“Tom the Dancing Bug” on the Scope of the Computer Fraud and Abuse Act — And A Related Note from My Computer Crime Casebook

I have been beating the drum on the need to narrow the Computer Fraud and Abuse Act for a decade or so, so I was happy to see today’s cartoon for “Tom the Dancing Bug” pick up the cause, too. I don’t know if I can reprint the cartoon here copyright reasons, but you can click here to see it. For my related op-ed from 2011, see here. And for a video of me ranting about the broad scope of the CFAA — or at least coming as close as I come to ranting — see here at the 44:10 mark (and pardon the echo).

In the spirit of the post, I thought I would also reprint the conclusion of the CFAA chapter in the 3rd edition of my Computer Crime Law casebook. As lawyers and law students know, it is common for law school casebooks to supplement cases with extensive “notes and questions” offering additional points and questions for further thought. Here’s the last “note” in the chapter:

The scope of criminal liability for computer misuse is very broad. A critic of existing law might say that the legislature’s basic approach is to criminalize everything and then rely on prosecutorial discretion to select appropriate cases for criminal punishment.

Is this criticism accurate? And if it is, do you think the legislature has acted wisely? Computer technologies and social practices change rapidly, and it may be difficult for the law to keep up. Is it sensible for legislatures to impose broad criminal liability ex ante, so that prosecutors are rarely or never in a position of being unable to charge a worthy case? Or should the legislature only impose liability narrowly, so that new computer technologies can evolve without the threat of criminal punishment? Do you trust prosecutors to charge only appropriate cases? Does the threat of criminal punishment have a significant chilling effect on legitimate computer use?