For decades, the Computer Fraud and Abuse Act served as the U.S. government’s most powerful tool to prosecute hackers. Over the years, virtually every high-profile cybercrime case in which federal prosecutors brought forth charges – from Aaron Swartz and Marcus Hutchins to Russian and Iranian -backed hacking groups – has used the CFAA as its cornerstone statute. As the U.S. heads into the 2018 mid-term elections, the government is facing intense political pressure to harden the security around election systems, while the Trump administration has also come under fire for not doing enough to draw bright lines around election infrastructure and signal to foreign nations that interference will come with great consequences.
Recent documents and comments from the Department of Justice indicate that when it comes to prosecuting the most high-profile form of interference – hacking and compromising voting machines – the government may end up going to war without its most potent weapon.
In July, the DOJ cyber digital task force released a report assessing the department’s work in the cyber arena. While it calls CFAA the “principal tool” for prosecuting computer-related crimes, buried within the report are several passages expressing skepticism over whether the law would apply to individuals who hack into electronic voting machines.
The CFAA “currently does not prohibit the act of hacking a voting machine in many common situations,” the report reads. “In general, the CFAA only prohibits hacking computers that are connected to the Internet (or that meet other narrow criteria for protection). In many conceivable situations, electronic voting machines will not meet those criteria, as they are typically kept off the Internet.”
Full Article: Does the CFAA apply to voting machine hacks? — FCW.