"Imagine that President Obama could order the arrest of anyone who broke a promise on the Internet." That's what The Wall Street Journal's Orin Kerr thinks the latest cyber-security legislation will lead to: An assault on checking Facebook at work. Today the Senate Judiciary Committee will vote on proposed changes to the Computer Fraud and Abuse Act, which would seek tougher sentences for digital offenses. As more of the world moves online, so has crime. And legislation needs to adapt. But, does the latest updates to the bill target the right cyber criminals?
No, regular folk are in danger. The way the law is worded, it makes violating a terms of service agreement a felony. "The problem is that a lot of routine computer use can exceed 'authorized access,'" explains Kerr. That means that if your employer prohibits Facebooking on the job and you sneak a peak at a tagged photo, you could face penalties. Senators Patrick Patrick Leahy and Al Franken expressed similar concerns about the proposal, suggesting the administration may be expanding the definition too much, reports eWeek. "We want you to concentrate on the real cyber-crimes, and not the minor things."
While you might think an employer would never charge an employee for a felony based on Internet wandering, it's not unprecedented, as Kerr points out. "In 2009, the Justice Department prosecuted a woman for violating the 'terms of service' of the social networking site MySpace.com. The woman had been part of a group that set up a MySpace profile using a fake picture. The feds charged her with conspiracy to violate the Computer Fraud and Abuse Act." He also cites a case where a woman faced charges for using Ticketmaster. Abuse of the language of the legislation is a real possibility.
But, what about hackers? The legislation isn't meant to target these petty insances, it's to deal with the ever growing hacking threats that businesses and our government face. "Online criminals organize in networks, often with defined roles for participants, in order to manage and perpetuate ongoing criminal enterprises dedicated to stealing commercial data and selling it for profit," Secret Service Deputy Special Agent in Charge Pablo Martinez said regarding the act, reports The Hill. The law is really meant to crack down on organized Internet crime, which is a real threat that most businesses and the government aren't prepared for, as a recent PricewaterhouseCoopers survey found, reports Bits Blog. When asked about cyber security precautions, most were unprepared. "It turned out that only 13 percent of those surveyed had actually done what the consulting firm considered to be adequate--meaning they had an overall security strategy, they had reviewed the effectiveness of their strategy and they knew precisely the types of breaches that had already hit them over the last 12 months."
Anyhow, the bill might not have that much enforcement power. Kerr overestimates the power of the act. "The White House plan does not include any criminal or civil provisions for forcing companies to comply with Department of Homeland Security cyber security standards," continues The Hill. "The idea was to create a lighter touch ... to build incentives into the system," Associate Deputy Attorney General James Baker said. Meaning, many businesses wont bother to enforce--for better or worse.