Academic journal article Notre Dame Law Review

NO INTERNET DOES NOT MEAN NO PROTECTION UNDER THE CFAA: WHY VOTING MACHINES SHOULD BE COVERED UNDER 18 U.S.C. S. 1030

Academic journal article Notre Dame Law Review

NO INTERNET DOES NOT MEAN NO PROTECTION UNDER THE CFAA: WHY VOTING MACHINES SHOULD BE COVERED UNDER 18 U.S.C. S. 1030

Article excerpt

[T]hese [cyberattacks] are persistent, they are pervasive, and they are  meant to undermine America's democracy on a daily basis, regardless of  whether it is election time or not. Russian actors and others are  exploring vulnerabilities in our critical infrastructure as well....  The warning signs are there, the system is blinking, and that is why I  believe we are at a critical point. --Dan Coats, Director of U.S. National Intelligence, July 13, 2018 (1) 

INTRODUCTION

The threat of cyberattacks to America's networks is ever increasing. (2) Dan Coats, the Director of U.S. National Intelligence, addressed this problem in a speech before the Hudson Institute (3) on July 13, 2018. (4) Coats recalled the months before September 2001, when then-current CIA Director George Tenet said, "the system was blinking red." (5) Coats then alerted the Hudson Institute, "I'm here to say the warning lights are blinking red again. Today, the digital infrastructure that serves this country is literally under attack." (6) Coats identified Russia as being "the most aggressive foreign actor--no question." (7) Russia has become a global force in cyber warfare. (8) So far, the biggest target of their attacks has been the 2016 U.S. election. (9)

Largely in response to Russia's cyberattacks and continued cyberthreats, the U.S. Attorney General established a Cyber-Digital Task Force within the Department of Justice (DOJ) in February 2018. (10) This newly created task force released its first public report on July 19, 2018. (11) Then-Attorney General Jeff Sessions announced the release of the report, while promising that "[a]t the Department of Justice, we take these threats seriously." (12) The report was designed to answer the following question: "How is the Department [of Justice] responding to cyber threats?" (13) The report begins by discussing the threat of foreign influence operations, described by the Task Force as "one of the most pressing cyber-enabled threats our Nation faces." (14) Specifically, the Task Force focuses on the dangerous threat of Russia to U.S. elections. (15)

After detailing the scope of this and other threats, the Task Force outlines the key prosecutorial tools available to the DOJ in combating cyberattacks. (16) The first tool, which this Note will discuss at length, is the Computer Fraud and Abuse Act (CFAA), codified at 18 U.S.C. [section] 1030. (17) The CFAA falls at the top of the Task Force's list because, as it mentions, "[the CFAA] remains the... principal tool for prosecuting computer crimes." (18) Many other scholars have described the CFAA as the cornerstone of computer fraud litigation. (19) The Task Force provides a simple definition of the CFAA, explaining how it "gives the owners of computers the right to control who may access their computers, take information from them, change how the computers work, or delete information on them." (20)

Later in the report, after emphasizing Russian interference with elections as the principal cyberthreat and the CFAA as the principal prosecution tool, the Task Force asserts that "[the CFAA] currently does not prohibit the act of hacking a voting machine in many common situations." (21) The Task Force plainly states that "the CFAA only prohibits hacking computers that are connected to the Internet (or that meet other narrow criteria for protection)." (22) However, the text of the CFAA does not explicitly require that hacked computers be connected to the internet, nor have the courts interpreted this as a requirement of the CFAA. (23) Though most of Russia's known cyberthreats have not been aimed directly at the voting machine devices themselves, the Task Force's assertion still raises a big question: Does the CFAA only apply to internet-connected devices?

This Note seeks to answer that question, ultimately concluding that internet connection is not required for a computer to reach protected status under the CFAA. Part I of this Note describes the background of the CFAA, specifically detailing the types of crime it was meant to punish, its definition of "computer," and its definition of "protected computer" (which builds on the definition of "computer" by providing the jurisdictional hook). …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.