Can legal changes prevent another Aaron Swartz tragedy?
I didn't know Aaron Swartz well. I just knew him well enough to be impressed. Swartz was one of the creators of Reddit, Creative Commons, and the RSS (Really Simple Syndication) protocol. Hounded by depression, faced with mounting legal bills and a potential sentence of dozens of years in prison for allegedly trying to take MIT academic journal articles public, this brilliant young man took his own life. Swartz was 26.
His friend, and well-known open-source and intellectual property attorney, Lawrence "Larry" Lessig, wrote, "If what the government alleged was true—and I say 'if' because I am not revealing what Aaron said to me then—then what he did was wrong. And if not legally wrong, then at least morally wrong."
But, "For the outrageousness in this story is not just Aaron. It is also the absurdity of the prosecutor’s behavior. From the beginning, the government worked as hard as it could to characterize what Aaron did in the most extreme and absurd way. The 'property' Aaron had 'stolen,' we were told, was worth 'millions of dollars'—with the hint, and then the suggestion, that his aim must have been to profit from his crime. But anyone who says that there is money to be made in a stash of ACADEMIC ARTICLES is either an idiot or a liar. It was clear what this was not, yet our government continued to push as if it had caught the 9/11 terrorists red-handed."
Indeed Swartz's "crimes" were that he allegily used MIT's computer network to download millions of academic articles from the online academic papers archive JSTOR, without authorization. For that, he faced 13 felony counts of hacking and wire fraud (PDF Link). I must agree with Swartz's family and partner who claim "Aaron’s death is not simply a personal tragedy. It is the product of a criminal justice system rife with intimidation and prosecutorial overreach. Decisions made by officials in the Massachusetts U.S. Attorney’s office and at MIT contributed to his death. The US Attorney’s office pursued an exceptionally harsh array of charges, carrying potentially over 30 years in prison, to punish an alleged crime that had no victims."
We can't bring Swartz back to life. We can, however, the Electronic Frontier Foundation (EFF) suggests, reform the anti-hacker laws, which enabled the witch-hunt that led to Swartz's suicide. We can stop prosecution for other victimless hacker crimes.
The EFF believes there are two profound flaws in the Computer Fraud and Abuse Act. Together, they were used to hound Swartz and they are still being used to unfairly attack others.
The first problem is that "Hacking laws are too broad, and too vague" Among other things, the CFAA makes it illegal to gain access to protected computers 'without authorization' or in a manner that 'exceeds authorized access.' Unfortunately, the law doesn't clearly explain what a lack of 'authorization' actually means. Creative prosecutors have taken advantage of this confusion to craft criminal charges that aren't really about hacking a computer but instead target other behavior the prosecutors don't like."
Therefore, "It's time for Congress to amend the CFAA to clarify what counts as access 'without authorization' and what doesn't. This will help ensure prosecutors can't use the law to bring arbitrary cases against people they simply don't like."
The second problem, and this is where the law really falls apart as far as I'm concerned, is that "The penalty scheme for CFAA violations is harsh and disproportionate to the magnitude of offenses. Even first-time offenses for accessing a protected computer 'without authorization' can be punishable by up to five years in prison each (ten years for repeat offenses) plus fines. It's worth nothing that five years is a relatively light maximum penalty by CFAA standards; violations of other parts of that law are punishable by up to ten years, 20 years, and even life in prison."
Indeed, had he lived and been convicted, Swartz would have faced a maximum of $4 million in fines and more than 50 years in prison. While AllThingsD reports that Carmen Ortiz, U.S. attorney for the District of Massachusetts, said about the the case that, "Stealing is stealing, whether you use a computer command or a crowbar, and whether you take documents, data, or dollars," it's incomprehensible to me that stealing academic documents deserves felony prosecution leading to years of imprisonment and millions of dollars in fines.
As the EFF declared, "No prosecutor should have tools to threaten to end someone's freedom for such actions, but the CFAA helped to make that fate a realistic fear for Aaron." Thus, the EFF is asking you to write to your Congressional Representative or Senator asking that this law be changed so that no others need face this kind of draconian prosecution. I urge you do so.
It's too late for Swartz, let's strive to make sure it's not too late for others.
Related Stories: