Representative Zoe Lofgren (D-CA) and Senator Ron Wyden (D-OR) have introduced “Aaron’s Law,” legislation to reform the Computer Fraud and Abuse Act (CFAA) and hopefully prevent incidents such as that suffered by computer programmer and political activist Aaron Swartz, who faced up to 35 years in prison for allegedly violating the CFAA. “Aaron’s Law” is intended to clarify and limit what is considered a crime under the CFAA.
Currently, the CFAA makes it a crime to “exceed authorized access” to a protected computer. Under “Aaron’s Law,” this term would change to “access without authorization” and will be defined as “bypassing technological or physical measures via deception.” Virus authors, malicious code creators, and denial of service attack initiators would continue to be prosecutable.
In Swartz’s case, the federal government alleged that Swartz illegally downloaded academic articles from JSTOR on MIT’s campus by using a computer program to automate the downloading process. Critics have accused the Department of Justice for prosecuting him for the equivalent of “checking too many books out of the library.” JSTOR declined to participate in Aaron’s prosecution, but under pressure of a federal court case and potential prison time, Swartz took his own life in January 2013.
