There’s limited political bandwidth for a quick CFAA overhaul. | AP Photo A tough slog for Aaron's Law

It’s going to be tough for “Aaron’s Law” to become, well, a law.

There’s been plenty of Washington soul-searching following the death of Aaron Swartz, the 26-year-old Internet entrepreneur who spent nearly two years battling potential imprisonment on computer fraud charges. But a congressional campaign to rewrite the law and spare others from a similar legal struggle isn’t going to be an easy climb.


“To be successful, that effort will likely take substantial time and require sustained and intense support from all of you,” Rep. Zoe Lofgren (D-Calif.), one of the principal backers, wrote in a post to users of Reddit, which Swartz co-founded. Lofgren said success would require “a push that will need to exceed” even what Internet activists did to halt the Stop Online Piracy Act.

Despite some recent momentum, there’s not much clamor for change coming from the White House — and as expected, the Justice Department, which once tried to expand the penalties of the so-called Computer Fraud and Abuse Act, has been silent.

While there’s a new reform push on Capitol Hill backed by a few powerful members, the key committees with jurisdiction have other plans in mind — and their agendas are packed with immigration reform and gun control. More than that, Congress actually has been fond of stronger punishments for some offenders.

It’s not to say the principles known as Aaron’s Law won’t ever reach the president’s desk in some form — just that all the Internet hype and rallying mark only the beginning of a new and lengthy political journey.

The campaign to update the 1986 statute, known by the acronym CFAA, follows Swartz’s storied and emotional battle against DOJ. Swartz faced charges for allegedly stealing academic journal articles at the Massachusetts Institute of Technology — a violation of federal law and punishable with steep fines and years in prison. Swartz committed suicide almost two years after federal prosecutors commenced their case.

In the weeks to follow, a collection of Internet luminaries and top lawmakers have faulted DOJ for proceeding too aggressively — and critics have turned their sights onto the statute itself, hoping to rewire the rules. The new draft bill would eliminate the avenues by which the feds could pursue those who violate terms of service agreements or change their computer’s unique identifiers.

The neophyte campaign has been fueled by constant letters and tweets. And top lawmakers and industry supporters tried to maintain that momentum with a memorial service Monday night on Capitol Hill that doubled as a call for reform.

Sen. Ron Wyden (D-Ore.), one of its backers, received loud cheers for promising to “change this unjust law” in the memory of Swartz’s “commitment” to a “more just world.”

But the path forward is uncertain.

For all the talk about Swartz’s legacy and the country’s outmoded regulations, there’s limited political bandwidth for a quick CFAA overhaul.

There are key lawmakers behind the new push — Wyden, Lofgren and Rep. Darrell Issa (R-Calif.) — but many other influential Washington policymakers haven’t made a peep.

That includes the White House and its DOJ, both of which did not comment to POLITICO this week on the proposal.

Previously, backers of Aaron’s Law tried to compel the Obama administration to respond through its “We the People” online petition, but the White House hasn’t yet offered its views through that forum.

The silence is noteworthy. For one thing, the Obama administration tried to expand CFAA as part of its 2011 proposal to Congress on cybersecurity reform. That effort, however, would have specifically targeted crimes involving critical infrastructure, like power plants, a White House official told POLITICO.

Separately, the DOJ in Obama’s first term recommended to Congress an expansion of CFAA, with an increase to some penalties under the law.

In the same breath, DOJ lawyers told Capitol Hill in 2011 they didn’t support any revision to the law that would have clarified what constitutes unauthorized access. That’s the part of CFAA, according to opponents, which may have allowed the government to pursue those who simply violate a website’s terms of service agreement. DOJ, however, later reversed course on the matter. Two subsequent federal circuit decisions also closed off the terms-of-service route from the feds, a block that members of Congress now are hoping to codify into law with their new legislation.

Still, the House and Senate panels with first dibs on the measure aren’t exactly leaping to make it their political cause du jour.

Instead, both the House and Senate Judiciary Committees are focused acutely on the hot-button political debates of 2013 — gun control and immigration.

The House Judiciary Committee’s chairman, Rep. Bob Goodlatte (R-Va.), has said there’s much exploration still to do before his panel can even think of a hearing focused on Aaron’s Law. Goodlatte never actually said more than that, contrary to some news reports.

Issa, for one, even acknowledged that reality this week. “I talked to [Goodlatte] briefly about what we were doing, and he was fine with us going forward and looking at it and thought it was worthwhile,” the congressman told POLITICO, though he added: “I don’t know that it’s the focus, as you say, with his requirement for this other major legislation.”

Meanwhile, the upper chamber’s Judiciary chief, Sen. Patrick Leahy (D-Vt.), hasn’t commented publicly on Aaron’s Law. In the past, though, Leahy tried to advance data-security legislation that included CFAA changes — though not all of those proposed revisions had the backing of netroots activists.

On one hand, Leahy had support from Sens. Chuck Grassley (R-Iowa), Al Franken (D-Minn.) and others for carving terms of service violations out of the law. However, Leahy also sought to boost some of the existing rules’ criminal penalties, among additional changes.

Going forward, the emphasis on penalties could be a significant challenge for reform, supporters say. “I do think any reform of CFAA that wants to be true to Aaron’s memory needs to address the penalties,” said Cindy Cohn, legal director at the Electronic Frontier Foundation. “I do think it’s unfortunate the drift in Congress has been in the other direction.”

Cohn said the interest on Capitol Hill in additional penalties represents the standard “giveaway to the DOJ” meant to make reform more palatable, but she emphasized it’s “time to change course” on that approach.

For now, an aide to Leahy on the Senate Judiciary Committee said the chairman is focused this year on pushing reform to another outdated federal statute — the Electronic Communications Privacy Act.

In the meantime, members of Congress are forging ahead. Lofgren has yet to formally introduce the legislation and appears to be seeking additional reaction from Internet stakeholders on the second draft of her bill. Issa and his Democratic counterpart on the House Oversight Committee, Rep. Elijah Cummings of Maryland, plan to receive a briefing on the case soon from the DOJ.

Jessica Meyers and Alex Byers contributed to this report.