when no one really knows if you broke the law
When the courts encounter computer science and chemistry, the end result isn't sophisticated regulation but utter confusion as judges and lawyers try to figure out what's legal, what's not, and what should be.
Ignorance of the law is no excuse we’re told when we try to defend ourselves by saying that we had no idea that a law existed or worked the way it did after getting busted. But what if not even the courts actually know if you broke a law or not, or the law is just so vague or based on such erroneous ideas of what’s actually being talked about, that your punishment, if you would even be sentenced to one, is guaranteed to be more or less arbitrary? This is what an article over at the Atlantic about two cases taken on by the Supreme Court dives into, asking if there will be a decision that allows vague laws to be struck as invalid because they can’t be properly enforced and rely on the courts to do lawmakers’ jobs. Yes, it’s the courts’ job to interpret the law, but if a law is so unclear that a room full of judges can’t agree what it’s actually trying to do and how, it would require legislating from the bench, a practice which runs afoul of the Constitution’s stern insistence on separation of powers in government.
Now, the article itself deals mostly with the question of how vague is too vague for a judge to be unable to understand what the law really says, which while important in its own right, is suited a lot better to a law or poly-sci blog than a pop science and tech one, but it also bumps into poor understanding of science and technology creating vague laws intended to prevent criminals on getting off on a technicality. Specifically, in the case of McFadden v. United States, lawmakers didn’t want someone who gets caught manufacturing and selling a designer drug to admit that he indeed make and sell it, but because there’s one slight chemical difference between what’s made in his lab and the illegal substance, he’s well within the law, leaving the prosecutors pretty much no other choice but to drop the matter. So they created a law which says that a chemical substance “substantially similar” to something illegal is also, by default, illegal. Prosecutors will have legal leverage to bring a case, but chemists say they can now be charged with making an illegal drug on a whim if someone finds out he or she can use it to get high.
Think of it as the Drug War equivalent of a trial by the Food Babe. One property of a chemical, taken out of context, compared to a drug that has some similarity to the chemical in question in the eyes of the court, but instead of being flooded with angry tweets and Facebook messages from people who napped through their middle school chemistry, there’s decades of jail time to look forward to at the end of the whole thing. Scary, right? No wonder the Supreme Court does want to take another look at the law and possibly invalidate it. Making the Drug War even more expensive and filling jails with even more people would make it an even greater disaster than it has been already, especially now that you’re filling them with people who didn’t even know that they were breaking the law and the judges who put them there were more worried about how they were going to get reelected than whether the law was sound and the punishment was fair and deserved. Contrary to popular belief of angry mobs, you can get too tough on crime.
But if you think you’re not a chemist, you’re safe from this vague, predatory overreach, you are very wrong, especially if you’re in the tech field, specifically web development, if the Computer Fraud and Abuse Act, or the CFAA has anything to say about it. Something as innocuous as a typo in the address bar discovering a security flaw which you report right away can land you in legal hot water under its American and international permutations. It’s the same law which may well have helped drive Aaron Schwartz to suicide. And it gets even worse when a hack you find and want to disclose gives a major corporation grief. Under the CFAA, seeing data you weren’t supposed to see by design is a crime, even if you make no use of it and warn the gatekeepers that someone could see it too. Technically that data has to be involved in some commercial or financial activity to qualify as a violation of the law, but the vagueness of the act means that all online activity could fall under this designation. So as it stands, the law gives companies a legal cover to call finding their complete lack of any security a malicious, criminal activity.
And this is why so many people like me harp on the danger of letting lawyers go wild with laws, budgets, and goal-setting when it comes to science and technology. If they don’t understand a topic on which they’re legislating, or are outright antagonistic towards it, we get not just typical setbacks to basic research and underfunded labs, but we also get laws based on a very strong desire to do something, but not understanding enough about the problem to end up with good laws that actually deal with the problem in a sane and meaningful way. It’s true with chemistry, computers, and a whole host of other subjects requiring specialized knowledge we apparently feel confident that lawyers, business managers, and lifelong political operatives will be zapped with when they enter Congress. We can tell ourselves the comforting lie that surely, they would consult someone before making these laws since that’s the job, or we can look at the reality of what actually happens. Lobbyists with pre-written bills and blind ambition result in laws that we can’t interpret or properly enforce, and which criminalize things that shouldn’t be illegal.