New to the art form? This Wall Street Journal article will get you orientated. Also, for more information on how some of these titles mislead lawmakers and the citizenry, find some academic commentary from Brian Christopher Jones here:

Thursday, June 20, 2013

Honoring Aaron Swartz

Rep. Zoe Lofgren (D., CA) and Sen. Ron Wyden (D., OR) introduced Aaron's Law Act of 2013, in honor of Aaron Swartz. Lofgren and Wyden contend that the Computer Fraud and Abuse Act, which the bill would amend, is too vague and could potentially criminalize innocent internet activity.  At the time of his death the software developer/internet activist was under investigation by the Justice Department for his downloading of academic articles from the database JSTOR. 

Partial press release below the jump. 


Rep Zoe Lofgren Introduces Bipartisan Aaron's Law

WASHINGTON, D.C. - Rep. Zoe Lofgren (D-CA), along with Reps. James Sensenbrenner (R-WI), Mike Doyle (R-PA), Yvette Clarke (D-NY) and Jared Polis (D-CO), have introduced H.R. 2454, the Aaron's Law Act of 2013. Named in honor of the late Internet innovator and activist Aaron Swartz, the bipartisan legislation would reform the quarter-century old Computer Fraud and Abuse Act (CFAA) to work for the digital age. Swartz's passing in January spotlighted serious problems with the vague wording of the CFAA. Among those concerns is how the law treats violations of terms of service, employer agreements, or website notices.
"Reform of the CFAA is necessary," Rep. Lofgren said. "I hope this bipartisan bill will lead to the reforms that are needed for the good of the country."
Aaron's Law refocuses the CFAA away from common computer and Internet activity and back towards targeting damaging hacks, as originally intended. By establishing a clear line that is needed in the law, it distinguishes the difference between common online activities and harmful attacks. Specifically the legislation:
  • Establishes that mere breach of terms of service, employment agreements, or contracts are not automatic violations of the CFAA. By using legislative language based closely on recent important 9th and 4th Circuit Court opinions, the bill would instead define 'access without authorization' under the CFAA as gaining unauthorized access to information by circumventing technological or physical controls – such as password requirements, encryption, or locked office doors. Hack attacks such as phishing, injection of malware or keystroke loggers, denial-of-service attacks, and viruses would continue to be fully prosecutable under strong CFAA provisions this bill does not modify.
  • Brings balance back to the CFAA by eliminating a redundant provision that enables an individual to be punished multiple times through duplicate charges for the same solitary violation. Eliminating the redundant provision streamlines the law, but would not create a gap in protection against hackers.
  • Brings greater proportionality to CFAA penalties. Currently, the CFAA's penalties are tiered, and prosecutors have wide discretion to ratchet up the severity of the penalties in several circumstances, leaving little room for non-felony charges under CFAA (i.e., charges with penalties carrying less than a year in prison). The bill ensures prosecutors cannot seek to inflate sentences by stacking multiple charges under the CFAA, including state law equivalents or non-criminal violations of the law.

No comments:

Post a Comment