Lorenzo Franceschi-Bicchierai – Mashable Jan 16, 2013
The law that was used to prosecute Internet freedom activist and hacker Aaron Swartz could be amended in the near future — at least that’s what Democratic California Rep. Zoe Lofgren wants.
“We should prevent what happened to Aaron from happening to other Internet users,” Lofgren wrote on her Reddit post.
Lofgren called her proposal “Aaron’s Law.” The core of Lofgren’s proposal is to make the violation of an online service’s user agreement (commonly referred to as “terms of service”) a non-criminal activity. She underscored the importance of reforming a law that dates back to 1986 and one that’s being harshly critiqued.
“The government was able to bring such disproportionate charges against Aaron because of the broad scope of the Computer Fraud and Abuse Act (CFAA) and the wire fraud statute,” wrote Lofgren. “It looks like the government used the vague wording of those laws to claim that violating an online service’s user agreement or terms of service is a violation of the CFAA and the wire fraud statute.”
After Swartz’s death on Friday, his friends and supporters pointed fingers at what some consider his prosecutor’s overzealous behavior. Lawyer and prominent Internet thinker Lawrence Lessig likened the prosecution to “bullying.” Swartz was facing a maximum of 35 years in prison and up to $1 million in fines.
Marcia Hoffmann, a senior staff attorney for the digital rights advocacy group the Electronic Frontier Foundation, criticized the CFFA in a post published on Monday. The key to Swartz’s case, according to Hoffmann, was that the prosecution was accusing him of gaining unauthorized access to MIT’s network to download scholarly articles. The CFAA makes it a felony to access a computer network “without authorization” or in a manner that “exceeds authorized access.”
“Unfortunately, the law doesn’t clearly explain what a lack of ‘authorization’ actually means,” Hoffmann wrote in the post. “Creative prosecutors have taken advantage of this confusion to craft criminal charges that aren’t really about hacking a computer but instead target other behavior the prosecutors don’t like.”
But Lofgren’s proposal might not be enough to solve this issue. “It’s a great first step,” Hoffman told Forbes. “But if it’s trying to make sure what happened to Aaron can’t happen to someone else, it needs to do more.”
Tor Ekeland, a lawyer who has worked in the recent case of a hacker who published the email addresses of 114,000 iPad users, which AT&T left visible on a public website, agrees that an eventual reform to the CFAA needs to tackle this issue.
“Unauthorized access is nowhere defined in the [CFAA] and the case law is hopelessly confused on this point,” he wrote in Forbes. “The [CFAA] is a prosecutor’s wet dream and a defendant’s nightmare. Amending the definition of unauthorized access to exclude [terms of service] violations is just putting a band aid on a gaping, gushing wound.”
Lofgren’s draft hasn’t been introduced to the house yet — she posted it on Reddit to receive feedback and suggestions from the online community. So there’s a possibility that her actual proposal will address these issues. “Lofgren’s bill is a good start,” Lessig told TIME