The Prospects for Reform of the Computer Fraud and Abuse Act

Will Congress amend the Computer Fraud and Abuse Act in light of the Aaron Swartz case? Don’t expect reforms any time soon, Politico suggests:

Despite some recent momentum, there’s not much clamor for change coming from the White House — and as expected, the Justice Department, which once tried to expand the penalties of the so-called Computer Fraud and Abuse Act, has been silent.

While there’s a new reform push on Capitol Hill backed by a few powerful members, the key committees with jurisdiction have other plans in mind — and their agendas are packed with immigration reform and gun control. More than that, Congress actually has been fond of stronger punishments for some offenders.

It’s not to say the principles known as Aaron’s Law won’t ever reach the president’s desk in some form — just that all the Internet hype and rallying mark only the beginning of a new and lengthy political journey.

I think that’s probably right, unfortunately. Narrowing federal criminal law is always hard, both because elected officials don’t want to seem ‘soft on crime’ and because the head of the executive branch has the veto power. Plus, on this issue specifically, the Internet companies and service providers that have a lot of influence on the Hill aren’t natural allies with civil libertarians. Those companies want their customers to feel that using their products is private, which can lead companies to favor expanding privacy protections in the context of government investigations. But when it comes to the substantive criminal laws, those same companies tend to see themselves as victims of computer crimes (whether from outside hackers or insiders). As a result, they tend to be wary of narrowing the laws. So as the Politico story says, expect a lengthy political journey. And keep an eye out for how the courts construe the CFAA, too: There’s a lot of uncertainty that courts will have to grapple with regardless of whether Congress takes up the issue.