Ric Simmons
84 Geo. Wash. L. Rev. 1703
Whenever a legislature creates a technology-specific crime, it faces a number of challenges. First, there is a risk that the new statute will merely duplicate existing crimes, thus over criminalizing the conduct and creating unnecessary confusion. Second, the legislature needs to ensure that it provides the proper guidance to prosecutors, citizens, and courts regarding the new concepts in the criminal statute. And finally, the legislature needs to ensure that the law can be amended and updated as the technology evolves.
The Computer Fraud and Abuse Act (“CFAA”) is an example of a technology-specific criminal statute that fails all of these tests. Much of the CFAA is comprised of fraud, extortion, and theft provisions which prohibit conduct already covered by existing laws (or could be covered through minor changes to those laws). The only truly unique aspects of the CFAA are the concepts of “access” and “trespass,” while other terms, such as “loss,” “damage,” and “authorization,” need to be given specific meanings in the context of computer misuse. Unfortunately, the CFAA fails to adequately define any of these terms. And although Congress has amended the CFAA numerous times over the past thirty years, it has still been unable to keep up with the fast pace of technological change in this area.
The best solution to this problem is for Congress to stop trying to regulate computer misuse directly through legislation, and instead empower an administrative agency to set more detailed and technical rules. An administrative agency would have a number of advantages over legislatures and courts because it could develop and apply expertise in setting rules, generate and enforce separate rules for civil and criminal liability, respond quickly in creating or changing rules in response to changing conditions, and be insulated from political pressures.
Read the Full Article Here.