Lawmakers Seek To Ease Draconian Computer Fraud Law

Lawmakers in the House and Senate have formally introduced a law that would amend the Computer Fraud and Abuse Act: a long-outdated bill that potentially criminalizes many activities that have become commonplace online.

The new measure, introduced today by Reps. Zoe Lofgren (D-Calif.) and Jim Sensenbrenner (R-Wisc.) and Sen. Ron Wyden (D-Ore.), would make clear that people who violate private companies' terms of service don't commit computer fraud.

As currently written, the 1984 computer fraud law makes it a crime to exceed “authorized access” to a computer. The problem is, the concept of “exceeding authorized access” is so broad that it can cover a host of activity that no one thinks should be a crime. For instance, people who violate a social networking company's terms of service -- such as by registering with a fake name -- theoretically could be prosecuted for computer fraud.

But the proposed revision, named “Aaron's Law,” will significantly narrow the type of activity considered computer fraud. The bill still makes it a crime to get around technological restrictions on access by using deception -- as phishers do. It also is a crime to share log-in credentials, in certain circumstances. But violating terms of service could no longer be a basis for prosecutions.

The proposal is named for Aaron Swartz, an activist who hanged himself in January while under indictment for violating the computer fraud law. Specifically, Swartz was accused of using the Massachusetts Institute of Technology's computer network to download more than 4 million scholarly articles from academic publisher JSTOR, without authorization by MIT or JSTOR. Many people think Swartz downloaded the documents because he wanted to make them more accessible to the public.

The new proposal also spells out that the maximum penalty for violations is one year in prison, unless the total fair market value of the information obtained without authorization amounts to at least $5,000. In that case, the maximum penalty would increase to five years' imprisonment.

The bill is backed by digital rights groups, including the Center for Democracy & Technology. “Breaking a promise is not the same as breaking into a computer, and shouldn’t be a federal crime,” Kevin Bankston, director of CDT’s Free Expression Project, said in a statement. “Only people who break into computers by circumventing technical restrictions should be prosecuted as computer criminals.”

1 comment about "Lawmakers Seek To Ease Draconian Computer Fraud Law".
Check to receive email when comments are posted.
  1. Pete Austin from Fresh Relevance, June 21, 2013 at 4:43 a.m.

    Doesn't sound like it goes far enough. I regularly save time by editing the URL on sites, to go directly to pages instead of using their slow navigation menus, but editing URLs is a large part of what so-called hackers are getting charged with. There's no real way distinguish with certainty between a site page that's difficult to reach without editing the URL, and a page that is "protected" by not being linked from the navigation at all.

Next story loading loading..