimer under the Cyber Fraud and Abuse Act (CFAA), a law enacted in 1986 to crack down on hackers. Brown was denied bail last September and is awaiting trial in prison, Keys was indicted just last week and Swartz took his own life in January during plea negotiations. 

As the number of individuals prosecuted domestically under the CFAA continues to grow, the Obama administration is ramping up efforts to combat the threat of cyberattacks from abroad. Tensions with China flared after allegations that it used hackers to steal intellectual property from US-based corporations.

Last week, head of the newly established US Cyber Command Gen. Keith Alexander told Congress the military was developing cyberweapons to be used offensively during wartime.

Along with several others, Auernheimer has become what could be termed collateral damage in the battle for international cyber hegemony. 

More from GlobalPost: Activists rally to support Matthew Keys, claiming he is a victim of CFAA

“…with growing fears of cyberattacks, it’s not surprising that the blunt instrument that is the CFAA gets used to target both malicious criminal behavior and behavior — like that engaged in by Swartz and Auernheimer — that aren't and shouldn't be criminal,” said Electronic Frontiers Foundation (EFF) Staff Attorney Hanni Fakhoury. 

The EFF in taking on Auernheimer’s appellate case in an attempt to bring about CFAA reform through US courts.

“We're hopeful and optimistic Mr. Auernheimer's conviction will be reversed, and that going forward, Congress will amend the law and prosecutors will use their power and discretion more carefully in ensuring the CFAA is used to go after truly criminal and malicious behavior,” Fakhoury said. 

Computer crime law scholar Orin Kerr, a professor at the George Washington University Law School, as well as other prominent attorneys working in matters of computer crime have joined Fakhoury and other EFF attorneys to challenge the CFAA.

Auernheimer’s now robust legal team will be arguing before the Third Circuit Court of Appeals. The team argues that the CFAA’s language of “exceeds unauthorized access” and “without authorization” are unconstitutionally vague. Using the same argument, the EFF won a previous court case last April. In that case, a federal appeals court ruled that such definitions could not be applied to breaches in computer "terms of use" agreements.

Some Washington lawmakers are also joining the fight in Congress. Rep. Zoe Lofgren (D-Calif.) has drafted “Aaron’s Law,” a bill that would reform the CFAA and would “prevent what happened to Aaron from happening to other Internet users,” he said.

More from GlobalPost: Muslim hackers target US banks in third round of cyberattacks

Rep. Jared Polis (D-Colo.) went so far as to call Swartz a “martyr.”

“The charges were ridiculous and trumped-up. It's absurd that he was made a scapegoat. I would hope that this doesn't happen to anyone else,” Polis said.

But lawmakers face an uphill battle against a Justice Department that has made cybersecurity a top priority. An administration official told Congress in November that the Justice Department is hoping to expand the law and that removing parts of the CFAA “could make it difficult or impossible to deter and punish serious threats from malicious insiders," Reuters reported.

Despite such efforts, however, the Auernheimer appeals case and Aaron's Law represent growing criticism surrounding cybercrime legislation.

The CFAA initially drew criticism only from the fringes of the internet. But the calls for reform have now reached the federal halls of power.