CFAA == Computer Fraud and Abuse Act.
Nominee For Attorney General Tap Dances Around Senator Franken’s Question About Aaron Swartz
by Mike Masnick, Tech Dirt
Wed, Feb 18th 2015 11:31am
While there have been many egregious CFAA cases, one of the most high-profile, of course, was that of activist Aaron Swartz, who was arrested for downloading too many research papers from JSTOR from the computer network on the MIT campus. The MIT campus network gave anyone — even guests — full access to the JSTOR archives if you were on the university network. Swartz took advantage of that to download many files — leading to his arrest, and a whole bunch of charges against him. After the arrest, the DOJ proudly talked about how Swartz faced 35 years in prison. Of course, if you bring that up now, the DOJ and its defenders get angry, saying he never really would have faced that much time in prison — even though the number comes from the DOJ’s (since removed) press release.
Swartz, of course, tragically took his own life in the midst of this legal battle, after facing tremendous pressure from the DOJ to take a plea deal as a felon, even as Swartz was sure he had done nothing illegal or wrong. Since then, there have been a few attempts to update the CFAA to block this kind of abuse, but they have been blocked at every turn by a DOJ that actually wants to make the law even worse. This includes the White House’s latest proposal for CFAA reform, which would actually make more things a felony under the CFAA, and could drastically increase sentencing for things that many of us don’t think should be a crime at all — such as tweeting out a list of worst passwords on the internet.
Outgoing Attorney General Eric Holder has done his best to ignore or downplay any suggestion that his Justice Department abused the CFAA in going after Swartz. And it looks like his likely replacement is trying to do the same.
Senator Al Franken questioned nominee Loretta Lynch about Swartz and the CFAA (.pdf) and got back a response that is basically her avoiding the question. She doesn’t say anything about Swartz, but goes off on some FUD about the dangers of malicious hackers and how the DOJ needs the tools to fight spyware. She then claims that the newly proposed CFAA changes are okay because they only increase the possible maximum sentences, but not the minimums, leaving things up to the discretion of judges (and prosecutors).
This is such a total braindead law enforcement view of things: that if only there were greater punishment it would scare the “bad people” out of doing what they’re going to do. That’s never really worked, and especially not in this area, where the law is being abused to go after people who don’t think they’re actually doing anything wrong.
Second, it just plays up the FUD that “bad stuff is happening” so “something must be done.” But it ignores how vague the law is and how it’s wide open to abuse. A good law enforcement official would ask for clearer laws that more narrowly target actual bad behavior, rather than celebrating a broad and vague law that can be, and is, widely abused just to rack up more DOJ headlines and “victories.”