A year after Swartz suicide, reform of anti-hacking law remains elusive
Calls for changing the Computer Fraud and Abuse Act have made little headway
Computerworld - Internet activist Aaron Swartz's suicide last January galvanized calls for an overhaul of the Computer Fraud and Abuse Act (CFAA), used widely by the government to prosecute misdeeds that critics say the law was never intended to address. Yet, one year after Swartz's death, efforts to reform the law appear to have made little headway.
Aaron's Law, a bill that would have put important new restrictions on use of the CFAA by federal prosecutors stalled in Congress last year despite eliciting wide support from privacy and rights advocacy groups. The bill was sent to the House Judiciary Committee's Crime Terrorism, Homeland Security and Investigations subcommittee in June where it languished.
While Swartz's legions of supporters remain intent on reforming the law, the appetite for change in Washington has diminished considerably. A bill introduced by Sen. Patrick Leahy (D-Vt.) earlier this month, seeks to tweak the CFAA, but in a manner that raises new issues, according to some observers.
The furor over the Edward Snowden leaks also diverted attention from CFAA reform, making it uncertain whether change to the act will happen this year.
"Unfortunately, little has changed on the CFAA front," after Swartz's death, said Hanni Fakhoury, a staff attorney with the Electronic Frontier Foundation. "Since the Snowden/NSA stories broke, much of the attention has turned to that fight."
Leahy's recently introduced bill may bring more attention and momentum to the fight to scale back the CFAA, but it's to soon to say for sure, Fakhoury said.
Swartz, 26, hanged himself Jan. 11, 2013, apparently over concerns of spending a long time in prison on hacking charges. Federal prosecutors in Massachusetts had indicted Swartz on 13 counts of felony hacking and wire fraud charges in connection with his alleged theft of millions of documents from JSTOR, an online library of literary journals and scholarly documents.
Swartz, a co-founder of the online news aggregation site Reddit and co-author of the RSS 1.0 Web feed specification, downloaded the documents from an MIT server using an account that he had set up with a fake name and email address.
Swartz, who was a fellow at Harvard University at the time, claimed he downloaded the scholarly documents so he could make them available for free on the Internet. The JSTOR documents are typically sold by subscription to universities and other institutions.
Federal prosecutors accused him of breaking provisions of the CFAA, which among other things, makes it illegal for anyone to knowingly access a computer without authorization or to exceed their authorized use of a system.
The law provides for penalties of up to life in prison for hacking. Prosecutors allegedly led Swartz into believing he faced 35 years in prison for his actions -- a prospect that is believed to have spurred his decision to kill himself.
The CFAA, drafted by Congress in 1986, was originally designed to deter criminal hacking for data theft or sabotage. Critics of the law say that its loose definition of key terms, like those related to unauthorized access and exceeding authorized access, have allowed creative prosecutors to apply the CFAA to a broader set of circumstances.
- SBIC: Transforming Information Security This report combines perspectives on technologies with experience in strategy to help security teams navigate complex decisions regarding technology deployments while maximizing investments.
- Is Your Credit Card Data Safe from Hacks? News of recent credit card hacks has rocked consumer confidence. Even talk of a security breach can bring on a PR firestorm. What...
- Protecting Your Mid-Size Business from Today's Security Threats Think you're too small to get hacked? Think again.
- CSO QuickPulse IT Security: Midsize Businesses Face Enterprise This survey finds that midsize firms lack understanding of vulnerabilities, and need comprehensive security tools.
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to...
- Mastering the Art of Mobile Content Management Mobile device usage in the enterprise has skyrocketed in recent years, and it continues to escalate. All Cybercrime and Hacking White Papers | Webcasts
Computerworld has launched its annual search for outstanding IT leaders who align technology with business goals. Nominate a top IT executive for the 2015 Premier 100 IT Leaders awards now through July 18.