fb-pixel Skip to main content

Justice Department looks to sharpen computer crime law

WASHINGTON — Stung by recent court decisions that have gone against them, Justice Department lawyers are pushing to clarify a computer trespass law that critics malign as overly broad.

The 1986 law, known as the Computer Fraud and Abuse Act, was intended to punish hackers who breach someone else’s computer network and steal information from it.

But federal prosecutors have struggled at times in applying it to people who have permission to access a computer — a police department database, for instance, or a corporate network — but abuse that right by using it for purposes that have not been authorized.


The concerns attracted attention this year after President Obama suggested changes to the computer fraud law as part of a broader proposal. The Justice Department has appealed to Congress, which is expected to take up other cybersecurity measures in coming weeks.

‘‘These are really hard issues of what should the law cover and what should it not cover,’’ said Orin Kerr, a law professor at George Washington University in Washington, D.C. ‘‘It’s totally understandable that we’re having this discussion and not sure what the answer should be, because this is a new kind of technological problem.’’

Critics, including judges, have long expressed concern that people could be prosecuted under the antifraud law for computer use that while technically unauthorized, is nonetheless benign. An appeals court raised the prospect that checking sports scores at work could theoretically lead to prosecution, though the Justice Department says it has never had any interest in going after that kind of behavior.

Justice Department lawyers have sought to allay those fears by proposing to narrow the circumstances for prosecution, such as in instances when someone knowingly exceeds authorized access or when the computer access targets a government database or was part of another felony such as blackmailing a colleague.


‘‘What we need is a law that makes clear that if you exceed authorized access for nefarious purposes . . . that that’s a violation of the law,’’ said Assistant Attorney General Leslie Caldwell.

Senators Lindsey Graham, a South Carolina Republican, and Sheldon Whitehouse, a Rhode Island Democrat, have drafted legislation similar to the Justice Department proposal that could be introduced soon.

Even some critics of the existing law say they believe the government already has enough tools to punish computer crime, without making the proposed changes.

‘‘All of this is a solution in search of a problem,’’ said Hanni Fakhoury, a staff attorney at the Electronic Frontier Foundation, a privacy group.