'Aaron's Law' aims to reform abused computer crime policies

A bill first proposed on Reddit targets overzealous "hacking" charges


Earlier this year, the prosecution and death of internet activist Aaron Swartz highlighted a number of flaws in the Computer Fraud and Abuse Act (CFAA), a 1986 computer crime law which allows federal prosecutors to press serious charges for sometimes innocuous internet activities. Now two members of Congress, Rep. Zoe Lofgren (D-CA) and Sen. Ron Wyden (D-OR), are getting ready to plug those holes with the introduction of "Aaron's Law," a CFAA reform bill first proposed on Reddit aimed at curbing the law's abuses.

In Wired, Lofgren and Wyden outline how the law's vague definitions of "unauthorized access" and "exceeding access" to a computer have allowed for broad interpretations on what a computer crime actually is. Because of that vagueness, prosecutors can default to the language of Terms of Service agreements, making violating such an agreement — by using a fake name on Facebook, for example — punishable as a felony. The final draft of the bill, released on Thursday, proposes sharpening that language to only include the act of "knowingly circumventing one or more technological or physical measures" meant to prevent access to information, such as encryption or a locked office door. Aaron's Law also targets the redundancies which currently allow prosecutors to trump up sentences by charging defendants with the same violation multiple times.

"Ill-conceived computer crime laws can undermine progress if they entrap more and more people."

The CFAA's loose language allowed US attorneys Steven Heymann and Carmen Ortiz to force Aaron Swartz into a plea bargain after threatening up to 35 years in prison. Swartz had accessed MIT's open network and used a Python script to automatically download millions of publicly funded academic papers hidden behind the JSTOR paywall. JSTOR refused to press charges, but because Swartz violated the Terms of Service, he was able to be prosecuted by the government under the CFAA.

Lofgren and Wyden say the bill's intent is "refocusing the law away from common computer and internet activity and toward damaging hacks," warning that keeping the law as-is threatens legitimate activity and "can also become an obstacle to the innovations of tomorrow."

Back to top ^
Log In Sign Up

Log In Sign Up

Please choose a new Verge username and password

As part of the new Verge launch, prior users will need to choose a permanent username, along with a new password.

Your username will be used to login to Verge going forward.

I already have a Vox Media account!

Verify Vox Media account

Please login to your Vox Media account. This account will be linked to your previously existing Eater account.

Please choose a new Verge username and password

As part of the new Verge launch, prior MT authors will need to choose a new username and password.

Your username will be used to login to Verge going forward.

Forgot password?

We'll email you a reset link.

If you signed up using a 3rd party account like Facebook or Twitter, please login with it instead.

Forgot password?

Try another email?

Almost done,

By becoming a registered user, you are also agreeing to our Terms and confirming that you have read our Privacy Policy.



Choose an available username to complete sign up.

In order to provide our users with a better overall experience, we ask for more information from Facebook when using it to login so that we can learn more about our audience and provide you with the best possible experience. We do not store specific user data and the sharing of it is not required to login with Facebook.