Earlier this month, during the opening day of the Austin music festival South by Southwest, an audience gathered to commemorate the life and achievements of Reddit founder Aaron Swartz, who—faced with serious computer-related charges—recently committed suicide with the weight of litigation and public pressure on his shoulders.
Aggressive prosecution under the Computer Fraud and Abuse Act has become the rule rather than the exception in the U.S.
Earlier this week, a federal judge sentenced notorious hacker Andrew Auernheimer to 41 months in prison for illegally accessing email addresses and other data belonging to more than 120,000 iPad subscribers from AT&T’s networks, reports Computer World, in conjunction with the Computer Fraud and Abuse Act.
AT&T alleged it spent more than $73,000 for breach notifications as a result of Auernheimer’s actions. However, in addition to full restitution for damages, U.S. District Judge Susan Wigenton of the District Court in New Jersey also attached a prison term.
The breached email addresses belonged to many high-profile names: New York Mayor Michael Bloomberg, New York Times CEO Janet Robinson, ABC’s Diane Sawyer, movie producer Harvey Weinstein, and former White House chief of staff Rahm Emmanuel, to name a few.
But, the true high-profile matter at hand is neither the fame of the hacker nor the celebrity of his victims. It’s the law regulating Internet use and its huge consequences for all world-wide-web users today.
Both private and public lawyers, including the Department of Justice, have been using the Computer Fraud and Abuse Act to prosecute computer hackers and laypersons alike. Anybody who violates the “terms of service” policy is at risk.
These days, a terms of service policy is more prevalent on websites than legal disclaimers, which only increases your risks of being in violation. Unfortuntately, people are unaware of the law, as well as the fine print it’s regulating.
“When judges or academics say that it is wrong to interpret a law in such a way that everyone is a felon, the Justice Department has usually replied by saying, roughly, that federal prosecutors don’t bother with minor cases—they only go after the really bad guys,” writes Tim Wu in an op-ed for The New Yorker.
“That has always been a lame excuse—repulsive to anyone who takes seriously the idea of a ‘a government of laws, not men.’ After Aaron Swartz’s suicide, the era of trusting prosecutors with unlimited power in this area should officially be over.”
Although the constitutional implications of this law are vast, it’s really the pragmatic ones that are of concern for law firms.
Law firms should take the time to understand this law before creating internal Internet policies. For example, what is your law firm policy on Internet use on company time? What about for desktop computers in the office vs. laptops that employees take home?
Under the Computer Abuse and Fraud Act, employees potentially face criminal sanctions by merely checking the latest Facebook posting or sporting events scores at work when it is not “authorized” by the firm (although more recent cases of litigation are going the other way).
Who is liable for potential breaches of the “terms of service” under the Computer Fraud and Abuse Act when employees use firm laptop computers out of the office?
Furthermore, are your clients aware of all the implications of this law for their business and home life?
In light of Aaron Swartz’s suicide, law firms should start to consider providing counseling for those clients who are being prosecuted. Swartz’s suicide is an apt reminder that while you—as a lawyer—may be comfortable with the progress and success of a case, your client may feel uncertain about both its future and his own.
What routines and practices has your law firm put in place to put at ease the minds of its clients?
Whatever your view on the legitimacy of the Computer Fraud and Abuse Act, it’s important to keep up with its most recent developments. The Volokh Conspiracy Blog provides occasional updates on its status in courts and Congress here.
Some argue, like Wu for The New Yorker, that America’s Common Law ancestry leads to a “rule of a lenity”, where ambiguous criminal laws should (de jure and de facto) favor the defendant.
The Supreme Court states, “When choice has to be made between two readings of what conduct Congress has made a crime, it is appropriate, before we choose the harsher alternative, to require that Congress should have spoken in language that is clear and definite,” (via The New Yorker).
However, if this week’s events surrounding iPad hacker Andrew Auernheimer and his 41 months in prison is any indication, a rule of lenity doesn’t seem to be much of a rule these days at all.
For more information on the Computer Fraud And Abuse Act, and its implications for your law firms, click here.
In 2011, over 100 employers were accused of improper social media practices or policies, according to The Center For Competitive Management. If not to protect your employees from strict law enforcement, protect your firm.
If you’re unsure where to start, try research and a round-table discussion with a mix of junior and senior attorneys. Along with administrators, ask the group to create a social media policy that reflects their own opinions on the matter. Most likely, your employees will know best what types of social media uses actually constitute abuses.
A round-table discussion will also ensure your employees take the time to read workplace policy; after all, they helped write it.
Finally, if you’re still stuck finding solutions, start by attending C4CM’s course on audio CD, Developing a Social Media Policy: Clear Guidelines to Prevent or Reduce Employment-Related Problems.