It's past time for Congress to reform the Computer Fraud and Abuse Act (CFAA)—the law used in the aggressive prosecution of the late activist and Internet pioneer Aaron Swartz. While Aaron's case made national headlines, it was only of one of many instances where the CFAA has been used to threaten draconian penalties against defendants in situations where little or no economic harm had occurred.

Unfortunately, last week, the House Judiciary Committee floated changes to the CFAA that are the exact opposite of reforms proposed by EFF and a host of other organizations. The proposed changes increase penalties across the board, expand the scope of the statute, and criminalize new actions. These changes are completely unnecessary, as the CFAA already duplicates many crimes written into other laws. The changes only make the law much worse.

Below are just some of the many instances where the CFAA is redundant. Some of these examples are directly drawn from the DOJ's own Computer Crimes Manual. Other examples include claims companies can pursue—like breach of contract, tortious interference, and other state laws—instead of pushing for Congress and the Justice Department to criminalize website terms of service and employee terms of use violations.

Even under EFF's reform, all of these other statutes could still be used to go after legitimate crimes, and it will still be a serious crime under the CFAA for an outsider to steal proprietary information, to knowingly transmit codes that cause damage to a computer, to traffic in passwords, or engage in extortion by using threats of intrusion.

Go here to tell you Congressional representative to reform the CFAA so it can only used to go after real criminals, instead of security researchers, activists, innovators, and entrepreneurs.