Right now, a battle is underway to reform the Computer Fraud and Abuse Act, a statute that can transform innocuous workplace behavior into a federal crime, simply because a computer is involved. The CFAA is a bludgeon that Big Business and the Department of Justice have willingly used against the American worker, and its time for that to stop.
This opportunity comes in the wake of heartbreak. Recently, a young man named Aaron Swartz took his own life while facing CFAA criminal charges for downloading academic journal articles. Aaron is quite rightfully being memorialized as a great information access and Internet freedom activist, but he was also so much more. Aaron didn't fight for these things for their own sakes: Aaron understood that information access and the freedom to connect are critical to a more democratic, economically just society. He co-founded the prominent Progressive Change Campaign Committee, which regularly works with labor and activists to fight for organizing rights, for better funding for education and social programs, and to support progressive candidates. (That includes having supported coauthor David Segal's candidacy for Congress in 2010, which was backed by SEIU, AFSCME, and the AFT, and is where he first met Aaron.)
Like many activists before him, Aaron fell prey to a criminal justice system that entrenches the standing of the already powerful, and which has been used so many times to break unionists and stymie their organizing efforts.
Solidarity with a kindred spirit might be reason enough for organized labor to question why such a constructive person was destroyed for something so harmless as downloading academic articles. But there's another reason too: Aaron's prosecution was based on a CFAA theory that represents yet another arrow in bosses' near bottomless quiver, ready to be launched at disfavored employees, both in civil lawsuits and criminal prosecutions.
The CFAA says you can be criminally prosecuted or sued if you access without authorization, or "exceed authorized access," to a computer or computer system. Pushed by prosecutors and by business concerns, three federal appellate courts have held that if you are using a computer in a manner that violates the system owner's policies or preferences, or even villages an unwritten "duty," you are breaking this law.
Every American should be concerned about the over-breadth of our criminal statutes and the ease with which prosecutors can bring the power of the state to bear against nearly anybody whom they set their sites upon. But organized labor should be particularly concerned about the use -- and potential abuse -- of the CFAA. Last year, in rejecting the government's expansive and dangerous view of the CFAA, Chief Judge Alex Kozinski explained why workers need to worry about expansive readings of this law.
Basing criminal liability on violations of private computer use polices can transform whole categories of otherwise innocuous behavior into federal crimes simply because a computer is involved. Employees who call family members from their work phones will become criminals if they send an email instead. Employees can sneak in the sports section of the New York Times to read at work, but they'd better not visit ESPN.com. And sudoku enthusiasts should stick to the printed puzzles, because visiting www.dailysudoku.com from their work computers might give them more than enough time to hone their sudoku skills behind bars.
That case arose from an attempted criminal prosecution of a disloyal employee and it was based upon accessing a computer in violation of employer policies (ftnte, link to U.S. v. Nosal).
Just as prosecutors have used the CFAA -- sometimes successfully -- to cast a wide net and pursue cases of dubious merit, so too can employers try to use broad interpretations of this vague statute to target employees who use company networks or hardware to engage in extra-employment activities -- like union organizing, or even searching for a new job. Or employers who seek to stymie organizing efforts can use the CFAA to threaten activists for unrelated supposed computer offenses.
Indeed, unions have already been the targets of CFAA suits and prosecutions. Ludicrously, in 2011 a Laborers International Union local in California was successfully sued under the CFAA for placing too many phone calls and sending too many emails to the offices of a company called Pulte Homes. Pulte and the union were embroiled in a dispute over the company's firing of a worker who belonged to the union.
We're trying to change the CFAA, in ways that would protect workers all around the country, not just in the Ninth Circuit. Representative Zoe Lofgren has drafted "Aaron's Law" to reform the CFAA and make clear that violating a computer use policy is not a crime.
While the CFAA might seem arcane and irrelevant to most Americans at first glance, it actually exposes any employee who uses a computer to civil liability or worse, at the whim of the company or the police. We have a chance to restore balance to the law, and return it to its original purpose, protecting networks from those who break in. To do this job, we need your help. Click here to find out more about the CFAA and what you can do to support Aaron's Law.
Jennifer Granick is the Director of Civil Liberties at the Stanford Center for Internet and Society
David Segal is the executive director of Demand Progress and a former Providence city councilman and Rhode Island state representative.