Washington, DC (TFC) – In the United States, computer crimes are typically prosecuted under an obsolete and anachronistic law known as the Computer Fraud and Abuse Act, or simply CFAA. The CFAA is a vague piece of shit legislation, written in a time before personal computers were in everybodys homes and pockets, and before the internet as it exists today even existed. At its heart, the law was intended to protect U.S. Government computer systems, systems owned and operated by financial institutions, as well as computers “affecting interstate and foreign commerce and communications”. Because the internet is, by design and by definition, nothing more than a collection of computers affecting interstate and foreign commerce and communications, the CFAA can be applied to virtually anyone, anytime, and for almost any reason.
Since being enacted into law in 1986, the CFAA has been the favorite means of the U.S. Government to prosecute everybody, from Kevin Mitnick to Aaron Swartz. Violations of the CFAA can carry as much as a life sentence in some cases, and have carried potential restitution totaling over a million dollars. Violations of the CFAA can range from simply violating a websites terms of service to distributing malicious code; from trafficking in passwords, to hacking government networks. Any computer or network that could reasonably be described using the intentionally vague adjective “protected” is covered by the CFAA. In practice, the CFAA can be applied to any number of activities not explicitly written into the law, depending essentially on who you’ve managed to piss off and how important they think they are.
In 2012, for instance, Adam Nafa was charged with violations of the CFAA for making a YouTube video promoting Op Telecom, a DDoS in protest against Verizons systematic corporate greed and their efforts against the proposed Net Neutrality Act. Adam was charged with conspiracy to damage a protected computer under 18 U.S.C. 1030 (c)(4)(B) (i) and (ii), despite the fact that the proposed DDoS never actually took place. Simply suggesting that it should take place was enough for the government to arrest Adam and charge him with conspiracy to violate the CFAA. After being threatened with years in prison and exorbitant punitive restitution, Adam was forced to accept a plea deal for probation and restitution totaling $18,500, even though no damage was ever done to Verizons’ networks. The proposed DDoS never actually took place.
From the time of his arrest until the time he accepted his plea deal, Adam was prevented from using a computer for any reason, including assisting in his own defense, potentially violating his 6th amendment rights. As a condition of his plea deal and subsequent probation, Adam was given strict computer use monitoring and restrictions. In essence, Adam made a YouTube video that pissed off Verizon enough to sic the might of the U.S. Government on him and attempt to crush him under the weight of the cumbersome CFAA. Resistance is futile, dissenters will be shot on site; we’ll bill you for the bullet later.
In 2012, a man named Higinio Ochoa, also known as W0rmer, was charged with multiple violations of the CFAA. Before he was even convicted of a crime, as a condition of his bond, he was completely banned from using a computer of any sort for any reason, again potentially involving his 6th amendment rights. In order to fulfill the conditions to secure his release from prison, he too was ordered to participate in strict computer monitoring. A somewhat amusing, albeit unintended side effect of his post release restrictions was that he was, for all intents and purposes, unable to even apply for employment: another condition of his release. This created a sort of slapstick feedback loop wherein he could not be released unless he accepted gainful employment but could not apply for employment to begin with due to his overbearing computer use restrictions, and the fact that most employers do not even offer paper applications anymore. Short of scribbling his resume on a piece of cardboard with a crayon and standing outside of Starbucks shaking a cup, he was screwed. Somewhat comically, he was banned from using any cell phone that has access to the internet. Trying to find a phone these days that cannot access the internet is about as easy as trying to find a rainbow colored Unicorn that grants magical wishes. Before Higinio could even attempt to abide by the conditions of his release, his wife and newborn son were forced to move 4 hours away from his hometown and his family because the government allegedly was unable to monitor his computer use where he had intended to live, a dubious claim at best.
One final and particularly troubling example is the case of Jon Cowden. Jon was charged and found guilty of violating the CFAA in relation to his attack on a state-run Israeli government website. He was also charged with hacking Mayor Francis Slay of St. Louis during the Occupy camp evictions. Jon accepted a plea deal for 21-27 months in prison, which was later reduced to 15 months due to mitigating circumstances that included a prior diagnosis of bipolar disorder, manic depression, and alcoholism. Jon has suffered severe PTSD as a result of his incarceration, which continues to be debilitating to this day. Jon’s post release restrictions have had tragically damaging consequences that have made it impossible for him to find work, and therefore support himself. All of Jon’s computer use is monitored as a condition of his release. He is also required to notify any potential client or employer that they are subject to federal search and seizure of all electronics, should Jon decide to break the law again. Jon is essentially required to wear his conviction like a scarlet letter and inform anyone who might be remotely interested in hiring him that he is a potentially massive liability, to the effect that he is now homeless and has been completely unable to find work for himself.
