New 'Aaron's Law' aims to alter controversial computer fraud law

Silicon Valley congresswoman wants to change a 1984 law that was used to prosecute Internet activist Aaron Swartz, who committed suicide last week.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Steven Musil
2 min read

The suicide last week of Internet activist Aaron Swartz has led a Democratic congresswoman from Silicon Valley to call for reforms to computer fraud laws linked to his death.

Swartz, who championed open access rights to documents on the Internet, was arrested in July 2011 and accused of stealing 4 million documents from MIT and Jstor, an archive of scientific journals and academic papers.

He had faced $4 million in fines and more than 50 years in prison if convicted. Critics of the prosecutors in the case accused the feds of unfairly trying to make an example out of the 26-year-old Swartz.

Swartz's family called his death "the product of a criminal justice system rife with intimidation and prosecutorial overreach. Decisions made by officials in the Massachusetts U.S. Attorney's office and at MIT contributed to his death."

Rep. Zoe Lofgren cited the family's statement in announcing today that she has authored a bill (PDF) called "Aaron's Law" that aims to change the 1984 Computer Fraud and Abuse Act (CFAA) and the wire fraud statute to exclude terms of service violations.

"His family's statement about this speaks volumes about the inappropriate efforts undertaken by the U.S. government," Lofgren wrote on Reddit. "There's no way to reverse the tragedy of Aaron's death, but we can work to prevent a repeat of the abuses of power he experienced."

"We should prevent what happened to Aaron from happening to other Internet users," she wrote. "The government was able to bring such disproportionate charges against Aaron because of the broad scope of the Computer Fraud and Abuse Act (CFAA) and the wire fraud statute. It looks like the government used the vague wording of those laws to claim that violating an online service's user agreement or terms of service is a violation of the CFAA and the wire fraud statute."

Lofgren is not the first to complain that the wording of the 29-year-old anti-hacking law was overly broad. Last April, the 9th U.S. Circuit Court of Appeals in San Francisco rejected the government's broad interpretation of the 1984 law, warning that millions of Americans could be subjected to prosecution for harmless Web surfing at work.