UPDATE 6/18/16: Steven Brown of the ACLU of Rhode Island reported earlier today that “H-7406A died a very quiet death in the early morning hours of June 18th.” Victory!
The Rhode Island legislature is considering a bill that could be used against whistleblowers who expose corporate malfeasance and anyone who neglects to read and understand website “terms of service”. The bill, 16-H 7406A/S-2584, has been proposed by the Attorney General and would make it a felony to obtain “unauthorized access” to a computer.
Although all of the testimony offered in support of the bill expressed the need to address the acts of individuals who hack into computers to “steal trade secrets or underbid competitors,” this bill criminalizes a wide array of activity far removed from the financial crimes it purports to be aimed at.
This bill is based on a federal law, the notorious Computer Fraud and Abuse Act (CFAA), that has been widely condemned for its inappropriate breadth. Most infamously, it was the crime that Internet activist Aaron Swartz was charged with after he accessed MIT’s computer network to download academic papers distributed by a subscription service. Potentially facing decades in prison, he tragically committed suicide before his trial.
Across the country, CFAA has also been used (sometimes successfully, sometimes not) to charge people for violating a website’s “terms of service,” such as creating a fake user account, and to convict an employee for deleting information from his office laptop after he had resigned. Passage of this bill could also have a chilling impact on whistleblowers who could be charged with a felony if they release information about their employer’s illegal activities that may have been obtained “without authorization.”
Along with the Rhode Island ACLU and other civil liberties and democracy organizations, we’ve sent a letter summarizing our concerns (below) and a longer memo (available here) to the legislature urging rejection of the bill: