Feb. 13, 2016 SIGN IN | REGISTER

Congress: Is Computer Law Too Tough on Hackers?

Bill Clark/CQ Roll Call File Photo
The House Oversight and Government Reform Committee, which Issa chairs, has requested a briefing from the Justice Department on its prosecution of Swartz. “The crime and the punishment did not fit,” Issa said.

Critics of the Computer Fraud and Abuse Act argue that the statute has several problems. First, some courts have found that under the law, violating the terms of service for a network, product or system could potentially trigger criminal penalties, such as those faced by Swartz for violating JSTOR’s terms of service. Second, Cohn said the law bans even minor technical workarounds, meaning users who try to alter how they use a program or access data, common behavior among programmers and hackers, could potentially face charges.

Finally, the penalty scheme for CFAA imposes almost entirely felonies, according to Cohn, with little room for misdemeanors. Cohn said prosecutors were only able to threaten Swartz with so much jail time because the CFAA penalties are out of proportion with the actual offenses; she argued that the lawmakers who approved such penalties could have hardly expected that they would be used as they were against Swartz.

Congress has seen previous attempts to clarify the law, including an amendment last year from Senate Judiciary ranking member Charles E. Grassley, R-Iowa, and Sen. Al Franken, D-Minn., that would have altered the terms of service portion. The latest effort comes after Swartz’s death and has been dubbed “Aaron’s law” by Wyden and Rep. Zoe Lofgren, D-Calif.

The two have circulated a draft of the bill that would address the way the law handles both terms of service violations and technical workarounds. They are currently seeking bipartisan sponsors and are expected to unveil the legislation in the coming days.

The legislation would define words such as “system” and “unauthorized access” in ways that would have constrained how the prosecutors could have charged Swartz, had the bill been law at the time of his indictment, according to David Segal, executive director of the Internet freedom group Demand Progress.

But the draft of Aaron’s law still doesn’t address the issue of penalties, and its future remains cloudy. House Judiciary Chairman Robert W. Goodlatte, R-Va., said his committee is looking into the issue but called it premature to promise a hearing; a Senate Judiciary Committee spokesman indicated that panel has no plans to take up changes to the CFAA.

That leaves the House Oversight and Government Reform Committee, where Issa and ranking member Elijah E. Cummings, D-Md., have requested a briefing from the Justice Department on its prosecution of Swartz. The briefing is expected in the coming days, after which committee leaders will have a better idea of how to proceed. Senate Minority Whip John Cornyn, R-Texas, has also written to Attorney General Eric H. Holder Jr. regarding the Swartz prosecution, which is now inextricably linked to the broader issue of how computer crimes are prosecuted.

The Justice Department has already pushed back against the notion it persecuted Swartz, with Ortiz releasing a statement last month defending her office’s conduct. Ortiz claims that prosecutors sought a sentence of six months and denies ever telling Swartz’s attorneys they intended to seek maximum penalties under the law.

comments powered by Disqus




Want Roll Call on your doorstep?