Let's say you take part in a chat room discussion about a computer crime that someone else ends up committing. You're could be guilty of "conspiring to commit" that offense and face the same punishments. Or perhaps you have legal access to data for one purpose but use it for another -- say, posting it to a publicly available website. You could be found guilty under the new provisions of the CFAA. Of course, the penalties get stiffer and the list of stuff the feds can take away from you grows longer.
We know that in the knife drawer of intellectual prowess Congress is brimming with spoons. We know that some duly elected members really did believe that the Internet was made up of tubes, possibly like the pneumatic ones you see at drive-through bank tellers. We know many of them couldn't spell "SQL injection" even if you spotted them all the consonants and most of the vowels. But even by those debased standards, this is moronic.
Meanwhile, there's an epidemic of actual cyber crime going on right under their noses, attacking the very people Congress likes to claim as its core constituents: small-business owners. Real criminals are stealing real money from real people. Why? Because small businesses have more money than individuals but far fewer protections in place than Fortune 2000 companies.
In the first six months of last year, the rate of hack attacks targeting small businesses doubled, according to Symantec. Verizon's most recent report on data breaches details nearly 900 attacks -- three-quarters of them against businesses with 100 employees or less. Average loss per business? Nearly $200,000 per incident, says Symantec.
That is actual cyber crime. Downloading academic papers, scraping email addresses, and sharing URLs and/or logins in chat rooms? Not so much. With such limited resources available to public prosecutors and so much pressure to cut them even further, why are they wasting them on these guys? Because they can. It makes for good headlines. And the CFAA gives them a mighty big hammer to go after a few tiny nails.
The EFF, the Internet Defense League, and other activists have declared this Fix #CFAA week, calling for Congress to roll back the excesses of the act and reform it in the right direction -- for example, removing criminal penalties for minor violations of a website's terms and conditions, and to make penalties for actual criminal activity proportionate to the crimes committed.
These aren't complicated ideas. Let's hope Congress can muster up enough gray matter to understand them and respond in the right way.
Where do you stand on the CFAA? Get on your soapbox below or send me a frothy email: email@example.com.
This article, "Think cyber crime laws are bad now? Wait till you see the latest proposals," was originally published at InfoWorld.com. Follow the crazy twists and turns of the tech industry with Robert X. Cringely's Notes from the Field blog, and subscribe to Cringely's Notes from the Underground newsletter.