Skip Links

'Aaron's Law' could have unintended consequences

Tragedy shouldn't undermine protection of private and public property, experts say

By Taylor Armerding, CSO
January 18, 2013 08:12 AM ET

CSO - The suicide of Internet wunderkind Aaron Swartz has prompted a variation on the classic "there-ought-to-be-a-law" response to tragedy. In this case, it's, "There ought to be an amendment to the law," to prevent what critics have called overzealous prosecution and vastly disproportionate sentencing guidelines.

Ortiz defends her office's prosecution of Aaron Swartz

The law in this case is the Computer Fraud and Abuse Act (CFAA), invoked by federal prosecutors to bring a 13-count indictment against Swartz, 26, after he used the MIT computer network to download more than 4 million academic articles from the online archive JSTOR, allegedly without legal authorization, in violation of MIT's terms of service.

U.S. Rep. Zoe Lofgren (D-Calif.) filed a bill this week she called "Aaron's Law," that would exclude terms of service violations from the CFAA and wire fraud statutes. In a post on Reddit, the Internet forum that Swartz cofounded, Lofgren wrote that "using the law in this way could criminalize many everyday activities and allow for outlandishly severe penalties.

"A simple way to correct this dangerous legal interpretation is to change the CFAA and the wire fraud statutes to exclude terms of service violations," she wrote.

But several Internet security experts, while expressing sympathy for Swartz's family, say it is not so simple, and that Lofgren's proposal could end up being yet another example of the law of unintended consequences.

[Bill Brenner in Salted Hash: I support 'Aaron's Law' -- for now]

Jody Westby, an attorney and CEO of Global Cyber Risk, said Swartz's death could be blamed on overly zealous prosecution "that crushed a young man." But she said that the proposed amendment to the CFAA "is another form of overkill that would have terribly detrimental consequences."

"[The CFAA language regarding terms-of-service violations] is absolutely essential in arresting insiders who steal or misuse confidential or proprietary data they were not given access to, and also criminals who hack into computers or plant malware to steal credentials or exfiltrate data," Westby said.

Randy Sabett, an attorney with ZwillGen and an expert in information security and intellectual property, said: "To isolate this law as the showpiece cause of a terrible tragedy, and therefore wipe out an entire remedy for criminal activity and intent is not the way to go."

Swartz, the founder and director of Demand Progress, co-author of RSS and a former research fellow at Harvard's Center for Ethics, was an outspoken crusader for making information free on the Internet, and prosecutors say he had planned to make the articles he obtained available to the public for free, as a political statement about access to knowledge.

He was scheduled to go to trial in April, and could have faced as many as 35 years in prison and as much as $1 million in fines, although the U.S. Attorney's office had reportedly offered a plea bargain that would have resulted in six months of jail time.

However, since his death, U.S. Attorney Carmen Ortiz has faced a firestorm of criticism, including a petition demanding her removal, which this week reached 25,000 signatures, however the White House has increased the theshold for a response from 25,000 to 100,000 petitions. 

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News