Rep. Zoe Lofgren Plans To Introduce 'Aaron's Law' To Stop Bogus Prosecutions Under The CFAA

from the one-step dept

Section 1343 of title 18, United States Code, is amended by inserting after the first sentence the following: ‘‘A violation of an agreement or contractual obligation regarding Internet or computer use, such as an acceptable use policy or terms of service agreement, with an Internet service provider, Internet website, or employer is not in itself a violation of this section.’’

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

There's been talk for years about fixing the Computer Fraud and Abuse Act (CFAA), which has been widely abused by law enforcement/prosecutors to claim that basically any use of a computer that did not fall under the explicitly allowed uses was a form of "computer hacking" -- and potentially a felony. This allowed for law enforcement to go after all sorts of people -- including anyone who did anything on a computer that their employer didn't like . Or anyone who sent spam . Or anyone who reported on a data vulnerability . Or anyone who just senta too many emails . These and many more cases mostly revolved around a stretched interpretation of the (outdated) CFAA, which suggested that simply violating a terms of service was the equivalent of "unauthorized access," and thus a "hacking" violation. Courts have so far been somewhat split on this interpretation, with some buying it and others not buying it at all.The abuse of the CFAA has been seen in some high profile cases, including the one against Lori Drew , after a young girl, who was a friend of Drew's daughter, killed herself following a "dispute" with a fake profile of a boy that was really set up by Drew and some others. The court eventually tossed that out (though a jury convicted her). But it seems tragically ironic that a law that prosecutors once used (they claimed) to go after someone for bullying someone to commit suicide, is now itself being blamed for prosecutors' own bullying tactics, which many (including his parents) now insist led to the suicide of Aaron Swartz.Congress has approved fixes for the CFAA in the past, but they've never made it all the way into law. The unfortunate, untimely and tragic death of Aaron Swartz may have brought back politicians' interest in making such a fix. Rep. Zoe Lofgren announced on Reddit her plans to introduce "Aaron's Law" to fix one glaring weakness in the CFAA : the idea that any terms of service violation is akin to hacking and fraud under the law. The draft bill rejects such an interpretation explicitly:Hopefully, this new Congress can look at the unfortunate situation with Aaron (and many others) and how prosecutors are using the CFAA as a weapon to browbeat people they don't like into guilty pleas on garbage charges, and finally pass this much needed fix to the CFAA.

Filed Under: aaron swartz, cfaa, computer fraud and abuse act, zoe lofgren