Here’s a fascinating – and chilling – article by a former head of the Justice Department’s computer crime unit describing a recent decision by a federal appeals court in California. A routine discovery dispute has produced a decision that potentially expands the scope of federal computer crime law to include many activities that have nothing to do with computers.
It began when a lawyer in a civil lawsuit issued a subpoena to the opposing party’s ISP for all the e-mails sent or received by the opposing party. After a flurry of law and motion practice, the subpoena was quashed as overbroad.
So far it’s business as usual. But then the lawyers for the ISP’s customer went after the other lawyers and their client for accessing their emails “without authorization” in violation of U.S. computer crime laws. A lower court threw out the case, but last month the appeals court let them proceed under this theory.
The appeals court means well, but the logic of its decision leads to unexpected results.
”This decision, while motivated by a legitimate desire to protect privacy and force lawyers to obey the rules, nevertheless dramatically expands the meaning and intent of the computer crime in a way that could permit hundreds of thousands of people to be prosecuted.
“Moreover, it represents a trend to use concepts as “trespass” and “unauthorized use” to criminalize things like sending e-mail to people who don’t want it, viewing competitor’s public information and Web pages, and even using a work computer for personal purposes. The laws were designed to prosecute people who hack into computers and steal information.
“Let’s face it, virtually all of the information that might be sought by subpoena in civil or criminal cases is likely created on, stored on, processed in, or transmitted through a computer. Credit card bills, phone records, word processing documents, letters, correspondence, memos — virtually anything but hand written notes require someone to access a computer to obtain them.
“The California decision makes any access to such information a crime, unless it is obtained with effective consent. Overbroad subpoenas, fraud, trickery or deceit all vitiate consent, and render the access to the information criminal.
“If we now call overbroad subpoenas an unauthorized access, then unwanted e-mail is a trespass. Linking to someone’s website without permission is likewise a trespass. Reading personal e-mail on a corporate computer exceeds the scope of authorization to use the computer, and is therefore a crime. We have so expanded the scope of criminal law that it includes virtually anything we do on a computer. You can’t go through a day in cyberspace without committing at least one felony and a host of misdemeanors.”