Let's Honor Aaron Swartz by Fixing This Draconian Computer Crime Law

What's to come?
Jan. 14 2013 5:01 PM

How To Honor Aaron Swartz

In the wake of the brilliant technology activist's death, let's fix the draconian Computer Fraud and Abuse Act.

FT-130114-Swartz
Aaron Swartz in 2009 at the Boston Wiki Meetup.

Photograph by Sage Ross/Creative Commons License.

Outpourings of grief and calls for change continue to flood the Internet after the suicide of Aaron Swartz, only 26 years old.

Aaron was one of our community's best and brightest, and he achieved great heights in his short life. He was a coder, a political activist, an entrepreneur, a contributor to major technological developments (like RSS), and an all-around Internet freedom rock star. As Wired noted, the world will miss out on decades of magnificent things Aaron would have accomplished had his time not been cut short.

Over the past two years, Aaron was forced to devote much of his energy and resources to fighting a relentless and unjust felony prosecution brought by Justice Department attorneys in Massachusetts. His alleged crimes stemmed from using MIT's computer network to download millions of academic articles from the online archive JSTOR, allegedly without "authorization." For that, he faced 13 felony counts of hacking and wire fraud (PDF), which carried the possibility of decades in prison and crippling fines. His case would have gone to trial in April.

Advertisement

The government should never have thrown the book at Aaron for accessing MIT's network and downloading scholarly research. However, some extremely problematic elements of the law made it possible. We can trace some of those issues to the U.S. criminal justice system as an institution, and I suspect others will write about that in the coming days. But Aaron's tragedy also shines a spotlight on a couple of profound flaws of the Computer Fraud and Abuse Act in particular and gives us an opportunity to think about how to address them.

Problem 1: Hacking laws are too broad, and too vague
Among other things, the CFAA makes it illegal to gain access to protected computers "without authorization" or in a manner that "exceeds authorized access." Unfortunately, the law doesn't clearly explain what a lack of "authorization" actually means. Creative prosecutors have taken advantage of this confusion to craft criminal charges that aren't really about hacking a computer but instead target other behavior the prosecutors don't like.

An infamous example is United States v. Drew, a case in which a woman created a fake MySpace page to taunt a teenage girl. The girl became distraught and committed suicide. No crime made the bullying itself illegal, so prosecutors charged Drew under the CFAA, claiming her fake profile violated MySpace's terms of use, which made her access to the social networking site's computers "unauthorized."

An obvious problem with this argument is that it would mean anyone who runs afoul of a web site's fine print is a criminal—and many of us intentionally or unintentionally violate those agreements every day. Prosecutors wouldn't bother filing criminal charges against most of us, of course. But if they wanted to, they would have the leeway to do it under the government's theory.

The judge ultimately reached the right result, finding that Drew didn't violate the CFAA just because she breached MySpace's terms of use.

But other criminal defendants haven't been so lucky.

In November, a jury convicted Andrew Auernheimer after someone else wrote a script to collect thousands of iPad owners' email addresses—which AT&T had failed to secure. Auernheimer's involvement in the "hack" appears to have been primarily telling journalists about then vulnerability after the fact (PDF). He plans to appeal the conviction.

It's possible that Auernheimer's unsympathetic reputation as an Internet troll played a role in the government's decision to indict him. And the CFAA's vague and overbroad language gave the jury an excuse to punish someone who didn't carry out anything remotely resembling a serious computer intrusion, even though that's the concern that caused Congress to criminalize "unauthorized" access in the first place.

Let's be clear: Being an unsympathetic person is not a computer crime.

Most of the government's charges against Aaron alleged "unauthorized" access. We'll never know exactly how prosecutors planned to argue at trial that Aaron's access to JSTOR and the MIT network was "unauthorized." However, the allegations in the indictment suggest the case was based at least in part on the idea that Aaron violated JSTOR and MIT's network rules and user agreements. Under Drew and more recent precedent(PDF), that theory of criminal liability is dubious at best.

TODAY IN SLATE

History

Slate Plus Early Read: The Self-Made Man

The story of America’s most pliable, pernicious, irrepressible myth.

Rehtaeh Parsons Was the Most Famous Victim in Canada. Now, Journalists Can’t Even Say Her Name.

Mitt Romney May Be Weighing a 2016 Run. That Would Be a Big Mistake.

Amazing Photos From Hong Kong’s Umbrella Revolution

Transparent Is the Fall’s Only Great New Show

The XX Factor

Rehtaeh Parsons Was the Most Famous Victim in Canada

Now, journalists can't even say her name.

Doublex

Lena Dunham, the Book

More shtick than honesty in Not That Kind of Girl.

What a Juicy New Book About Diane Sawyer and Katie Couric Fails to Tell Us About the TV News Business

Does Your Child Have Sluggish Cognitive Tempo? Or Is That Just a Disorder Made Up to Scare You?

  News & Politics
History
Sept. 29 2014 11:45 PM The Self-Made Man The story of America’s most pliable, pernicious, irrepressible myth.
  Business
Moneybox
Sept. 29 2014 7:01 PM We May Never Know If Larry Ellison Flew a Fighter Jet Under the Golden Gate Bridge
  Life
Dear Prudence
Sept. 30 2014 6:00 AM Drive-By Bounty Prudie advises a woman whose boyfriend demands she flash truckers on the highway.
  Double X
Doublex
Sept. 29 2014 11:43 PM Lena Dunham, the Book More shtick than honesty in Not That Kind of Girl.
  Slate Plus
Slate Fare
Sept. 29 2014 8:45 AM Slate Isn’t Too Liberal, but … What readers said about the magazine’s bias and balance.
  Arts
Brow Beat
Sept. 29 2014 9:06 PM Paul Thomas Anderson’s Inherent Vice Looks Like a Comic Masterpiece
  Technology
Future Tense
Sept. 29 2014 11:56 PM Innovation Starvation, the Next Generation Humankind has lots of great ideas for the future. We need people to carry them out.
  Health & Science
Medical Examiner
Sept. 29 2014 11:32 PM The Daydream Disorder Is sluggish cognitive tempo a disease or disease mongering?
  Sports
Sports Nut
Sept. 28 2014 8:30 PM NFL Players Die Young. Or Maybe They Live Long Lives. Why it’s so hard to pin down the effects of football on players’ lives.