Law falls within three broad categories: criminal, civil, and administrative law. All three interact to form the complex web of the United States judicial system. Each category of laws play a vital role within the system, and each also has a role in information technology. During this discussion, we will briefly cover the history of cyber law and my projection of the future impacts of cyber law.
The first significant piece of cybercrime-specific legislation was the Computer Fraud and Abuse Act (CFAA), which was first enacted in 1984. This law covered general crimes such as malicious damage to federal computer systems in excess of $1,000, trafficking of computer passwords, and modification of medical records. CFAA received its first amendment in 1994 when Congress recognized the face of computer security had drastically changed since 1984; this amendment was called the Computer Abuse Amendment Acts.
The Computer Abuse Amendment Act took into accounts more sophisticated actors that could target organizations through the use of malicious code. It would allow for the imprisonment of offenders, regardless of whether they intended to cause damage or not. There were more amendments in 1989, 1994, 1996, 2002, and the final one in 2008.
Nevertheless, it was still very vague, which led to the well known Aaron Schwartz case of 2009 and eventually his arrest a couple of years later in 2011. He was prosecuted for downloading a large number of academic research papers from the MIT database.
Aaron Schwartz, also the co-founder of Reddit, was tried for information crimes, two counts of wire fraud, up to $1 million in fines, and potentially 35-years in prison. Aaron, unfortunately, committed suicide. However, in the wake of his death, internet activists worked with a California representative Zoe Lofgren who wrote the law Arron’s Law bill. It was formally introduced to the United States Congress in 2013 and argued that the CFAA was too vague and allowed overreaching interpretations.
Recently, in April 2020, the Supreme Court finally reviewed the CFAA for the first time. In doing so, they finally granted a petition to Nathan Van Buren, who had submitted 12 petitions since December 2019. The Supreme Court is currently reviewing his case and charging him for exceeding his authorized access to police databases. In layman’s terms, he misused information by obtaining it and then selling it. Currently, Van Buren is auguring that he did not exceed authorized access as meant by Section 1030(a)(2) of the CFAA. This section read as followed: “To sustain a conviction under paragraph 1030(a)(2), “the Government must prove that the defendant (1) intentionally (2) accessed without authorization (or exceeded authorized access to) a (3) protected computer and (4) thereby obtained information.” Here is the source link.
Currently, Van Buren is waiting for a briefer and a joint appendix by late August of 2020. At the time I wrote this report, Nathan’s case was sitting in limbo because the judicial system is unsure what justifies the prosecution.