Two members of Congress introduced new legislation Thursday in honor of Aaron Swartz, the 26-year-old Internet activist who faced charges for downloading millions of articles from a Massachusetts Institute of Technology computer archive before committing suicide in January.
"Aaron's Law," introduced by Rep. Zoe Lofgren (D-Calif.) and Sen. Ron Wyden (D-Ore.), would amend the Computer Fraud and Abuse Act, a 1980s-era statute that makes it a federal crime to access a computer without authorization.
Critics say the current law is overly vague and potentially criminalizes innocent Internet activity. In an Op-Ed published Thursday on Wired.com, Lofgren and Wyden said it gives prosecutors wide discretion to pursue charges against someone who violates a website’s terms of service or employer agreement. As a result, Internet users could potentially face prison sentences for lying about their age on Facebook or checking personal email on a work computer, they said.
The current law also allows defendants to be charged multiple times for the same act, allowing prosecutors to pressure them into accepting a plea deal to avoid lengthy prison sentences, the lawmakers said. "It allows breathtaking levels of prosecutorial discretion that invites serious abuse," they said.
Lofgren and Wyden said their bill amends the law to prevent Internet users from facing criminal charges for violating a company's terms of service and prevent prosecutors from pursuing multiple charges against a defendant for the same act.
They said they got public feedback on drafts of the bill from users of the social news site Reddit and a wide range of technical experts, businesses and current and former government officials.
"The result is a proposal that we believe, if enacted into law, safeguards commonplace online activity from overbroad prosecution and overly harsh penalties, while ensuring that real harmful activity is discouraged and fully prosecuted," they said.
Several civil liberties advocates and Internet activists praised the measure.
Kevin Bankston, a director at the Center for Democracy and Technology, said some courts have rejected prosecutors’ attempts to charge defendants with computer crimes for violating a website’s terms of service or employer’s computer use policy.
"'Aaron’s Law' would eliminate any ambiguity and make those courts’ decisions the law of the land," he said. "Only people who break into computers by circumventing technical restrictions should be prosecuted as computer criminals.”
David Segal, executive director of Demand Progress, an advocacy group co-founded by Swartz, said the new legislation, if it passes, "will mean that Aaron will continue to do in death what he always did in life, protect the freedoms and rights of all people."
Previous efforts this year to reform the CFAA have been contentious. In April, House Republicans were forced to cancel a vote to amend the law after a flurry of lobbying by Internet activists who said the measure being considered would expand the statute, not reform it.
Lofgren and Wyden said companies have expressed concern that the bill would prevent them from taking "matters into their own hands to protect their proprietary information from insider theft."
"We look forward to robust discussions on this issue and to addressing any warranted concerns," they said.
The Obama administration has argued the law should not be changed. Richard Downing, deputy section chief for computer crime and intellectual property, told a House committee in 2011 that removing parts of the law "could make it difficult or impossible to deter and punish serious threats from malicious insiders."