Rep. Zoe Lofgren Plans To Introduce 'Aaron's Law' To Stop Bogus Prosecutions Under The CFAA (original) (raw)

from the one-step dept

There’s been talk for years about fixing the Computer Fraud and Abuse Act (CFAA), which has been widely abused by law enforcement/prosecutors to claim that basically any use of a computer that did not fall under the explicitly allowed uses was a form of “computer hacking” — and potentially a felony. This allowed for law enforcement to go after all sorts of people — including anyone who did anything on a computer that their employer didn’t like. Or anyone whosent spam. Or anyone who reported on a data vulnerability. Or anyone who just senta too many emails. These and many more cases mostly revolved around a stretched interpretation of the (outdated) CFAA, which suggested that simply violating a terms of service was the equivalent of “unauthorized access,” and thus a “hacking” violation. Courts have so far been somewhat split on this interpretation, with some buying it and others not buying it at all.

The abuse of the CFAA has been seen in some high profile cases, including the one against Lori Drew, after a young girl, who was a friend of Drew’s daughter, killed herself following a “dispute” with a fake profile of a boy that was really set up by Drew and some others. The court eventually tossed that out (though a jury convicted her). But it seems tragically ironic that a law that prosecutors once used (they claimed) to go after someone for bullying someone to commit suicide, is now itself being blamed for prosecutors’ own bullying tactics, which many (including his parents) now insist led to the suicide of Aaron Swartz.

Congress has approved fixes for the CFAA in the past, but they’ve never made it all the way into law. The unfortunate, untimely and tragic death of Aaron Swartz may have brought back politicians’ interest in making such a fix. Rep. Zoe Lofgren announced on Reddit her plans to introduce “Aaron’s Law” to fix one glaring weakness in the CFAA: the idea that any terms of service violation is akin to hacking and fraud under the law. The draft bill rejects such an interpretation explicitly:

Section 1343 of title 18, United States Code, is amended by inserting after the first sentence the following: ‘‘A violation of an agreement or contractual obligation regarding Internet or computer use, such as an acceptable use policy or terms of service agreement, with an Internet service provider, Internet website, or employer is not in itself a violation of this section.’’

Hopefully, this new Congress can look at the unfortunate situation with Aaron (and many others) and how prosecutors are using the CFAA as a weapon to browbeat people they don’t like into guilty pleas on garbage charges, and finally pass this much needed fix to the CFAA.

Filed Under: aaron swartz, cfaa, computer fraud and abuse act, zoe lofgren