Legislation that would make it more difficult for the government to prosecute people like Aaron Swartz, the Internet activist who took his own life earlier this year, has been introduced by Rep. Zoe Lofgren, D-Calif.
The bill would modify the Computer Fraud and Abuse Act (CFAA), the law that makes unauthorized use of a computer a federal offense.
If passed, Aaron's Law would change the Computer Fraud and Abuse Act so that violating terms of service, website notices, contracts or employment agreements could no longer be considered a federal offense.
The bill would also remove perceived redundancies in the law wherein a person can be charged multiple times for the same crime.
[See also: How to Fix America's Harmful Hacking Laws]
"Vagueness is the core flaw of the CFAA," Lofgren wrote Thursday in a Wired.com editorial, explaining that the way the Computer Fraud and Abuse Act is currently phrased, any breach of a digital company's terms of service — such as, conceivably, sharing a Netflix password with friends or lying about your age on Facebook — could be considered a federal offense.
The piece was coauthored with Sen. Ron Wyden, D-Oregon, who is expected to introduce a companion bill to Lofgren's in the Senate.
"The CFAA is a sweeping Internet regulation that criminalizes many forms of common Internet use. It allows breathtaking levels of prosecutorial discretion that invites serious abuse," the two legislators wrote. "As Congress considers policies to preserve an open Internet as a platform for ideas and commerce, reforming the CFAA must be included."
Lofgren began drafting the bill in January, and even went to Reddit, a popular online discussion forum that Swartz co-founded, to solicit public opinion.
“Aaron knew how important the Internet is as a platform for open communication and access to information," Lofgren said recently.
Now the bill will make its way through the House of Representatives and, if it survives, eventually go to President Barack Obama's desk to be signed into law.
Swartz was charged in 2011 for allegedly using Massachusetts Institute of Technology servers to download a total of 4 million academic journal articles from JSTOR, a digital library that offers subscription-based access.
Neither JSTOR nor MIT pressed charges. But the Middlesex County Superior Court grand jury in Massachusetts indicted Swartz in 2011, charging him with breaking and entering, grand larceny and unauthorized access to a computer network. Concurrent federal charges would have put him in prison for a possible 35 years, if found guilty.
Later, in September 2012, the U.S. attorney for Massachusetts issued a second federal indictment that superseded the earlier ones, adding nine charges and 15 more years to the penalty.
Swartz committed suicide in his Brooklyn apartment in January 2013.
His death was the catalyst for Lofgren's bill. "This flaw in the CFAA allows the government to imprison Americans for a violation of a non-negotiable, private agreement that is dictated by a corporation," Lofgren wrote. "…The law must separate its treatment of everyday Internet activity from criminals intent on causing serious damage to financial, social, civic, or security institutions."
Aaron's Law doesn't change the parts of the Computer Fraud and Abuse Act that make use of viruses, malware, denial-of-service attacks and other malicious cyberattacks illegal.
A detailed summary of the proposed changes to the law can be found here.
More from TechNewsDaily:
- 10 Security Essentials Every College Student Needs
- 10 Tech Blunders That Could Be April Fools' Day Jokes
- New Surveillance Laws Could Cripple Facebook, Google, US Innovation