How and Old Hacking Law Hampers the Fight Against Online Discrimination

Thirty years ago, during the Reagan Administration, Congress passed the Computer Fraud and Abuse Act, which was designed in large part to prohibit the theft of government data. (Reagan became interested in the issue after watching the 1983 film “WarGames,” in which a young hacker, played by Matthew Broderick, inadvertently gains access to a supercomputer that controls the US nuclear arsenal.) The text of the CFAA begins reasonably enough, by targeting hacks that put the national defense and foreign relations at risk. From there, though, the law grows like an algae bloom, expanding the definition of fraud to include any “unauthorized access” to a “protected computer.”

Rather than explaining precisely what “unauthorized” means, the CFAA leaves it up to the owner of the computer to decide. As a result, companies have the right to sue people who violate their terms of service, even for such mundane activities as sharing a password with a friend. What’s more, the federal government can subject alleged offenders to criminal prosecution, seeking to impose prison time and hefty fines, essentially turning the US Department of Justice into corporate muscle.