The federal government should clarify the definition of “interception” under Title I of the Electronic Communications Privacy Act (ECPA) and reconsider the damages requirement for private claims in the Computer Fraud and Abuse Act (CFAA) in light of the often non-economic nature of privacy harms.A victim’s suffering is often not financial but emotional.
In 2010, the Byrds purchased a computer from Colorado Aaron’s, Inc. According to the suit, the store installed a brand-name RAT on the couple’s computer without telling them.
Employees then used the software to take webcam photographs, log messages, and capture screenshots, wrongly thinking the couple was behind on payments.
School districts have used RATs to spy on students in their bedrooms; rent-to-own computer stores have secretly watched their customers.
Online, at places like Hack Forums.net, individuals, often men, trade and sell access to strangers' computers, often women, gained via RAT.
(A related suit alleging RAT-enabled interception of privileged and confidential attorney work product is unfolding in Georgia.)* * *Another law integral to electronic privacy is the Computer Fraud and Abuse Act (CFAA), and, like ECPA, RATs were not considered when it was written.