"Aaron's Law" introduced in Congress to reform computer fraud law
Rep. Zoe Lofgren (D-Calif.) and Sen. Ron Wyden (D-Ore.) introduced a new bill into Congress Thursday, geared toward reforming the laws used to charge Internet activist Aaron Swartz with multiple felonies for downloading academic journal articles in 2011.
The bill, titled Aaron’s Law Act of 2013, is named for Swartz, who, facing up to 35 years in prison for what Lofgren and Wyden called “an act of civil disobedience,” committed suicide in January. Written in consultation with government officials, advocacy groups, businesses and the Reddit community, Aaron’s Law seeks to update the language of the Computer Fraud and Abuse Act (CFAA), much of which was authored in 1986.
According to Lofgren and Wyden in an editorial for Wired, the central problem with the CFAA is the vagueness of its provisions. For example, the act, authored years before the invention of the World Wide Web, states that anyone who “intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains information from any protected computer” can be sentenced to 10 years in prison.
“Confused by that?” wrote Lofgren and Wyden. “You’re not alone. Congress never clearly described what this really means...so lying about one’s age on Facebook, or checking personal email on a work computer, could violate this felony statute.”
In other words, according to the Columbia Journalism Review, the ambiguity of the CFAA means that the same laws used to prosecute Bradley Manning for allegedly leaking classified military information can be used to go after Internet users for violating the lengthy “terms of service” agreements attached to most products accessed online.
The problem of vagueness is only compounded by the fact that some of these laws overlap with one another in scope, giving the government the ability to charge offenders multiple times for the same violation. “This is, in fact, what happened to Aaron Swartz,” they wrote, “more than a third of the charges in the superseding indictment against him were under this redundant CFAA provision.”
The reforms proposed in the brief, 63-line bill are aimed at limiting the breadth and severity of the CFAA by striking redundancies and clarifying ambiguous language like “exceeds authorized access” (as in the aforementioned provision).
If passed, the bill will narrow the authority of the CFAA, but other laws on wire fraud and theft of trade secrets are already in place to protect against the most threatening abuses.
“Aaron’s Law is not just about Aaron Swartz,” wrote Lofgren and Wyden, “but rather about refocusing the law away from common computer and Internet activity and toward damaging hacks.”
Photo by Peretz Partensky/Flickr