A Sigh of CFAA Relief For Those Of You With Fake Facebook Profiles
The Senate Judiciary Committee held an executive business meeting on Thursday, September 22nd, to address these conflicting viewpoints, as part of a larger effort to work through a number of different pending cybersecurity bills. On the agenda was S.1151, the Personal Data Privacy and Security Act of 2011 (Leahy, Schumer, and Franken); S.1408, the Data Breach Notification Act (Feinstein); and S.1535, the Personal Data Protection and Breach Accountability Act of 2011(Blumenthal).
In response to the concerns articulated above, an amendment to S.1151 was adopted by the Judiciary Committee that clarifies the circumstances where “exceeding authorized access” will constitute a felony under the CFAA. Specifically, if the amended S.1151 passes, any “access in violation of a contractual obligation or agreement, such as an acceptable use policy or terms of service agreement, with an Internet service provider, Internet website, or non-government employer, if such violation constitutes the sole basis for determining that access to a protected computer is unauthorized” would not constitute a felony.