The Dallas Morning News

What law is Assange accused of breaking?

Critics say vagueness of 1984 antihackin­g statute often abused

- By BRIAN FUNG

WASHINGTON — The crime U.S. authoritie­s have charged Wikileaks founder Julian Assange with wasn’t for publishing classified informatio­n, an accusation that some have said would amount to an attack on media freedoms.

Instead, federal officials accused Assange of violating a very different law when he allegedly conspired with former Army intelligen­ce analyst Chelsea Manning to try to break the password of a government computer and gain access to its secrets. It is unclear from the indictment whether Assange succeeded in breaking the password.

The law in question — the Computer Fraud and Abuse Act, the premier U.S. antihackin­g statute — makes it illegal to access a computer without authorizat­ion. But the 35yearold legislatio­n has long been dogged by critics who say the law’s vagueness has been abused to go after even relatively innocuous behavior by everyday Americans.

When the law was passed in 1984, it largely focused on unauthoriz­ed penetratio­n into government computers, said Paul Ohm, a professor in computer and privacy law at Georgetown University. But within a couple of years it was broadened significan­tly.

“It is really sweeping,” Ohm said. “And it’s been expanded in lots of ways to cover lots of unsavory activity involving computers, even if it’s activity we never would consider traditiona­l computer hacking. It’s become a sort of Swiss Army knife for punishing misconduct online.”

Assange is not the only foreign citizen to come into the law’s cross hairs. U.S. officials invoked the law to seek the extraditio­n of Lauri Love, a Briton who allegedly broke into the computer networks of the FBI, NASA and the Department of Energy in 2012 and 2013. Another British citizen, Gary Mackinnon, faced similar charges over his alleged hacking of the Defense Department in 2001 and 2002. Neither Love nor Mackinnon was successful­ly extradited to the United States — but a different fate may await Assange, whose arrest at the Ecuadorian Embassy in London came in response to a U.S. extraditio­n request.

The vagueness of the law, Ohm said, stems from varying interpreta­tions of its two key parts: A prohibitio­n on accessing a computer “without authorizat­ion,” and “exceeding” authorized access.

Exceeding authorized access was the key to an infamous case involving Aaron Swartz, an internet activist who committed suicide in 2013 after federal prosecutor­s accused him of hacking into a university computer network.

Swartz’s alleged crime was using an automated program to download large troves of publicacce­ss academic journals from the online database JSTOR. Swartz’s actions were a violation of JSTOR’S terms of service, but the transgress­ion gave prosecutor­s an opening to charge him under the Computer Fraud and Abuse Act. Swartz faced a maximum of 50 years behind bars and a fine of $1 million, but he hanged himself before the case went to trial.

Following Swartz’s death, Rep. Zoe Lofgren, DCalif., introduced legislatio­n to narrow the scope of the law. The bill did not pass.

Assange’s arrest could revive calls for the law to be narrowed in scope. But that may not shield him from prosecutio­n under the law. That’s because Assange’s charge of conspiring to break into a government computer hews much more closely to the law’s original intent, Ohm said.

“It would be a mistake to conflate this case with the really aggressive uses of the CFAA,” he said.

Newspapers in English

Newspapers from United States