Hacking Law Left Broken as Corporations Quash Reforms

Back in 2011, authorities arrested American hacktivist Aaron Swartz, who helped develop the RSS Feed, the organization Creative Commons, and even the social forum site Reddit, for downloading too many academic articles on JSTOR. Using the much maligned, outdated Computer Fraud and Abuse Act (CFAA), which was inspired by the 80’s movie “War Games,” prosecutors charged Swartz with a 13-count indictment. Facing almost certain incarceration for alleged crimes that the victims didn’t want to pursue litigation over, Swartz hanged himself.

Now, an attempt to update the largely criticized Internet hacking law has been stalled in Congress. A stalemate between Representative Zoe Lofgreen, who was carrying “Aaron’s Law” into the house, and the Representative Bob Goodlatte, who heads the House Judiciary Committee, has emerged because Goodlatte choose not to vote or even discuss the bill.

“There is still a pressing need for [CFAA] reform, and I stand by the bill I authored and introduced to do just that,” said Lofgren. “Unfortunately, Chairman Goodlatte has refused to schedule any debate or vote on this important issue – only he can explain why he refuses to move this bipartisan bill forward.”

According to Motherboard, the reason the bill was likely stopped, as other reforms have been, is because Silicon Valley corporations stepped in, spending millions of dollars on lobbying funds to quash CFAA reforms. The reason they don’t want it to change is because its current iteration of the CFAA is vaguely worded, allowing corporate giants to sue anyone from users to employees who may violate Terms of Service agreements.

Aaron’s Law would have amended the CFAA’s problematic language with two edits. It would have gotten rid of the phrase “exceeds authorized access” and would have defined what exactly “access without authorization” means.

With these two phrases in place as they are, something as small as lying about age or gender carries the same criminal weight as stealing a person’s identity. While one is clearly worse, both are considered felonies.

Aaron’s Law would have refocused things so that the CFAA would be used as it was originally intended — to target extreme cyber-crimes.

Although it’s clear that the law needs amendments, it seems that it’ll be a while before anything will get done about the infamous CFAA.