Whistleblower Chelsea Manning is serving 35 years in prison, in part due to a conviction under the Computer Fraud and Abuse Act, the overbroad, antiquated statute made notorious by its role in the prosecution of Aaron Swartz.
The CFAA bans "exceeding your authorization" on a computer you don't own, language that's been interpreted by CFAA's fans as banning anything that violates a service's terms of service — turning a ToS violation into an imprisonable felony.
The CFAA makes it illegal to intentionally access a computer connected to the Internet without authorization, but it doesn't specify what "without authorization" means. Although the CFAA is aimed at computer break-ins, data theft, and destruction of computer systems, overzealous prosecutors have taken advantage of the law's vague language to bring criminal charges that go beyond Congress's anti-"hacking" purpose.
"Congress intended to criminalize the act of accessing a computer that you aren't authorized to access, such as breaking into a corporate computer to steal user data or trade secrets or to spread viruses. The law should not be used to turn a violation of an employer's computer use restrictions into a federal crime. That's what happened here," said EFF Legal Fellow Jamie Williams.
In an amicus brief filed Wednesday, EFF told the U.S. Army Court of Criminal Appeals that violating a written policy, which restricted Manning from using unauthorized software to access a State Department database, is not a crime under the CFAA. Because most employers impose one-sided computer use policies on their employees, such an interpretation would potentially turn millions of Americans into criminals on the basis of innocuous activities, like browsing Facebook or viewing online sports scores at work in violation of company policy.
(Image: Apr14. Daily #chalkupy Free Chelsea Manning, Daily Chalkupy, CC-BY-SA)