The suicide last week of extremely talented programmer Aaron Swartz has brought about an outpouring sorrow in many quarters of the technology industry but recently it has also brought about calls for change to the United States’ laws around hacking and computer crime.
Swartz, one of the creators of the first version of RSS (Rich Site Summary) format for delivery Web content, a co-founder of social news site Reddit and co-founder of the anti-Internet censorship group Demand Progress, hanged himself last Friday in his Brooklyn, New York apartment. At that time, the 26-year-old programmer was facing 13 counts of felony related to his alleged 2011 illegal downloading through the Massachusetts Institute of Technology network of nearly five million academic journals from JSTOR, a non-profit publisher of journals. The charges carried a maximum sentence of 35 years in jail and up to US$1 in fines.
“…Aaron’s tragedy shines a spotlight on a couple of profound flaws of the Computer Fraud and Abuse Act in particular, and gives us an opportunity to think about how to address them,” wrote Hoffman.
It is critical that these flaws are addressed, she said, because individuals who “intentionally or unintentionally” violate them could face severe penalties.
The prosecutor’s argument, Hoffman said would mean that anyone who runs afoul of a site’s fine print could be considered as having broken the law.
Hoffman also said that hacking laws have penalties that are harsh and disproportionate to the offenses people are charged with. For instance, even first-time offenders accused of accessing protected computers without authorization can get up to five years in prison. Repeat offenders face 10 years.
Violations of other parts of the law, she said, are could face up 20 years of life imprisonment.
“The spectre of being incarcerated for years should never have haunted Aaron,” said Hoffman. “Congress must update the CFAA to ensure penalties actually make sense in light of the behavior they’re meant to punish.”