Tech Law

TOS Trivialities Could Become Law if DoJ Gets Its Way

Something as simple and common as using an online pseudonym could technically be a violation of the law if the United States Department of Justice gets what it wants.

The DoJ on Tuesday asked Congress to impose harsher penalties on various types of cyberactivities, including cybercrime.

The goal, DoJ Deputy Section Chief Richard Downing told the House Judiciary Subcommittee on Crime, Terrorism and Homeland Security, is to improve cybersecurity for the American people, the nation’s critical infrastructure and the federal government’s networks and computers.

To that end, the DoJ proposed revisions to the Computer Fraud and Abuse Act (CFAA) and related legislation.

These revisions call for much harsher penalties for cybercrime.

However, they also target people who breach a company’s terms of service (TOS) by providing false information about their identities. It’s this last suggestion that has aroused concern among civil liberties groups.

“The Department of Justice has used violations of terms of service as a predicate for prosecutions that are questionable,” Gregory Nojeim, a director at the Center for Democracy and Technology, told TechNewsWorld.

“These activities of violating terms of service when using an online service happen all the time,” Nojeim continued. “They can’t all be crimes, and the Justice department’s conduct in prosecuting crimes under CFAA shows that one cannot rely on prosecutorial discretion that only the appropriate cases will be brought to trial.”

The Department of Justice did not respond to TechNewsWorld’s requests for comment by press time.

What’s In a Name?

Perhaps the most contentious issue on the DoJ’s list is its suggestion that all breaches of a company’s terms of service should be considered crimes under the CFAA.

Civil liberties groups have pointed out that this would mean anyone providing false personal information to an online service would thus be criminalized.

“TOSes are like software license agreements; no one reads or understands them,” said information security expert Jeff Schmidt of JAS Global Advisors.

“Criminalizing the providing of false identifying information on social networking sites has profound implications,” Schmidt continued. “Many people use pseudonyms.”

Making the use of false identifying information a CFAA crime “also has extreme implications for free speech,” Schmidt said.

Hammering Cybercriminal Gangs

The DoJ also wants to include CFAA offenses under the Racketeering Influenced and Corrupt Organizations (RICO) Act.

People charged under the RICO Act face fines of up to US$25,000 and 20 years in prison on each count and the forfeiture of all ill-gotten gains. RICO also enables victims harmed by such enterprises to file civil suits and collect treble damages.

Making Money Off Cyberslips

A lot will ride on how strictly the DoJ will define a criminal gang. The DoJ says malicious activities directed at the confidentiality, integrity and availability of computers should come under the provision of the RICO act.

That doesn’t distinguish between cybercriminals who hack into computers for money and, say, a bunch of kids who pull a cyberprank.

That could see unscrupulous companies turning around and suing people for relatively minor acts to make money off their slips.

Should the DoJ back off from filing criminal charges in a questionable case, “making the RICO Act the CFAA predicate increases incentives for companies to bring questionable [civil] actions because treble damages are available,” the CDT’s Nojeim pointed out.

“The real concern here isn’t federal prosecution but civil lawsuits,” agreed JAS’ Schmidt.

Crime and Extreme Punishment

The DoJ also proposed harsher penalties for cybercrimes.

These include making the appropriate maximum sentence for each offense equal to the number of years currently designated for a second offense.

“First-time offender provisions allow the Justice Department to prosecute cases where the penalties are less in order to bring to a fair justice people who aren’t career criminals or repeat offenders in the hacking context,” the CDT’s Nojeim said.

Further, the DoJ wants to increase the maximum penalties in several cases, from five years to 20 in some instances.

1 Comment

  • This is just another case of bad law eroding liberty and justice for all.

    It goes directly to making it criminal to exercise your right to free speech.

    It also continues and encourages the egregious abuse of RICO laws which permit penalties to be assessed prior to any conviction and places defendants in the position of having to prove their innocence.

    The US already has in prison a higher percentage of our population than ANY other country in the world. (US – 715 per 100,000; Iran – 226 per 100,000; China – 119 per 100,000… even 2nd place Russia has only 584 per 100,000)

    Its hard to understand how Canada and Australia can manage with only jailing 116 per 100,000.

    We also have more lawyers per capita than any other country (1 for every 265 people including men, women and children).

    So are we really that more lawless than every other country?

    Or do we simply have too many lawyers, especially in the 170 (according to a recent count) in Congress.

    57 of these are in the Senate giving them a solid majority.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by Richard Adhikari
More in Tech Law

How often do you receive an email that you suspect is fraudulent?
Loading ... Loading ...

E-Commerce Times Channels