Skip the navigation

Senator's claims of CIA violating computer fraud act shaky, legal expert says

Establishing CFAA liability could be uphill task for Sen. Dianne Feinstein

March 13, 2014 06:44 AM ET

Computerworld - Sen. Dianne Feinstein's (D-Calif.) claim earlier this week that the CIA violated provisions of the Computer Fraud and Abuse Act (CFAA) when it accessed computers used by members of the Senate Intelligence Committee, could be hard to substantiate, according to a leading legal expert.

For one thing, it's not clear whether the CIA had rights to the accessed computers, at least as defined under the CFAA, said Orin Kerr, a law professor at the George Washington University Law School and a former trial attorney at the U.S. Department of Justice.

It's also not clear if the restrictions the Intelligence Committee had in place for governing access to the computers were strong enough to trigger a CFAA access violation claim, Orin wrote in a blog for Lawfare.

Earlier this week, Feinstein accused the CIA of illegally accessing computers used by members of the Senate Intelligence Committee to investigate the agency's detention and interrogation practices during the George W. Bush administration.

The CIA set up the Intelligence Committee's computers at a facility in northern Virginia to enable committee members to review tens of thousands of documents, memos, and other files pertaining to the CIA's interrogation practices.

The only CIA officials who were supposed to have access to the network were the agency's IT personnel, who were not permitted to share information gathered from the system with others at the agency.

According to Feinstein, however, CIA officials accessed the network anyway and removed documents that would have cast an unfavorable light on the agency's detention and interrogation practices. CIA officials accessed the walled-off committee network to remove documents previously provided to them by the CIA and to access the committee's internal work and communications, Feinstein charged Tuesday.

She alleged the agency's actions violated the CFAA's provisions against unauthorized access to a protected computer and an executive order prohibiting the agency from conducting domestic searches.

The CFAA is a federal statute that makes it illegal for someone to knowingly access a computer without authorization or to exceed authorized use of a system. It is an online anti-trespassing law that has gained considerable notoriety in recent years because of the manner in which over-zealous prosecutors have used the law to prosecute crimes for which it was never intended.

Critics have claimed that the ambiguous wording of the law allows prosecutors to pursue felony charges against individuals for minor terms of service and computer misuse violations.

Courts around the country have been split on how the law should be interpreted. Some courts have held that people with valid access to data on a computer cannot be held liable under CFAA if they later abuse that access to steal, sabotage or misuse the data. Other courts have ruled the opposite way.

Our Commenting Policies
Blog Spotlight

This pilot fish is a contractor at a military base, working on some very cool fire-control systems for tanks. But when he spots something obviously wrong during a live-fire test, he can't get the firing-range commander's attention.