The Obama administration is demanding that the US Congress write a new computer law that would be more officious and more draconian than the current Computer Fraud and Abuse Act (CFAA) that motivated Internet activist Aaron Swartz to take his life.
Computer User as Conspirators
The U.S. House Judiciary Committee is preparing a rewrite of CFAA that would impose harsher penalties for assorted computer crimes. Included in the proposed bill are classifying certain types of computer mischief as racketeering, punishing computer activists as conspirators and making it a federal felony to violate terms of service.
This proposed bill is the product of U.S. Attorney General Eric Holder and Senator Patrick Leahy (D-Vt) who met in secret to hammer out changes to the act back in 2011.
The new cyber-security act would supersede all state laws and give new power to 18 different law enforcement and intelligence agencies under the umbrella of the National Cyber Investigative Task Force. President Obama created this task force in 2008 under the Comprehensive National Cybersecurity Initiative. It’s run by the FBI and answers to Holder’s Justice Department.
A Step Backward
The proposed changes have come under fire from privacy organizations and lawyers. “This is a step backward, not a step forward,” said Orin Kerr, a former justice department prosecutor who specialized in cyber crime prosecutions.
Kerr, now a professor at George Washington University, said that the proposed legislation is a wish-list to give Holder what he wants. As currently written, the new law would allow the government to jail any Internet user, Kerr said. It would in no way narrow the focus of CFAA or its draconian punishments that drove Swartz to suicide.
His suicide earlier this year provided the impetus for privacy groups to request that Congress make changes to CFAA. Justice Department prosecutors hammered Swartz with charges that carried up to 35 years in prison and a $1 million fine. The Justice Department charged Swartz with wire fraud and violations of the CFAA.
Swartz had downloaded academic articles from a data management platform called JSTOR at the Massachusetts Institute of Technology. Swartz stated that he committed the act in an effort to promote public and open access to research. After Swartz returned the files and apologized, JSTOR said that it considered the matter closed, but federal prosecutors moved in and charged Swartz. He committed suicide last January.
Legislators Don’t Understand Computers
The CFAA was originally written in 1984 to punish criminals hacking into banking and military computers. The vagueness of the law gives leeway to prosecutors to interpret it in various ways that not even a New Jersey computer lawyer can defend. Critics argue that it allows draconian punishments for minor breaches of law.
David Segal, the executive director of Demand Progress, called the proposed legislation “a giant leap in the wrong direction.” He said that the proposed law shows that legislators have no understanding of computers or the Internet. He charged that the new law would drive creativity and innovation out of the U.S.
As the proposed law stands now, Swartz would face not 35 years in prison but 80 years.
Image Credit: Phillip Stearns