In 2008, the Identity Theft Enforcement and Restitution Act criminalized conspiracy to commit CFAA related crimes.
The Electronic Frontier Foundation (EFF) calls CFAA "infamously problematic." Reforming it is long overdue. Creative prosecutors game the law advantageously.
Charges unrelating to hacking follow. CFAA's "disproportionately harsh penalty scheme" punishes innocent victims.
Alleged first-time offenders face up to five years imprisonment. Repeat ones get ten or more years and stiff fines.
Violations of other CFAA provisions impose longer sentences. In some cases, life in prison is possible.
Aaron Swartz was maliciously and wrongly charged with excessive CFAA penalties. EFF demands reform. Abusive legislation requires fixing. Punishments should fit crimes. CFAA is rife with problems. It's outlandishly draconian.
Its undefined language encourages abuse. Minor no harm incidents become major ones. Criminal prosecutions follow. EFF's proposal remains a work in progress. It's three-part series discussed it.
Part 1 calls for "no prison time for violating terms of service." CFAA's greatest flaw criminalizes accessing computer systems "without authorization" or in ways that "exceeds authorization."