Anti-Hacking Law Criticized After Suicide of Internet Activist

Friday, January 18, 2013, by Anu Madan

On January 11, 2012, software programmer, Internet activist, and computer prodigy Aaron Swartz was found dead in his Brooklyn apartment.  According to New York City’s chief medical examiner, Swartz committed suicide by hanging.  As an advocate for Internet freedom, Swartz strongly believed that information, which could potentially benefit society, should be made available to the public at no cost.  In 2011, Swartz played an instrumental role in helping block the controversial Stop Online Piracy Act (SOPA).  That same year, Swartz was indicted for wire fraud, computer fraud, and unlawfully obtaining information from a protected computer, among other charges.  Swartz allegedly broke into the computer system at the Massachusetts Institute of Technology (MIT) and downloaded an estimated 4.8 million documents from JSTOR, subscription-based academic research database.   If convicted, Swartz could have faced more than 30 years in prison and up to $1 million in fines.  It is alleged that Swartz committed suicide after prosecutors refused further negotiations o his plea bargain.

Although Swartz had been coping with depression for many years, the family blames his suicide on a “criminal justice system rife with intimidation and prosecutorial overreach.”  The family criticized the U.S. Attorney’s Office in Massachusetts for pursuing “an exceptionally harsh array of charges . . . to punish an alleged crime that had no victims.”  The U.S. Attorney’s case was based on the 1984 Computer Fraud and Abuse Act (CFAA), a broad anti-hacking measure, which some legal commentators suggest, has limited applicability today.  CFAA punishes individuals for “having knowingly accessed a computer without authorization or exceeding authorized access.”

Rep. Lofgren stated that CFAA “criminalize[s] many every activities and allow[s] for outlandishly severe penalties” and calls for “dangerous legal interpretation.”

Rep. Zoe Lofgren of California recently proposed “Aaron’s Law,” a bill that seeks to update and amend the CFAA by excluding terms of service violations.  Rep. Lofgren stated that CFAA “criminalize[s] many every activities and allow[s] for outlandishly severe penalties” and calls for “dangerous legal interpretation.”  Many tech commentators have contended that CFAA has been widely abused by prosecutors.  Additionally, given the vague wording of the statute, federal courts have interpreted the CFAA differently.  Despite the confusion, prosecutors have brought nearly 300 federal criminal cases under CFAA from 2010 through 2012.  An additional 300 civil suits were brought in private disputes citing CFAA.

Since Swartz’s tragic death, Carmen Ortiz, the prosecutor who pursued the charges against Swartz, has defended the case against him.  In a statement, Ortiz defended her conduct, and stated that U.S. Attorney’s office was “appropriate in bringing and handling this case.”  Ortiz contended that the office never sought or intended to seek the maximum penalties under the law.