Have you ever lied on Match.com? Or created an account on Facebook using a fake name?
Do you have a teenage child that uses Google?
These common online behaviors aren’t illegal, yet.
A representative from the U.S. Department of Justice appeared before Congress Tuesday asking that august body to strengthen laws to “[improve] cybersecurity [of] our nation’s critical infrastructure, and the federal government’s own networks and computers.”
Noble goals, surely.
But the changes requested by Richard Downing, deputy chief of the Computer Crime and Intellectual Property Section at the Department of Justice, would also broadly criminalize many things Americans currently do online, NPR reports.
The Justice Department, it seems, want to make it a crime to violate a website’s terms of service.
No one bothers to actually read those things, but it is a violation of Facebook’s terms of service to provide any false information on your profile (like your height), create an account for anyone other than yourself (including pseudonyms), create more than one account. Match.com and other sites have similar rules.
Downing told Congress the new law would merely be “the latest development in the steady stream of progress we are making in securing cyberspace.”
Downing seems to realize that criminalizing violations of website terms of service is taking it too far in his testimony:
Some have argued that this can lead to prosecutions based upon “mere” violations of website terms of service or use policies. As a result, some have argued that the definition of “exceeds authorized access” in the [Computer Fraud and Abuse Act ] should be restricted to disallow prosecutions based upon a violation of contractual agreements with an employer or service provider [such as Facebook ]. We appreciate this view, but we are concerned that that restricting the statute in this way would make it difficult or impossible to deter and address serious insider threats through prosecution.
George Washington professor and attorney Orin S. Kerr pointed out to Congress that the new law would expose millions of Americans to federal prosecution.
The current version of the Computer Fraud and Abuse Act (CFAA) poses a threat to the civil liberties of the millions of Americans who use computers and the Internet. As interpreted by the Justice Department, many if not most computer users violate the CFAA on a regular basis. Any of them could face arrest and criminal prosecution.
… The CFAA criminalizes conduct as innocuous as using a fake name on Facebook or lying about your weight in an online dating profile. That situation is intolerable. Routine computer use should not be a crime.
Kerr said the law is so broad it would make it a federal offense for a young teen to use Google, or to lie about how often you visit the gym on Match.com.
The Terms of Service of the popular Internet search engine Google.com says that “[y]ou may not use” Google if “you are not of legal age to form a binding contract with Google.” The legal age of contract formation in most states is 18. As a result, a 17-year-old who conducts a Google search in the course of researching a term paper has likely violated Google’s Terms of Service. According to the Justice Department’s interpretation of the statute, he or she is a criminal.
Lying on a dating site?
Kerr takes his argument to absurdist realms.
Maybe the Patriot Act isn’t so bad after all.