Subscribe to receive our Floor Reports covering all the action on the Texas House and Senate floor!
Before we comment on the merits of the bill, a brief primer on the background of this issue is in order. There has been much national attention to Sergey Aleynikov, who was convicted of stealing proprietary documents from Goldman Sachs. Although he was released after a successful appeal, he filed a counter-lawsuit this year against the FBI agents who prosecuted him in the original indictment. He contends that Goldman Sachs engaged in malicious prosecution and used “the American criminal justice system as their own private enforcement arm."
There is real concern in Texas and across the country about overly broad cybersecurity laws being used to criminalize the violation of End User License Agreements (EULA), Terms of Service Agreements (TOS), or the terms of a private contract. In the case of TOS and EULAs particularly, these tend to be the lengthy items of fine print that a person accepts (usually by filling a checkbox and clicking submit) when installing computer software. No government should serve as the enforcement arm for a software company that asserts its users are using the software improperly or in violation of the terms they agreed to. There should be no criminal penalty for such violations. That, along with breach of contract issues, is a matter for civil courts.
Our concern about HB 896 as reported from committee is that it would open up the sort of legal abuse described above. While that is clearly not the intent of the bill, it is a possible unintended consequence if the bill passes without being substantially improved.
The actual aim of the bill is to provide better law enforcement tools for cases of actual hacking and theft of data. Theft is theft, regardless of whether what is stolen happens to be in the form of digital files on a computer or physical printouts of those files. The format of what is stolen, which could include proprietary information valuable to competitors, personal data valuable for the purposes of identity theft, or any number of other possibilities is immaterial. To the extent that the bill aims to curb these issues, we support the bill.
However, in its current form the bill is deficient at achieving its own aims without opening the door to serious unintended consequences. For this reason, we oppose HB 896 unless it is amended to do the following:
1) Include additional mens rea protection to stipulate that a defendant charged under the new language that the bill adds for taking a file from a computer network can only be convicted if they had an intent to use that file to cause harm or damages, or to delete digital property
2) Modify the escalating series of penalties already in statute with a first violation starting at a level not greater than a Class A Misdemeanor, which would represent an improvement over current law and ensure that felony prosecutions focus on professional hackers who cause major damage.
While the first amendment is needed to address our objection to the bill, the second amendment concerning the penalty ladder would offer an advantage compared to existing law.