Smartphones and the Computer Fraud and Abuse Act–Already Covered?

“Everything has a computer in it nowadays”

as we are told by Steve Wozniak, one of the co-founders of Apple Computer. See U.S. v. Kramer, 631 F.3d 900 (8th Cir. 2011). This quote was featured prominently in the Kramer opinion handed down on February 8, 2011 in which the United States Court of Appeals for the Eighth Circuit held that a cellular phone–used only to place calls and send text messages–is a computer as defined in the Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. § 1030, et seq.

According to  The Hill, earlier today two Senators sent a letter to the United States Department of Justice asking that the agency clarify its interpretation of the to include the protection of “smartphones”. (Senators say digital privacy law covers smartphones, Gautham Nagesh, The Hill, Apr. 13, 2011). Based upon the rationale of the Kramer Court in applying the definition of a computer as set forth in the CFAA, the Senators’ request should be honored.

In Kramer, the court observed that the definition of computer in the CFAA is exceedingly broad:

If a device is “an electronic … or other high speed data processing device performing logical, arithmetic, or storage functions,” it is a computer. This definition captures any device that makes use of an electronic data processor, examples of which are legion. Accord Orin S. Kerr, Vagueness Challenges to the Computer Fraud and Abuse Act, 94 Minn. L. Rev. 1561, 1577 (2010) (“Just think of the common household items that include microchips in electronic storage devices, and us will satisfy the statutory definition of ‘computer.’ That category can include coffeemakers, microwave ovens, watches, telephones, children’s toys, MP3 players, refrigerators, heating and air-conditioning units, radios, alarm clocks, televisions, and DVD players, in addition to more traditional computers like laptops or desktop printers.” Additionally, each time an electronic processor performs any task – from powering on, to receiving keypad input, to displaying information – it performs logical, arithmetic, or storage functions. These functions are the essence of its operation. See The New Oxford American Dictionary 277 (2nd ed. 2005) (defining “central processing unit” as “the part of the computer in which operations are controlled and executed .”).

U.S. v. Kramer, 631 F.3d 900, 902-03 (8th Cir. 2011). The court acknowledged that a normal cell phone might not easily fit within the cloak will definition of computer, but, that it was bound to follow the definition set forth in the CFAA. It further acknowledged that due to the sweeping nature of this definition, as technology continues to develop even more additional devices that use industry experts, much less Congress, could foresee being encompassed within this definition may nonetheless. Id. at 903 (citing 18 U.S.C. § 1030(e)(2)).

Very true. As we have all learned from the recent hacking involving Epsilon, data stored on smartphones is no different from data stored on a desktop computers–it is all worthy of protection. According to the CFAA’s definition of computer, it already is protected. Accordingly, if it is not doing so already, the Department of Justice should enforce such protections.

2 thoughts on “Smartphones and the Computer Fraud and Abuse Act–Already Covered?

This site uses Akismet to reduce spam. Learn how your comment data is processed.