Named for Aaron Swartz — the programmer and digital activist who took his life while facing data theft charges — the proposed legislation would ease punishments stemming from an antiquated law under which Swartz was charged, the Computer Fraud and Abuse Act (CFAA).
Rep. Zoe Lofgren (D-Calif.) is backing the House version; Sens. Ron Wyden (D-Ore.) and Rand Paul (R-Ky.) are supporting the Senate’s companion bill to the CFAA that would ensure more reasonable punishments.
Carmen Ortiz, prosecutor in the Swartz case, was widely criticized for requesting Swartz spend 35 years in prison and pay $1 million in fines for gaining unauthorized access to JSTOR, a subscription-based digital repository for academic journals and papers.
The penalties were above what most rapists, bank robbers and even some terrorists would receive despite Swartz hurting nobody and having the support of his University in the matter.
The new legislation would look to specifically address unreasonable and aggressive prosecutors like Ms. Ortiz who despite their years of legal training cannot separate youthful experimentation from dangerous criminal behavior.
"At its very core, CFAA is an anti-hacking law,” said Lofgren in a statement. “Unfortunately, over time we have seen prosecutors broadening the intent of the act, handing out inordinately severe criminal penalties for less-than-serious violations.”
“Violating a smartphone app’s terms of service or sharing academic articles should not be punished more harshly than a government agency hacking into Senate files,” said Wyden in a statement, referring to a CIA report acknowledging it infiltrated Senate computers and likely subverted the course of democracy.
Aaron’s Law would change the definition of “access without authorization” in the CFAA so it more directly applies to malicious hacks such as sending fraudulent emails, injecting malware, installing viruses or overwhelming a website with traffic.
“The CFAA is so inconsistently and capriciously applied it results in misguided, heavy-handed prosecution,” Wyden said. “Aaron’s Law would curb this abuse while still preserving the tools needed to prosecute malicious attacks.”
The new bill would also remove provisions in the current law allowing prosecutors to add up extensive prison sentences for individuals charged with multiple CFAA violations. This is exactly the tactic Carmen Ortiz used which resulted in the death of a bright young engineer. With the number of unreasonable prosecutors like Ms Ortiz, who focus solely on their own careers and have little respect for the rule and spirit of law, the lawmakers hope to prevent tragedies from happening in the future.
“It's time we reformed this law to better focus on truly malicious hackers and bad actors, and away from common computer and Internet activities,” Lofgren said.
This is lawmakers’ second attempt at the bill, which didn’t move in the last Congress.