That's what the Model Penal Code attempts to do, as the Uniform Commercial Code attempts to do for commercial relations. But different people have different ideas about what the model template should be, and the 57 varieties of US law reflect the different concerns of different people at the time those laws were made - in the case of the CFAA, owners of large expensive computer infrastructure.

It is all fraud.

I envy your certitude.

I understand why we have different laws in different jurisdictions. That is something different, and it doesn't mean we should have overlapping, duplicative, inconsistent legislation within a single jurisdiction, e.g. at the federal level.

>in the case of the CFAA, owners of large expensive computer infrastructure.

Which is the problem. That was a long time ago, those were different people than we are today and things have changed. It is time to reconsider.

Yes, things have changed. But the responsibility for updating the law lies with the legislative branch, not so much the executive.

I thought this was a discussion about "In the Wake of Aaron Swartz's Death, Let's Fix Draconian Computer Crime Law"? I would certainly agree that to do that we should be appealing to the legislators rather than the prosecutors, but I'm not sure what all that has to do with what we were most recently discussing.

You think the issues are simple and that these specific laws about fraud are duplicative; my view is that they're not that simple and that factors like non-locality demand greater specificity. Although I don't think the CFAA is a very good piece of legislation, I completely disagree with your suggestion that's it's unnecessary.

I can think of umpteen ways to get out of a fraud charge by playing definitional games once computers are introduced. For example: 'sure, it said on the screen that pressing enter I was promising X to be true, and I hit Enter knowing X to be false. But you haven't shown that any human ever reviewed the transaction, and a computer system isn't a person; so it's meaningless to say that I deceived the computer, therefore no fraud took place.' bullshit, of course, but new legislation is often introduced precisely because defendants are acquitted thanks to such technicalities.

I'm glad you agree that the CFAA is problematic. I think we may to some extent be talking past each other.

What I am objecting to is legislation in the style of the CFAA. Notwithstanding the name, it is barely addressed to fraud at all. It concerns itself primarily with unauthorized access, arguably a component of certain types of fraud, but which is a completely ridiculous thing to legislate against. Because while it is probably safe to assume that unauthorized access is generally bad, the question of how bad is determined entirely by the specific facts of the case. If you access a computer (e.g. your family member's work laptop) "without authorization" in order to check your own email, that is on an entirely different planet from doing so in order to obtain military secrets in preparation for a terrorist attack. The entire world of possible criminal penalties lives between those extremes. So prohibiting what is quite plausibly the precursor to an entire legal code worth of different crimes is totally absurd because there is no sane way to assign proportional penalties to it -- if you assign penalties greater than those of the most trivial of offenses then you create a disproportional penalty for such offenses just because a computer was involved and even trivial offenses are, as a rule, unauthorized. In theory one might argue that unauthorized access should still be an offense with the lowest of maximum penalties, e.g. a $100 fine, but with penalties that low it just seems like a waste of effort to even bother with it. And it sounds like you may agree with some of that, though I'm not sure what possible value you think can be salvaged from it.

What you're talking about with electronic forms perhaps not matching up with 20th century fraud legislation is a completely different animal. I think as a general rule that is the sort of thing that judges are able to see through, but in specific cases where this has failed to occur it naturally makes sense for the legislature to update the statute.

I'm just still not clear why you believe it should be a separate statute rather than merely a collection of relatively minor updates to long-standing law. I don't see how setting up a fake physical storefront and then collecting layaway deposits before skipping town to the next state should require a distinct piece of legislation from doing the exact same thing with a website. Perhaps the language will have to be adjusted to make sure the new offenders fall into scope, but why should the penalties be different? Or (in broad strokes) the elements of the crime? Or the intent requirement? Why reinvent the wheel? If you reinvent the wheel you get untested catastrophes like "unauthorized access to a computer."