Blog
The Expanding Scope of Federal Cybercrime Laws
Contents
The Expanding Scope of Federal Cybercrime Laws
Over the past decade we’ve seen an explosion in cybercrime cases being prosecuted under federal law. New technologies and online behaviors have created opportunities for tech-savvy criminals, leading to an evolution in computer hacking laws intended to keep pace. However, some worry these expanding federal cybercrime statutes also threaten digital liberties. Let’s take a look at key developments.
What Counts as Cybercrime?
There’s no single definition of “cybercrime” under federal law. Broadly, it refers to crimes targeting computers and information systems, or crimes aided by internet technology. Specific cyber offenses run the gamut – everything from hacking to online fraud scams, identity theft, malicious software distribution, and even online bullying or harassment.
Key federal laws used to prosecute cybercriminals include the Computer Fraud and Abuse Act (CFAA) and the Wiretap Act. The CFAA is the primary anti-hacking law, prohibiting unauthorized access or damage to “protected computers” (i.e. most internet-connected devices). The Wiretap Act bans real-time electronic eavesdropping, like intercepting emails or downloads. Additional laws target specific cybercrimes like identity theft or online harassment.
Overly Broad or Right-Sized?
Civil liberties advocates argue these laws are dangerously overbroad, lacking intent requirements and disproportionately punishing trivial offenses. The CFAA for instance, has been used to prosecute employees who violate workplace computer policies or students manipulating school grading systems. Critics say minor technical violations shouldn’t equal serious felony charges.
However, supporters counter that federal cybercrime laws offer necessary flexibility. In a fast-changing digital landscape, they must adapt to new attack methods – a hacker technique that seems trivial today could enable major crime tomorrow. Backers also point out prosecutors use discretion in charging decisions based on harm, rather than blindly throwing the book at minor offenders.
Key Expansions
Several recent developments have expanded federal cybercrime law scope:
- Broadening Unauthorized Access – In fall 2018, Congress expanded the CFAA’s definition of “unauthorized access” to include violating a website’s terms of service. This means breaching any rules users agree to when signing up now risks criminal charges. Critics argue this chills security research and free speech.
- Targeting Botnets – The 2018 Botnet Prevention Act made operating a botnet – a network of compromised devices used for large scale attacks – a direct CFAA violation. While botnets enable serious harms like DDoS attacks, critics worry innocent users could get caught up by having unknowingly infected devices.
- Cracking Down on Stalkerware – Stalkerware – spyware apps used to track phones without consent – received scrutiny after cases of domestic abusers using them. Under the 2021 No Stalking Apps Act, both stalkerware developers and users now face CFAA charges for illegal surveillance. But some warn broadly restricting this software risks unintended consequences.
- Regulating Security Research – Reversing course from the 2018 terms of service change, the 2022 Protecting Cybersecurity Whistleblowers Act now exempts good-faith cyber research from CFAA liability. This aims to enable testing systems for vulnerabilities without fear of prosecution. However, some say determining good intent remains highly subjective.
What’s Next?
While recent expansions aim to protect the public, we must thoughtfully balance security and digital rights. Perhaps additional intent requirements or other safeguards against overreach would help keep these powerful laws focused on truly malicious actors rather than inadvertent violations. As technology continues advancing at warp speed, so too must nuanced policy discussions around computer crime statutes. But in the meantime, all internet users should brush up on cyber laws – both to protect themselves and avoid running afoul of unintended offenses.