Computer use restrictions are not unique to Hacktivists prosecuted in the United States. Most so-called western countries have their own laws that mimic or mirror the CFAA in whole or in part. Adam Bennet, aka Lorax, arrested in Australia for allegedly hacking government websites, has been subject to harsh internet use restrictions since his arrest. As his case drags its way through the Australian court system, Adam is only allowed to use the internet for communicating with his lawyer to assist in his own defense and for conducting financial transactions, a particularly amusing fact considering that the CFAA in the U.S. was intended specifically in part to protect financial institutions. Two people arrested in connection with Adam’s case, “absantos” and “rax,” are currently under similar restrictions. None of these individuals have been convicted of a crime. Two people arrested in Italy in connection with Operation Green Rights, and three arrested in France in relation to other Hacktivism related computer crimes are all facing similarly oppressive restrictions. None have been convicted of any crime.
These are but a few cases where egregious and punitive computer use restrictions have had devastating consequences for not only the individual convicted, but their friends and family as well. These restrictions exist solely as a result of the terms of laws like the CFAA and the leeway given to prosecutors, judges, and probation officers in deciding how much and how long a person convicted of a computer related crime should suffer for their sins. If Jon Cowden had flown to Israel and simply unplugged the server hosting the website he was convicted of hacking he would likely face jail time, but would not have to suffer the consequences of his computer use restrictions, even though the result would be essentially the same. The website would go down, Jon’s point would be made, but his life would not be in the shambles it is today.
But that’s the point, isn’t it? Where sentencing guidelines and plea deals fall short, the Government has itself a mighty hammer in computer use restrictions, to the effect that everyone starts to look like a nail. Computer use restrictions are, in effect, an invisible prison that surrounds an individual arrested for or convicted of computer crimes. Unlike someone convicted of any number of violent felonies who can serve his sentence and walk away with his freedom,people convicted under the CFAA and similar laws may find themselves imprisoned after release for some minor insignificant violation of their computer use restrictions, regardless of the nature of the violation or even if the violation was intentional or not.
As in the case of Jon Cowden, computer use restrictions can and often do affect a persons ability to find employment. Aside from the obvious impossibility of submitting or even creating a resume without use of a computer, employers are often uncomfortable hiring someone who brings with them the baggage of constant computer monitoring and the implied liability and potential financial loss that comes with hiring someone shackled by computer use restrictions. This has the effect of forcing often talented computer programmers and engineers to accept employment outside of their knowledge base, for a fraction of the pay they could otherwise earn if they were able to work in their own field. In order to pay restitution, a person needs a job. In order to get a job, most people need to have some access to computers, including the internet. If a person cannot pay his restitution he will eventually be returned to prison: and on, and on, and on.
As has been demonstrated, computer use restrictions are often more damaging to the individual, the friends, and the families of those convicted than their inevitable detention and incarceration, and in fact may lead to further detention and incarceration down the road. These people were convicted of nonviolent, essentially victimless crimes, yet face continued incarceration, even where there are no bars, no guards, no shanks, no strip searches. These people were activists behaving in what they believed was the most moral way they knew how, prosecution be damned. They chose to stand up for a cause in which they believed and as a result they get to bend over and take it, years after their incarceration has ended. Computer use restrictions that include computer monitoring represent one way for the government to keep a person incarcerated indefinitely and beyond the terms of their pleas or sentences. They are applied exclusively to people convicted of violating laws like the CFAA, and disproportionately to Hacktivists specifically.
Computer use restrictions are but one glaring symptom of a fundamental disconnect between how the law sees Hacktivists and how Hacktivists see themselves. The cops, judges, and prosecutors watch too much TV, basing their opinions on the last cheesey action movie where some kid takes out the entire internets. Rather than educate themselves about the technology and the reality of just how little actual damage is ever really done, they rely on pure fiction and innuendo to demonize Hacktivists in the minds of the public, and indeed in their own minds. On the other hand, you have Hacktivists who are intimately familiar with the technology and the reality of what kind of damage is actually done during the commission of their so called crimes. They see themselves as being on the morally right side of things, little more than protesters trying to be proactive in affecting change in the only way they know how. While the governments who prosecute these cases would have us believe that but for their swift and merciless action we would all be sent back to the stone age every time some kid DDoSed Walmart, the reality is far more benign. The so called victims in all of these cases are the corporations who are killing us and the Governments that allow them to do it. That a conflict of interest may exist in even prosecuting these cases is lost on them entirely.
For more information on the CFAA, Computer Use Restrictions, and Hacktivism related arrests in general, please visit http://www.freeanons.org.
~Sue Crabtree, Guest Fifth Columnist