The Computer Fraud and Abuse Act is broken.
- No more criminal penalties for violating a website's fine print
- No criminal penalties for circumvention techniques that protect privacy and promote security
- Make penalties proportionate to offenses
The tragic death of Aaron Swartz, a 26-year-old coder and social activist, has shone a light on the sad truth about America's misguided computer crime law. The Computer Fraud and Abuse Act (CFAA) has vague language that broadly criminalizes accessing a computer without "authorization," but doesn't explain what that actually means. It also contains heavy-handed penalties and shows no regard for whether an act was done to further the public good. Read More
Proposed legislative fixes -- like Representative Zoe Lofgren's "Aaron's Law" -- are encouraging but don't go far enough. To fix the CFAA, we need to clarify the meaning of "unauthorized" to reflect that commonplace and privacy-protective "circumvention" techniques should not be crimes, and we also need to make penalties proportionate to offenses.
Brilliant, talented, visionary people should be spending their time building our future, not worrying about wasting away in prison. Congress must start by updating the CFAA to ensure the penalties make sense in light of the behavior they're meant to punish. Once you've taken action, read more about how EFF is tackling this issue.