Cybersecurity: Recommendations Regarding the CFAA

 
Cybersecurity: Recommendations Regarding the CFAA
Names
University
 
Cybersecurity: Recommendations Regarding the CFAA
Ladies and gentlemen,
Information Technology is an integral part of our lives. We use computers in everything from commerce and defense to entertainment. However, computing has created an interconnected ecosystem to the extent that one malicious agent has the potential of wreaking havoc on entire economies. Take the credit card fraud case in New Jersey, in 2013, for example. That case indicted some individuals who stole over $300 million from companies such as Visa, Carrefour, and even NASDAQ – the largest fraud in the US history.
Thus, today, I wish to talk about some of the legal and legislative measures that the authorities have taken to ensure that future cybersecurity threats are dealt with comprehensively within the confines of the law. Specifically, my focus would be on the Computer Fraud and Abuse Act (CFAA). I will explain some of the recommendations regarding the implementation of the Act that I think would make it properly applicable in the ever-changing arena of technology, and ultimately, allow it to bolster cybersecurity.
I will divide my recommendations into three sections – those that must be implemented, those that I highly recommend, and those that I generally recommend.
The “Must Implement” Recommendations
Let me start by reminding you that most authorities around the world go to great lengths to protect the information technology assets that are used in critical operations, such as governance, energy, and defense. In the US, the government even introduced the legal provision for ‘protected computers.’ These, as the National Information Infrastructure Protection Act (of 1996) puts it, are:
(1)	exclusively for the use of the Government of the United States, or
(2)	are used by or for the Government of the United States and such conduct affects that use by or for the Government of the United States.
Moreover, it is illegal for people to tamper with the Government’s computing assets in a manner that leads to espionage, fraud, trespassing, among other concerns. 
However, my main concern with these legal provisions is that they tend to be too vaguely worded, which has resulted in unfortunate incidences like that of the wrongful prosecution of Aaron Swartz, which ultimately led to his suicide. As the House Representative from California, Zoe Lofgren, put it in an Huffington Post article (in 2013), Americans were deeply troubled. People had now learnt that existing legislations like the CFAA (which was first enacted in 1986) could give the justice system room to misinterpret user agreement provisions of online services, leading to overly punitive sentences even in cases where no malice or misuse was intended.
Now apart from requiring the legislature to reword the laws to make them a bit more pragmatic, I would also wish to see authorities keeping abreast of the latest technological advancements to help them define what a “computer” is when applying the CFAA. In the United States v. Neil Scott Kramer (of 2011) case, for instance, the courts relied on the definition of a computer as found in 18 U.S.C. § 1030(e)(1), which states that a computer is a :
an electronic, magnetic, optical, electrochemical, or other high speed data processing device performing logical, arithmetic, or storage functions, and includes any data storage facility or communications facility directly related to or operating in conjunction with such device, but such term does not include an automated typewriter or typesetter, a portable hand held calculator, or other similar device …
However, I have a problem with that definition because it fails to appreciate that computing is a rapidly advancing technological field and that more electronic devices could act as computers even if they do not have the physical features of common computing devices.
My proposal would be for the legislature to employ computing specialists who could foresee how future computing devices could look like. That way, the laws would cover any crimes that could occur regarding information technology in posterity.
Apart from that, there are other laws that I would also highly recommend in matters concerning cybersecurity as pertains to the CFAA.
The “Highly Recommend” Recommendations
Let me bring your attention to how the CFAA has evolved over the years. Let me start with the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act (of 2001) – which is a mouthful for what we usually call the Patriot Act. The main repercussion of this law is that it allows the government to spy on its citizens illegally – and that is using the same technologies that it discourages its citizens from tampering with. This weakness was first highlighted by a New York Times report (in 2005) titled Spy Agency Mined Vast Data Trove. We got wind that President Bush was essentially above the