Justice Department 'Warns' It Can't Prosecute Election Hacking. Warning, Or Invitation?
With people nervously gnawing their nails down to the bone as the 2018 midterms rapidly approach, election hacking has (finally) become a concern. Unfortunately, the DOJ doesn't think it has the legal authority to prosecute anyone even if they're caught hacking a voting machine. We're not what you'd call "experts," but we're pretty damn sure that's not Obama meant when he said, "elections have consequences."
Kim Zetter over at Motherboard was poring over a DOJ report on all computery and lawery things law enforcement officials have been trying to do to combat cybercrime when they noticed a little snippet about securing our elections. According to the report, the DOJ just doesn't have enough fucks to give when it comes to securing our elections because -- get this! -- voting machines aren't computers.
The principal statute used to prosecute hackers—the Computer Fraud and Abuse Act (“CFAA")—currently does not prohibit the act of hacking a voting machine in many common situations. In general, the CFAA only prohibits hacking computers that are connected to the Internet (or that meet other narrow criteria for protection). In many conceivable situations, electronic voting machines will not meet those criteria, as they are typically kept off the Internet. Consequently, should hacking of a voting machine occur, the government would not, in many conceivable circumstances, be able to use the CFAA to prosecute the hackers. (The conduct could, however, potentially violate other criminal statutes.)
How the DOJ suddenly arrived at this conclusion despite almost three decades of prosecutions and idiotic civil suits is beyond our comprehension. Considered the bane of the hacking world since its Reagan-era inception, the CFAA is the purposefully vague law used by the government and corporations to prosecute and sue suspected cyber criminals. It's been amended half a dozen times since the 1980s so that it's easier find hackers, charge/sue them, and seize their assets. 'MERICA!
The CFAA has been called "the worst law in technology" because it allows companies to sue people for innocuous violations of terms of service agreements -- those stupid pop-ups that nobody ever reads -- and because many provisions are redundant, allowing prosecutors to charge the same crime multiple times.
There's even a cheesy (and slightly dated) song.
During a hearing before the Senate Judiciary Committee's Subcommittee on Crime and Terrorism, Associate Deputy Attorney General Sujit Raman said voting machines don't fall within the definition of the CFAA due to a snag in its Commerce Clause. TLDR: The law is useless because it can only prosecute crimes involving money and communications; it says nothing about voter fuckery. Raman says that the DOJ needs to amend the CFAA to specifically address electronic voting machines and "ensure that any attempts to manipulate the results of an election can be prosecuted to the fullest extent under federal law."
We're calling bullshit.
As the de facto law on cybercrime, the CFAA has been used for years to unfairly prosecute people. To suddenly worry that a bonged-out law student might make such a half-assed defense is laughable. In the past the CFAA has been used to prosecute students for attempting to publish flaws in city transit cards, and for cyberbullying on MySpace. In 2013 a US attorney busted MIT student/internet pioneer Aaron Swartz for pirating academic journals, but Swartz tragically killed himself when the government insisted "stealing is stealing," and charged him with $1 million in fines and 35 years in prison.
The DOJ says voting machines aren't connected to the internet or networked, and are therefore immune from the CFAA, but that's just ignorant. Election systems HAVE TO connect to the internet on election night! It's also been proven that some companies installed dangerous remote access software. Some poll workers even leave voting machines networked through wired and wireless connections because they're lazy! This argument is the equivalent of asking, "How is babby formed?"
The CFAA is intentionally broad and vague so that the government can go apeshit, and it has. Uncle Sam's banhammer doesn't need to be wrapped in barbed wire and set on fire just to go after Russian or Republican election fuckery. If anything, we should be limiting the use of CFAA, and creating new laws that specify how we conduct elections. We need to be leaving paper trails of our voting records, conducting regular audits of voting machines, and using open source software so that our elections are cheaper, safer, and 100% transparent.
There's decades of legal precedent that says the DOJ can prosecute election hacking based on existing laws. The fact that they're saying they can't almost looks like an invitation.
Wonkette is ad-free and supported SOLELY by YOU. Hit the tip jar below, won't you?