On September 15, the Senate Judiciary Committee adopted an amendment to Chairman Patrick Leahy’s data breach bill that would fix much of the troubling overbreadth in the Computer Fraud and Abuse Act (CFAA). The amendment, which was sponsored by Senators Franken, Grassley and Lee, passed with bipartisan support, including that of Senator Leahy. If enacted into law, it would ensure that mere violation of a terms of service agreement with a website or online service provider could not be grounds for a federal felony prosecution under the CFAA. CDT and a broad ideological coalition recently wrote Senators Leahy and Grassley to explain our concerns with the existing law, and today that same coalition wrote both senators again to thank them for their responsiveness to our concerns.
[T]he amendment would remove the possibility that the statute could be interpreted to allow felony prosecutions of ‘access in violation of a contractual obligation or agreement, such as an acceptable use policy or terms of service agreement, with an Internet service provider, Internet website, or non-government employer, if such violation constitutes the sole basis for determining that access to a protected computer is unauthorized.’