OrinKerr

On appeal, it's the legal issues that matter. If a person hasn't committed a crime, their conviction should not stand no matter how unpopular they are.

If you're asking how to persuade the public, I think people get that it's a problem if their own routine conduct is a federal crime. Everyone visits websites; everyone violates terms of service. My sense is that even politicians realize something is very wrong if their own routine Internet use is somehow declared a federal crime.

The CFAA was enacted in 1986 to punish computer hacking. But Congress has broadened the law every few years, and today it extends far beyond hacking. The law now criminalizes computer use that "exceeds authorized access" to any computer.

The problem is that a lot of routine computer use can exceed "authorized access." Courts are still struggling to interpret this language. But the Justice Department believes that it applies incredibly broadly to include "terms of use" violations and breaches of workplace computer-use policies.

Breaching an agreement or ignoring your boss might be bad. But should it be a federal crime just because it involves a computer? If interpreted this way, the law gives computer owners the power to criminalize any computer use they don't like. Imagine the Republican Party setting up a public website and announcing that no Democrats can visit. Every Democrat who checked out the site could be a criminal for exceeding authorized access.

I'm waiting for the Abelson report to get a good sense of MIT's response. We'll know more when that report has been filed.

Actually, many other countries already have laws modeled off the CFAA. Importantly, though, it's not the existence of these laws that matters; it's their interpretation. At their best, laws against unauthorized access are about protecting privacy, which is a good thing. It's their misinterpretation that is the problem.