On Friday, the American Library Association honored Aaron Swartz, the young Internet activist who committed suicide in January, with its James Madison Award for his work on open access to information. Rep. Zoe Lofgren, a Democrat from California, won the award last year. She was slated to present the new one, the first the organization has awarded posthumously, to Swartz’s family.
Shortly after Swartz’s death—which some speculated was caused by federal charges he faced after downloading large batches of documents from the digital library JSTOR—Lofgren announced that she was beginning work on a law that would protect other Internet users from experiencing the sort of prosecution that Swartz was facing—what Lofgren called “inappropriate efforts undertaken by the US government” and “abuse of power.”
The law would amend the Computer Fraud and Abuse Act, the statute that US prosecutors had used against him. When she posted a first draft of the bill—she called it Aaron’s Law—to Reddit in January, Lofgren wrote that it “could be an important tribute” to Swartz’s work. Friday’s award ceremony was the sort of occasion that would have served as a perfect forum for announcing that she was introducing this bill to Congress—if she was ready to take that step. But in the end, she couldn’t even attend.
As a response to Swartz’s death, Aaron’s Law falls into a special category of legislation—bills premised on the idea never again should what happened to the victim, usually a child, happen again. It’s not obvious that Swartz should be included in that group. As a twenty-something, older adults in his life felt protective of him, but he was also a grown-up who made his own choices.
Right now, Lofgren has proposed a law that may have protected Swartz from the consequences of choices that he made—choices that some of his older friends disagreed with or thought rash, childlike. But there’s also a lot of talk around Aaron’s Law about creating a law that would honor his activism—a law that wouldn’t just protect people like him but also would complete the reframing and reforming the CFAA, an old, creaky law that’s ailing in more ways that one.
This is the problem with Aaron’s Law: It isn’t only about Aaron Swartz. Even if Lofgren’s intention is to open up the CFAA, passed in 1986, in order to perform relatively limited surgery, it’s almost impossible to talk about patching it up without addressing its larger ailments.
To identify bad guys, the CFAA relies on two types of activities—accessing a computer either without authorization or in a way that exceeds authorized access. But in recent years, both legal scholars and judges have said that this schema catches too many everyday Internet users in its purview to make sense as the trigger for criminal prosecution.
“Back in 1986, maybe this made sense, if you think about what computers were like then,” Jennifer Granick, who leads the civil liberties program at Stanford Law School’s Center for Internet and Society, said at a recent event on the CFAA. “Either you weren’t allowed to use the computer at all, or you were in your workplace, or maybe you were a university student, and you had certain limited rights to use the computer. But you weren’t allowed to rampage through the system.”
But that’s not how computers work today. Every time a person goes on Facebook or checks Gmail or borrows a cellphone, they access a computer system. “The question in this world, where we have so many more interactions with computer services that are offered to the general public is: What does it mean to access without authorization?” Granick said.
In the hands of prosecutors, it can mean almost anything. Bradley Manning, who allegedly provided scores of classified government documents to Wikileaks, faces charges under the CFAA. The law has also been used against people who created email or social media accounts using fake names. The Department of Justice’s interpretation of the law has it that violating a website’s terms of service—those nebulous legal documents we’re always clicking to agree to—counts as a violation. That view, Orin Kerr, an advocate for reform, told Congress last week, “would make criminals out of most computer users.”