According to Roll Call:
The mood was understandably somber when friends and well-wishers gathered last week to pay tribute to the late Internet activist Aaron Swartz. A host of speakers, including members of Congress from both parties, lamented the wasted talent of the 26-year-old prodigy who dedicated his life to the liberation of information.
“He wanted to make the world a better place,” said Swartz’s father, Bob Swartz, at the Feb. 4 event at the Cannon House Office Building. “For this he was hounded to his death by the government.”
Swartz’s supporters have channeled their emotions into fighting what they view as the cause of his death: overzealous prosecutors and a statute they consider vague and unfairly harsh even for minor computer crimes. The Justice Department used that statute, the 1986 Computer Fraud and Abuse Act, to threaten Swartz with up to 35 years in prison and a fine of up to $1 million, and he committed suicide last month, an action his family blames squarely on the prosecutors’ threats.
Swartz, a Reddit co-founder, was arrested in 2011 for downloading 4.8 million academic articles from JSTOR, a subscription-based academic journal service. He later turned over his hard drives that contained the articles, and JSTOR elected not to pursue the case. But U.S. Attorney Carmen M. Ortiz did not relent, charging Swartz with wire fraud, computer fraud, unlawfully obtaining information from a protected computer and recklessly damaging a protected computer.
“Stealing is stealing, whether you use a computer command or a crowbar, and whether you take documents, data or dollars,” Ortiz said at the time of the July 2011 indictment.
For years, law enforcement officials and prosecutors have lobbied Congress to up the penalties for hacking and other computer crimes, repeatedly invoking the argument that hackers are increasingly working with, or are sponsored by, organized crime or foreign states, and aren’t simply smart kids showing off in their parents’ basements.
“There has been a sense in Congress that ratcheting up the penalties on criminal laws was an easy giveaway to DOJ to get something they wanted,” said Cindy Cohn, legal director of the Electronic Frontier Foundation, an Internet freedom group.
But now some lawmakers are suggesting that prosecutors — and perhaps Congress — may have overreached, and they are taking a new look at the Computer Fraud and Abuse Act.
“The crime and the punishment did not fit” for Swartz, House Oversight and Government Reform Chairman Darrell Issa, R-Calif., said at the memorial. “This wasn’t a big case.”
Rep. Alan Grayson, D-Fla., declared that “prosecution should not be persecution,” while Sen. Ron Wyden, D-Ore., blamed a “poorly written criminal law” for labeling Swartz a dangerous criminal. . . .
Critics of the Computer Fraud and Abuse Act argue that the statute has several problems. First, some courts have found that under the law, violating the terms of service for a network, product or system could potentially trigger criminal penalties, such as those faced by Swartz for violating JSTOR’s terms of service. Second, Cohn said the law bans even minor technical workarounds, meaning users who try to alter how they use a program or access data, common behavior among programmers and hackers, could potentially face charges.
Finally, the penalty scheme for CFAA imposes almost entirely felonies, according to Cohn, with little room for misdemeanors. Cohn said prosecutors were only able to threaten Swartz with so much jail time because the CFAA penalties are out of proportion with the actual offenses; she argued that the lawmakers who approved such penalties could have hardly expected that they would be used as they were against Swartz.