The suicide last week of extremely talented programmer Aaron Swartz has brought about an outpouring sorrow in many quarters of the technology industry but recently it has also brought about calls for change to the United States’ laws around hacking and computer crime.
“The government should have never thrown the book at Aaron for accessing MIT’s network and downloading scholarly research,” said Marcia Hoffman, senior staff attorney for the Electronic Frontier Foundation in a blogpost Wednesday
on the digital rights group’s Web site. “However, some extreme problematic elements of the law made it possible.
Swartz, one of the creators of the first version of RSS (Rich Site Summary) format for delivery Web content, a co-founder of social news site Reddit and co-founder of the anti-Internet censorship group Demand Progress, hanged himself last Friday in his Brooklyn, New York apartment. At that time, the 26-year-old programmer was facing 13 counts of felony related to his alleged 2011 illegal downloading through the Massachusetts Institute of Technology network of nearly five million academic journals from JSTOR, a non-profit publisher of journals. The charges carried a maximum sentence of 35 years in jail and up to US$1 in fines.
MIT to probe its role in Reddit founder’s suicide
"…Aaron’s tragedy shines a spotlight on a couple of profound flaws of the Computer Fraud and Abuse Act in particular, and gives us an opportunity to think about how to address them,” wrote Hoffman.
It is critical that these flaws are addressed, she said, because individuals who “intentionally or unintentionally” violate them could face severe penalties.
The U.S. laws around computer fraud and abuse are too broad and too vague, according to the EFF lawyer.
Hoffman said the CFAA makes it illegal to gain access to protected computers without authorization or in a manner which “exceeds authorized access.” Unfortunately, she said, the law doesn’t clearly state what constitutes lack of authorization.
The prosecutor’s argument, Hoffman said would mean that anyone who runs afoul of a site’s fine print could be considered as having broken the law.