Two members of the U.S. House of Representatives on Thursday introduced a bill aimed at reforming the Computer Fraud and Abuse Act by imposing more requirements for prosecuting violators.
Representatives Zoe Lofgren, D-Calif., and Ron Wyden, D-Ore., introduced a revised draft of the Act, naming it for Aaron Swartz, the computer programmer and Internet activist who committed suicide in January. At the time of his death, Swartz was facing federal prosecution under the CFAA, with the possibility of up to 35 years in prison if convicted. Prosecutors argued he hacked into an MIT network and illegally downloaded millions of documents from the JSTOR subscription service.
Digital rights activists, as well as the family and friends of Swartz, have accused the prosecutors of overzealously targeting him, causing stress that may have contributed to his suicide.
Lofgren originally introduced the bill just days after Swartz’s death in January but sought approval from the Internet community on Reddit before finalizing it. Many of the changes in the latest draft appear to reflect their suggestions.
“As SOPA showed, when the Internet speaks, lawmakers listen,” she said in a Reddit post announcing the revamped bill.
Reducing Prosecution Efforts
The revision attempts to differentiate between what could be considered a harmful online attack and what is common online activity. One of the ways it does so is to clarify the definition of “access without authorization.”
Under the proposal, obtaining secure online information by circumventing physical or technological measures through hack attacks, phishing, or other social engineering ploys would be illegal. However, bypassing security by changing an IP or MAC address, which is one of the ways Swartz was able to access content, would not be a violation of the act.
The new bill also would also limit the penalties and prison time if someone were found guilty of violating the Act.
Lofgren and Wyden said they hope the revisions will eliminate some of the broader terms of prosecution under the CFAA and help law enforcement focus only on truly harmful cybercriminals.
The representatives did not respond to our requests for further details.
Thumbs Up From Internet Community
Many open Internet advocates, including the Center for Democracy & Technology and Demand Progress, have praised the new version of the bill, vowing to see it through both the House and Senate and ultimately signed into law.
The bill could go a long way toward cutting back on mismatched penalties and crimes, they argue, and create a more open online space.
Though the bill will face some hurdles, it appears to have supporters from both political parties as well as the backing of the Internet community, noted Kevin Bankston, senior counsel and free expression director at the Center for Democracy & Technology.
“Although getting good legislation passed is always an uphill battle,” he told TechNewsWorld, “the fact that similar legislation passed on a voice vote out of the Senate Judiciary Committee just a couple of years ago, the fact that the bill is bipartisan, and the fact that the netroots are very strongly behind this legislation are all good signs for Aaron’s Law.”
If the political climate were different, perhaps — but it’s nearly impossible for anything to pass in the current Congress, said Jonathan Askin, founder and director of the Brooklyn Law Incubator and Policy Clinic at the Brooklyn Law School.
“I’m skeptical Congress will pass anything resembling Aaron’s Law any time within the next few congressional terms,” he told TechNewsWorld.
“Even legislation that the public easily comprehends and clearly views as essential life-and-death issues is not getting through our dysfunctional and paralyzed legislature,” noted Askin. “The issues surrounding reform of the CFAA are too subtle to spark enough of a one-sided push for legislative action.”