On Friday, the American Library Association honored Aaron Swartz, the young Internet activist who committed suicide in January, with its James Madison Award for his work on open access to information. Rep. Zoe Lofgren, a Democrat from California, won the award last year. She was slated to present the new one, the first the organization has awarded posthumously, to Swartz’s family.
Shortly after Swartz’s death—which some speculated was caused by federal charges he faced after downloading large batches of documents from the digital library JSTOR—Lofgren announced that she was beginning work on a law that would protect other Internet users from experiencing the sort of prosecution that Swartz was facing—what Lofgren called “inappropriate efforts undertaken by the US government” and “abuse of power.”
The law would amend the Computer Fraud and Abuse Act, the statute that US prosecutors had used against him. When she posted a first draft of the bill—she called it Aaron’s Law—to Reddit in January, Lofgren wrote that it “could be an important tribute” to Swartz’s work. Friday’s award ceremony was the sort of occasion that would have served as a perfect forum for announcing that she was introducing this bill to Congress—if she was ready to take that step. But in the end, she couldn’t even attend.
As a response to Swartz’s death, Aaron’s Law falls into a special category of legislation—bills premised on the idea never again should what happened to the victim, usually a child, happen again. It’s not obvious that Swartz should be included in that group. As a twenty-something, older adults in his life felt protective of him, but he was also a grown-up who made his own choices.
Right now, Lofgren has proposed a law that may have protected Swartz from the consequences of choices that he made—choices that some of his older friends disagreed with or thought rash, childlike. But there’s also a lot of talk around Aaron’s Law about creating a law that would honor his activism—a law that wouldn’t just protect people like him but also would complete the reframing and reforming the CFAA, an old, creaky law that’s ailing in more ways that one.
This is the problem with Aaron’s Law: It isn’t only about Aaron Swartz. Even if Lofgren’s intention is to open up the CFAA, passed in 1986, in order to perform relatively limited surgery, it’s almost impossible to talk about patching it up without addressing its larger ailments.
To identify bad guys, the CFAA relies on two types of activities—accessing a computer either without authorization or in a way that exceeds authorized access. But in recent years, both legal scholars and judges have said that this schema catches too many everyday Internet users in its purview to make sense as the trigger for criminal prosecution.
“Back in 1986, maybe this made sense, if you think about what computers were like then,” Jennifer Granick, who leads the civil liberties program at Stanford Law School’s Center for Internet and Society, said at a recent event on the CFAA. “Either you weren’t allowed to use the computer at all, or you were in your workplace, or maybe you were a university student, and you had certain limited rights to use the computer. But you weren’t allowed to rampage through the system.”
But that’s not how computers work today. Every time a person goes on Facebook or checks Gmail or borrows a cellphone, they access a computer system. “The question in this world, where we have so many more interactions with computer services that are offered to the general public is: What does it mean to access without authorization?” Granick said.
In the hands of prosecutors, it can mean almost anything. Bradley Manning, who allegedly provided scores of classified government documents to Wikileaks, faces charges under the CFAA. The law has also been used against people who created email or social media accounts using fake names. The Department of Justice’s interpretation of the law has it that violating a website’s terms of service—those nebulous legal documents we’re always clicking to agree to—counts as a violation. That view, Orin Kerr, an advocate for reform, told Congress last week, “would make criminals out of most computer users.”
This subject and debate snakes its way into a larger conversation about the overwhelming need to evaluate privacy law and media regulation in the 21st century. Who would disagree that an internet law from 1986 is a wee bit outdated? What about the Children's Television Act of 1990? Or the mere existence of a Standards and Practices unit at every major network, wringing their hands and fumbling over non-existent censorship rules their viewers don't even care about? Bah!
Anyways, regarding the CFAA, I don't think you can reform it until you also take a serious look at the current version of U.S. Copyright Law. If you expect the conversation to address the legal right(s) of individuals to access information whose ownership is, in some cases, ambiguous, then you've stepped into the mammoth bear trap that is U.S. Copyright Law.
#1 Posted by Aaron B., CJR on Tue 19 Mar 2013 at 09:22 AM
There is no need for new legislation more so than the need for responsible prosecutorial behavior. The greatest shrot coming of the Obama presidency is the Justice Dept. under the leadership, or lack thereof, of Atty. Gen. Eric Holder. No one on Wall Street can be prosecuted for anything related to the financial disaster of 2007-2008, but some little guy wanting to have a bigger voice feels the full weight of Federal prosecution? Rediculous, and Mr. Obama will be remembered for the civil liberties transgressions that have occured on his watch. I'd add to that Bradley Manning except for the fact that he is being hounded by the Defense Dept. Still that's on Obama.
#2 Posted by Jack, CJR on Tue 19 Mar 2013 at 12:49 PM