The Computer Fraud and Abuse Act (18 U.S.C.  1030) (CFAA) represents the main federal cause of action against unauthorized intrusion into computer systems and networks.  In relevant part, the statute prohibits users from intentionally accessing a protected computer without authorization, or “exceeding authorized access” to that computer.  Members of Congress have floated conflicting proposals to amend the statute.

SIIA’s Government Affairs Council met to identify the organization’s policy priorities for 2014.  Following the meeting, which took place Wednesday, SIIA announced that it will continue to take a leadership role in promoting the economic and social value of data-driven innovation, and to advocate for policies that enable innovation, rather than creating broad restrictions on the collection and use of data. SIIA also said that a top legislative priority in the year ahead will be enactment of patent litigation reform and legislative measures that assure that digital content providers can control the distribution of their products and services.

Today, legislation is being introduced in the House and Senate that would weaken the Computer Fraud and Abuse Act (CFAA), a long standing law that is critical to software and digital content companies to protect their networks and the intellectual property in their products and services.  The intent of the proposal is to reign in the possibly overzealous use of this statute by U.S. prosecutors in some recent cases, including the case that led to the tragic suicide of Aaron Swartz.  While the bill is well intended and seeks to address real concerns, the proper fix is to clarify the prosecutorial guidelines, not a wholesale rewriting and weakening of the underlying statute.