Vote Recommendation | Economic Freedom | Property Rights | Personal Responsibility | Limited Government | Individual Liberty |
---|---|---|---|---|---|
Vote No; Amend | Neutral | Neutral | Neutral | Negative | Neutral |
Before
we comment on the merits of the bill, a brief primer on the background of this
issue is in order. There has been much national attention to Sergey Aleynikov, who was convicted of stealing proprietary
documents from Goldman Sachs. Although he was released after a successful
appeal, he filed a counter-lawsuit this year against the FBI agents who
prosecuted him in the original indictment. He contends that Goldman Sachs
engaged in malicious prosecution and used “the American criminal justice system
as their own private enforcement arm."
There
is real concern in Texas and across the country about overly broad cybersecurity
laws being used
to criminalize the violation of End User License Agreements (EULA), Terms
of Service Agreements (TOS), or the terms of a private contract. In the case of
TOS and EULAs particularly, these tend to be the lengthy items of fine print
that a person accepts (usually by filling a checkbox and clicking submit) when
installing computer software. No government should serve as the enforcement arm
for a software company that asserts its users are using the software improperly
or in violation of the terms they agreed to. There should be no criminal
penalty for such violations. That, along with breach of contract issues, is a
matter for civil courts.
Our
concern about HB 896 as reported from committee is that it would open up the sort
of legal abuse described above. While that is clearly not the intent of the
bill, it is a possible unintended consequence if the bill passes without being
substantially improved.
The
actual aim of the bill is to provide better law enforcement tools for cases of
actual hacking and theft of data. Theft is theft, regardless of whether what is
stolen happens to be in the form of digital files on a computer or physical
printouts of those files. The format of what is stolen, which could include
proprietary information valuable to competitors, personal data valuable for the
purposes of identity theft, or any number of other possibilities is immaterial.
To the extent that the bill aims to curb these issues, we support the bill.
However,
in its current form the bill is deficient at achieving its own aims without
opening the door to serious unintended consequences. For this reason, we oppose
HB 896 unless it is amended to do the following:
1) Include additional mens rea protection to stipulate that a defendant charged under the new language that the bill adds for taking a file from a computer network can only be convicted if they had an intent to use that file to cause harm or damages, or to delete digital property
2) Modify the escalating series of penalties already in statute with a first violation starting at a level not greater than a Class A Misdemeanor, which would represent an improvement over current law and ensure that felony prosecutions focus on professional hackers who cause major damage.
While the
first amendment is needed to address our objection to the bill, the second
amendment concerning the penalty ladder would offer an advantage compared to
existing law.