Earlier this week, we discussed the tragic news of Reddit pioneer Aaron Swartz's suicide on this blog. The feds, as you may recall, had been building a Computer Fraud and Abuse Act (CFAA) case against Swartz over the last two years, after he allegedly violated the terms of service (TOS) for JSTOR, a digital library of academic journals and books. The case was set to go to trial in April, and Aaron faced millions of dollars in fines and up to 35 years in prison, The New York Times reports.
JSTOR, notably, urged prosecutors to drop the case, according to Silicon Valley's KNTV.
Swartz's family blames the government for their loss, claiming the death was "the product of a criminal justice system rife with intimidation and prosecutorial overreach." Now, Rep. Zoe Lofgren, a Democrat from California, is introducing Aaron's Law, a CFAA amendment that would eliminate future TOS violation prosecutions, The Guardian reports.
The government was able to bring such disproportionate charges against Aaron because of the broad scope of the Computer Fraud and Abuse Act (CFAA) and the wire fraud statute. It looks like the government used the vague wording of those laws to claim that violating an online service's user agreement or terms of service is a violation of the CFAA and the wire fraud statute.
The Electronic Frontier Foundation, one of the leaders in the charge for CFAA change since Swartz's death, suggests that Lofgren's bill should be the start -- not the end -- of Congress' CFAA review. Marcia Hofmann, a senior staff attorney at the EFF, tweeted, "Kudos to Rep Lofgren for her swift response. But her bill wouldn't have prevented Aaron's prosecution under the CFAA or wire fraud law." Hoffman also said the bill needed strengthening before it went before Congress, The Guardian reports.
Swartz's prosecution was by no means the first of its kind. Last year, the Ninth Circuit Court of Appeals dismissed a CFAA charge against a California man who convinced his former colleagues to use their log-in credentials to transfer information from a confidential company database to him.
Chief Judge Alex Kozinski, writing for the majority, reasoned that a phrase in the CFAA, "exceeds authorized access," is limited to violations of restrictions on access to information, and not restrictions on its use. Kozinski said that the CFAA was designed to penalize hackers, and the government's interpretation of the "exceeds authorized access" provision could yield absurd results.
- Aaron's Law (Rep. Zoe Lofgren's Office)
- Aaron Swartz's Suicide Prompts MIT Soul Searching (Time)
- DOJ Won't Ask for Supreme Court Review of CFAA Hacking Decision (FindLaw's Supreme Court Blog)
- Fourth Circuit Refuses to Apply CFAA to Employee Data Breach (FindLaw's Fourth Circuit Blog)