ACL-Sue: Civil rights warriors drag Uncle Sam to court for hacking laws

Filing claims the CFAA blocks online researchers

A man in handcuffs

The American Civil Liberties Union (ACLU) says the US Computer Fraud and Abuse Act (CFAA) should be stricken for being unconstitutional.

The civil rights group said in a filing [PDF] to the Washington, DC, District Court that the CFAA prevents researchers and whistleblowers from carrying out their work and violates both the free speech and due process clauses in the First and Fifth Amendments.

The suit, Sandvig v Lynch, asks that the courts invalidate the law, which has been the basis for hacking and computer crime prosecutions since its enaction by Congress in 1986.

According to the ACLU, the CFAA illegally prevents researchers from doing their jobs by restricting activities to those approved by a product's terms of service (TOS). Because the Act counts violating a TOS as "unauthorized" access, the ACLU argues that companies are able to effectively write their own criminal laws with a TOS.

"The Challenged Provision contains no requirement of intent to cause harm, or of actual harm stemming from the prohibited conduct, before imposing criminal penalties," the complaint reads.

"While 'without authorization' is not defined by the statute, 'exceeds authorized access' means 'to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter'."

This, they argue, means that researchers who seek out weaknesses in products are criminalized illegally, even when they are simply looking to expose potential flaws and dangers in products.

The ACLU is filing the suit on behalf of a group of researchers who wish to investigate whether the Fair Housing Act (FHA) is being violated by real estate sites that would provide different results for users based on their race or ethnicity.

The researchers claim that in order to test for discrimination, they would need to present as different individuals of varying races and compare the results. Because falsifying this information would violate a site's terms of service, however, the researchers say they would be in danger of criminal prosecution under the CFAA.

As a result, the suit alleges, the ability of researchers to uncover FHA violations in these services is being blocked by the law, and in the process has a "chilling" effect on free speech and due process.

"This chill arises because the CFAA makes it a crime to visit or access a website in a manner that violates that website's terms of service, while robust audit testing and investigations to uncover online discrimination require violating common website terms of service," the complaint reads.

"Without online audit testing, policymakers and the American public will have no way to ensure that the civil rights laws continue to protect individuals from discrimination in the twenty-first century."

The complaint asks that US Attorney General Loretta Lynch and her staff be barred from enforcing the CFAA provisions in criminal complaints. It also asks for the government to pay any additional penalties and attorney fees. ®

Sponsored: What next after Netezza?

Biting the hand that feeds IT © 1998–2019