Senator Leahy Tries To Sneak Through Plans To Make Merely Talking About Computer Hacking A Serious C

https://www.techdirt.com/articles/20140109/11152925821/senator-leahy-tries-to-sneak-through-plans-to-make-merely-talking-about-computer-hacking-serious-crime.shtml

Senator Leahy Tries To Sneak Through Plans To Make Merely Talking About Computer Hacking A Serious Crime
from the that's-not-good dept
by Mike Masnick
Thu, Jan 9th 2014 1:11pm

You may have heard about the recent high-profile, malicious hack of Target's point of sale systems, giving the attackers access to the details of at least 40 million credit cards. Senator Patrick Leahy is, incredibly cynically, using this news event to try to sneak through a change to the "anti-hacking" law, the CFAA, which was used to prosecute Aaron Swartz and many others. And it's not a change to improve that law, but to broaden it, extending massively how the DOJ can charge just about anyone they want with serious computer crimes. This is monumentally bad, and Senator Leahy is trying to hide it behind a major news event because he knows he couldn't get this kind of DOJ wishlist through without hiding it.

Officially, this is Leahy reintroducing his Personal Data Privacy and Security Act -- a bill he's tried to introduce a number of times before. The crux of that bill makes some sense: requiring companies that have had a security breach to inform those who were impacted. State laws (most notably, California's) already include some similar requirements, but this is an attempt to create a federal law on that front. There are some reasonable concerns about such a law, but the general idea of better protecting the public from data breaches, by at least letting them know about it, is an idea worth considering.

The problem is that Leahy has inserted a couple of other dangerous bits and pieces into the bill, including a couple of "reforms" to the parts of the CFAA that have raised significant concerns, and burying them deep within this bill. Section 105 of the bill, for example, simply repeats the same change that the House Judiciary tried to include last year in an attempt at bad CFAA reform. It's basically part of the DOJ's wishlist, changing the CFAA to make you guilty of violating the law if you merely "conspire or attempt to commit" the offense, rather than if you actually do commit the offense. It may be difficult to understand if you just read the proposed bill (this is on purpose), but the bill says it wants to include the term "for the completed offense" so that the CFAA now reads:

Whoever conspires to commit or attempts to commit an offense under subsection (a) of this section shall be punished as provided for the completed offense in subsection (c) of this section.