ACLU files lawsuit over U.S. anti-hacking law

Facebook’s political influence under a microscope as elections rage
June 29, 2016
Facebook offers limited detail on formula behind News Feed
June 29, 2016
This post was originally published on this site

The American Civil Liberties Union said it filed a lawsuit in U.S. federal court on Wednesday challenging the constitutionality of an anti-hacking law, arguing it prevents academics and others from collecting data to investigate whether online algorithms may be discriminatory.

The lawsuit claims the Computer Fraud and Abuse Act (CFAA) infringes the U.S. Constitution’s First Amendment protections of speech, the press, and a right to petition the government. It was brought by the ACLU on behalf of a group of university professors and First Look Media, which publishes the news site The Intercept, against U.S. Attorney General Loretta Lynch. The lawsuit was reviewed by Reuters.

The Computer Fraud and Abuse Act has been routinely criticized in recent years by open internet advocates and civil libertarians, who say the 30-year-old statute is outdated, overly broad and carries excessively harsh penalties that often target nonmalicious behavior.

The ACLU said interpretations of the statute have chilled internet research by making it unlawful to violate a website’s terms of service agreements, which sometimes prohibit automated tracking of publicly available data about a site and its users even if done for legitimate purposes.

CFAA “is creating a significant barrier to research and testing necessary to uncover online discrimination in everything from housing to employment,” ACLU staff attorneys Esha Bhandari and Rachel Goodman, who are litigating the case, said in a statement.

Plaintiff Christian Sandvig, an associate professor of information and communication at the University of Michigan, said the law has caused him and a colleague to fear prosecution because they are conducting a study on whether real estate websites use big data analytics to display different advertisements to users on the basis of race or other factors.

The Computer Fraud and Abuse Act came under fire in 2013 after internet activist Aaron Swartz committed suicide shortly before he was due to face charges he used the Massachusetts Institute of Technology’s computer networks to steal academic articles.

Bipartisan congressional lawmakers have introduced legislation, dubbed Aaron’s law, that seeks to curb some of CFAA’s penalties. Those proposals have not moved forward.

Assistant Attorney General Leslie Caldwell has defended CFAA as the central law used to pursue malicious hackers, and said last year that prosecutors do not seek to use it against individuals engaging in “legitimate activity.”

Wednesday’s suit, Sandvig v. Lynch, was filed in the U.S. District Court for the District of Columbia.

(Editing by Matthew Lewis)