Profile picture
Orin Kerr @OrinKerr
, 17 tweets, 5 min read Read on Twitter
DOJ released a report on computer crime recently, and I'm puzzled by a big question it raises: Does the CFAA only apply to Internet-connected computers? Here's a thread on why. The report is here: justice.gov/ag/page/file/1…
The report suggests that electronic voting machines usually are not, in DOJ's view, "protected computers" under the CFAA -- that hacking a voting machine isn't a CFAA crime. Here's the report language. /2
According to DOJ, the CFAA "only prohibits hacking computers that are connected to the Internet," unless other criteria are met (like fed government computers, presumably). But where is DOJ getting the idea that the CFAA usually only applies to net-connected machines? /3
Here's the definition of protected computer from 18 USC 1030(e)(2). Note the language, "affecting interstate commerce," in blue. That language was added in 2008 to expand the jurisdictional scope of the CFAA from computers merely “used” in interstate commerce.
As I explained in this 2011 article, "affecting interstate commerce" is a term of art in federal crim law that means to the full scope of the commerce clause power --including the aggregation theory of Gonzales v. Raich. Key reasons why in box below. minnesotalawreview.org/wp-content/upl… /5
Why does DOJ seem to be saying that the meaning of "protected computer" is pretty much what it was before the pre-2008 amendment, not after the 2008 amendment? One possibility is that they are being misled by a 2012 magistrate judge's R&R, US v. Kane. /6 volokh.com/wp-content/upl…
Here's an explanation of why the magistrate judge's R&R was wrong on that front, though: it was following a 2005 precedent from before the statute was amended. volokh.com/2012/10/15/mag…
Beyond that, I'm not sure what their thinking is as to why the CFAA doesn't extend to electronic voting machines; I would think it does. As someone who has generally favored narrower readings of the CFAA, perhaps I shouldn't complain if DOJ is reading the law narrowly. /8
But note that the DOJ report is arguing for expansions of the CFAA to specifically include voting machines, so it's important to get a shared baseline sense of what the statute does cover before amending anything. /9
One explanation may be that this is just the report of the AG's Cyber Digital Task Force, not officially the DOJ's position. But looking at the members of the task force and the list of contributors, it's not obvious that there is a significant distinction between those. /10
Alternatively, perhaps this is an issue where the statute's text supports a broad reading but DOJ may feel there is prosecution risk in pressing that view because some courts may not embrace it? Not sure. /11
It's also possible that this is a fake problem that enables a fake solution: By suggesting the CFAA doesn't apply to voting machines, Congress can "do something" about election hacking by passing a law that explicitly covers voting machines -- even though the law covers this now.
UPDATE: I came across this passage from DOJ testimony from last week that appears to explain DOJ's concern. judiciary.senate.gov/imo/media/doc/…
I would think this is overly cautious, though. I'm not the world's biggest fan of the Raich aggregation theory, but it doesn't seem hard to argue that computers, in the aggregate, have an effect on interstate commerce. I suppose the counterargument could be that computers. . .
solely used as voting machines, and never connected to a network, may not have an aggregated effect on interstate commerce. But my recollection is that Raich focused on whether the conduct regulated by the statute as a whole had that effect. Here the statute prohibits . . .
unauthorized access to all protected computers, which seems more easily to fit within Raich (not withstanding the circularity problem -- it regulates what can be regulated, but what is that?).
But I suppose if DOJ wants to take the view that the Commerce Clause authority is narrow, and computers have to be connected to the Internet to be regulated by the commerce clause, that's an unexpected limit in the CFAA that is worth noting.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Orin Kerr
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!