"Security testing, code building, and free speech - even if unabashedly impolite - are fundamental parts of the Internet's character."
Violating service terms or other private agreements shouldn't risk criminal prosecution, imprisonment, and stiff fines. Support EFF "in calling on Congress to fix" glaring CFAA abuses.
EFF's Part 2 offered ways to fix CFAA.
(1) Clarify unauthorized access. Define it precisely. Abandon the phrase "exceeds authorized access."
Simplify CFAA. Streamline it. Make it consistent with related federal appeals court rulings. Don't criminalize minor infractions.
(2) Two major penalties need fixing. More on them below. They're redundant. They repeat other CFAA prohibitions. They let prosecutors game the law.
Remove the provision that lets litigants bring civil actions. They're also redundant. They risk judicial misinterpretations. Criminal prosecutions can follow.
"Require repeat offenses to actually be subsequent offenses." Doing so stops "prosecutors from leveraging the same course of conduct into a 'repeat' offense." They do it for stiffer penalties.
Make first-time offenses misdemeanors "unless they are done for commercial advantage, private financial gain in excess of $10,000, or the offense is committed in furtherance of a felony."
At issue is stopping unwarranted aggressive prosecutions. Curbing them should be prioritized. Government officials shouldn't have discretion to turn minor offenses into felonies.
EFF's Part 3 said "punishment should fit the crime."
"Computer crime law should not double-count offenses." CFAA's section 1030(a)(3) criminalizes accessing without authorization either:
(a) computers used exclusively by the federal government or
(b) ones used by the government in ways that affect its computer use.