Nomination of Loretta E. Lynch to be Attorney General of the United States
Questions for the Record
Submitted February 9, 2015
QUESTIONS FROM SENATOR FRANKEN

Question 1. The Computer Fraud and Abuse Act (CFAA) has received attention for its
potentially harsh penalties. In 2013, I wrote a letter to the Department of Justice expressing my
concern about the way in which Aaron Swartz was aggressively prosecuted under the CFAA,
and associating myself with a similar letter by Senator Cornyn. The Department’s response was,
in short, that the prosecution of Swartz was consistent with the Act. Since then we have heard
many people – from all over the political spectrum – call for reform of the CFAA. Recently, the
White House announced a proposal to amend the Act. Some have characterized the proposal as a
step in the wrong direction, noting – for example – that it would increase certain sentences. What
is your assessment of these criticisms, and what is your opinion of the proposal?
RESPONSE: I believe that the Department of Justice has a responsibility to protect Americans
from invasions of their privacy and security by prosecuting and deterring computer
crimes. Accordingly, we must ensure that the CFAA, like all of our tools, remains up-to-date
and reflects the changes in the way that cybercrimes are committed, changes that have occurred
in the decades since it was first enacted. For example, I understand that the Administration’s
proposals include provisions designed to facilitate the prosecution of those who traffic in stolen
American credit cards overseas, to enable the Department to dismantle botnets that victimize
hundreds of thousands of computers at a time, and to deter the sale of criminal “spyware.”
With respect to the sentencing provisions contained in those proposals, I believe it is appropriate
to ensure that, in the event a defendant is convicted of a hacking offense, the sentencing court
has the authority to impose a sentence that fits the crime. For example, the enormous harm
caused by the massive thefts of Americans’ personal financial data from retailers illustrates the
need to ensure that the maximum sentences available are adequate to deter the worst
offenders. As the level of harm caused by the worst cybercrimes increases, I support increasing
the maximum penalties available to punish those crimes to a level commensurate with similar
crimes, such as mail fraud or wire fraud.
It is also important to understand that these statutory maximum sentences do not control what
sentence is appropriate for less significant offenses under the CFAA. In many criminal
prosecutions, including prosecutions under the CFAA of all but the most serious offenses, the
statutory maximum penalty has little or no impact on the sentencing of convicted
defendants. Instead, in each case, prosecutors make individualized sentencing recommendations,
and judges make individualized decisions, based on such factors as the facts of the case, the
offender’s history, and the U.S. Sentencing Guidelines.
Finally, I note that the Administration’s 2015 proposal does not include any new mandatory
minimum sentences, and I support the decision not to seek any such new sentences in the CFAA
at this time.
1 
 

 Question 2. Last year, President Obama announced several reforms to the NSA’s surveillance
programs. This included a new policy that permits companies to release certain, limited
information about the number of National Security Letters they receive annually. The Attorney
General was authorized to set guidelines on this new transparency provision. I was pleased to see
transparency measures included in the reforms. As I have often noted, I believe increased
transparency is needed so that the public has the information it needs to make informed
judgments about these programs.
Unfortunately, the guidelines that were issued only allow companies to disclose broad ranges of
the number of National Security Letters they have received, and do not allow companies to say if
they have received no letters whatsoever.
Last Congress, we failed by a close vote to reach cloture on the motion to proceed to the USA
FREEDOM Act, a major NSA surveillance reform bill. The bill included strong government
transparency provisions, which I was proud to write with Senator Heller. Those provisions
promised to give the American people important information about the numbers of Americans
who had their information collected by the government under the different surveillance laws, and
they would have allowed companies to make more significant public disclosures. Will you
commit to reviewing DOJ’s transparency policies governing surveillance programs and consider
issuing more robust guidelines?
RESPONSE: Although I have not had occasion as a United States Attorney to consider these
questions, it is my understanding that the Administration supported the USA Freedom Act, and
that the Department of Justice has played a significant role in enhancing the ability of companies
to provide additional transparency. Should I be confirmed as Attorney General, I look forward
to continuing the Department’s efforts to enhance transparency to the greatest extent possible
consistent with protecting our national security and to work with the Intelligence Community
and Congress.
 

2