US anti-fraud law makes deleting browser history a crime punishable by 20yrs in jail
The Sarbanes-Oxley Act was signed into law by President Bush in 2002, largely in response to the 2001 Enron scandal. Though it deals mostly with corporate financial reporting, it is now being used for an entirely different purpose.
Khairullozhon Matanov, a former taxi driver and acquaintance of the Boston Marathon bombers, is due in court next week. But it's not because he knew about the bombings beforehand, or because he participated in the attacks.
Instead, his crime was deleting his browser history in the days following the bombings. He's been charged with obstruction of justice for the deed, and could spend the next 20 years in prison.
Prosecutors are clutching to one section of the Sarbanes-Oxley Act, which details severe penalties for "destroying, mutilating, concealing, falsifying records, documents, or tangible objects" with intent to impede or stall a federal investigation.
A Grand Jury indictment from May 29, 2014 states that Matanov “deleted a large amount of information from his Google Chrome Internet cache" following the bombing, including "references to the video of the suspected bombers [later identified as the Tsarnaevs]...two of the photographs of the bombers released at approximately the same time...[and] a photograph of Officer Sean Collier, who had been allegedly killed by Dzhokhar and Tamerlan Tsarnaev.”
Matanov also faces three other counts stemming from allegations that he lied to investigators about his activities and relationship with the Tsarnaev brothers. Those carry a sentence of up to eight years each.
Although he maintains his innocence, Matanov pleaded guilty to all charges earlier this year, hoping that the US district judge will accept his plea agreement for a 30-month sentence.
Many online have responded to news of the Sarbanes-Oxley Act being used against internet users, expressing anger that a seemingly innocent task could land a person in jail for two decades.
Uhm, WTF, Sarbanes-Oxley can be applied to people, in private, outside work. For deleting browser history?! http://t.co/wE451UDo73
— Wille (@wfaler) 5 июня 2015
The senior staff attorney for the Electronic Frontier Foundation, Hanni Fakhoury, says that Washington wants – and believes it is entitled to – all online data for policing purposes.
"Don't even think about deleting anything that may be harmful to you, because we (the government) may come after you at some point in the future for some unforeseen reason and we want to be able to have access to that data. And if we don't have access to that data, we're going to slap an obstruction charge that has as 20-year maximum on you,” Fakhoury told The Nation.
Others were quick to point out that the law only applies to those who knowingly delete data with intent to impede or stall a federal investigation.
But according to The Nation's Juliana DeVries, the law can be applied broadly because prosecutors “do not have to show that the person deleting evidence knew there was an investigation underway.”
She cited the case of David Kernell, a University of Tennessee student who entered Sarah Palin's email account in 2010 and changed her password to “popcorn.”
Although entering Palin's email was considered a misdemeanor, Kernell was convicted of a felony for deleting his internet history afterwards because his alleged awareness of a potential investigation into his conduct was enough to uphold the charge.
For the moment, it remains unclear just how broadly the Sarbanes-Oxley Act can be used by prosecutors in the digital age, or how much data citizens should preserve in case they find themselves part of an investigation.