• United States



I support ‘Aaron’s Law’ — for now

Jan 16, 20133 mins
Data and Information SecurityIT Leadership

Congresswoman Zoe Lofgren proposes an amendment to the computer fraud law in honor of Aaron Swartz. I support it, though not unconditionally.

I’m all for cracking down on fraud. But in the case of Aaron Swartz, the government took things too far.

Swartz, the 26-year-old co-creator of RSS and Reddit who died Friday by his own hand, was charged with wire fraud, computer fraud and other crimes after he accessed and downloaded over 4 million articles from the JSTOR online database through MIT’s network. His cause — making information more freely available on the Internet and opposing government and corporate secrecy — was admirable.

His methods were wrong. But his transgressions were not severe enough to justify holding a 35-year prison sentence over his head. That’s where the government’s prosecution went astray.

[Also see: Three must-reads on the legacy of Aaron Swartz]

It’s a classic case of the government abusing its power. So when someone in Congress puts forth a bill or amendment to limit that power, I’m inclined to support it. And so I support Congresswoman Zoe Lofgren’s proposed amendment to the Computer Fraud and Abuse Act (CFAA) — sort of.

Details from our story:

Swartz allegedly intended to distribute a significant proportion of JSTOR’s archive through file-sharing sites. If convicted, he could have faced up to 35 years in prison and a fine of US$1 million. The government was able to bring disproportionate charges against Swartz because of the broad scope of CFAA and the wire fraud statute, wrote Representative Zoe Lofgren in a post on Tuesday on the Reddit news-sharing site in which Swartz played a key role. “It looks like the government used the vague wording of those laws to claim that violating an online service’s user agreement or terms of service is a violation of the CFAA and the wire fraud statute,” she said.

The proposed amendment to the CFAA (Section 1030(e)(6) of title 18, United States Code) excludes access in violation of an agreement or contractual obligation, such as an acceptable use policy or terms of service agreement, with an Internet service provider, Internet website, or employer, if such violation constitutes the sole basis for determining that access to a protected computer is unauthorized.

You can read the full bill here.

Ever since 9-11, we’ve seen the government’s power greatly expanded for the purpose of tracking down potential terrorists. We’ve also seen the government taking things too far with everything from unjustified wireless wiretapping to targeting citizens with drones. In Swartz’s case, you had a prosecution running wild with the law, finding ways to push for a prison sentence that was way out of proportion with the misdeeds in question.

If Lofgren’s bill can put limits on this abuse of power, I’m all for it.

The reason I do so conditionally is because I admit I’m not a know-it-all. I read the proposed amendment and it looks reasonable, but I lack the legal savvy to spot every possible hole.

I’m waiting to see what the legal scholars have to say about this before I support it unconditionally.

Whatever happens, I appreciate Lofgren’s effort. Swartz deserved better, after all.