Aaron Law

Aaron Law: a bill to reform CFAA in the United States

See Aaron Swartz in the World Encyclopedia.

The CFAA

The act, originally passed in 1986, was aimed at providing a measure of security for computers against unauthorized access to large, time-shared computers. Back then the perceived threat was serious computer hacking. The act has been extended many times since, including as part of the post-9/11 Patriot Act. Now, in response to a reported increase in cyber attacks coming from abroad, many members of Congress want to again expand the CFAA, adding to the stringency of the law with the intent of further protecting America’s computing resources.

The Computer Fraud and Abuse Act makes a federal crime to access a computer without authorization or in a way that exceeds authorization. If that makes you uncomfortable, you are not alone. Zoe Lofgren and Jim Sensenbrenner in the House of Representatives and Ron Wyden in the Senate introduced Aaron’s law on June 20th in an attempt “to provide for clarification as to the meaning of access without authorization.”

The Text of the Draft of the Bill

JANUARY 15, 2013
“To amend title 18, United States Code, to exclude certain violations of
agreements or contractual obligations, relating to Internet service, from
the purview of certain criminal prohibitions, and for other purposes.

To amend title 18, United States Code, to exclude certain
violations of agreements or contractual obligations, relating
to Internet service, from the purview of certain criminal
prohibitions, and for other purposes.
SEC. 2. ELIMINATION OF CERTAIN VIOLATIONS OF AGREEMENTS OR CONTRACTUAL OBLIGATIONS, RELATING TO INTERNET SERVICE, FROM THE PURVIEW OF CERTAIN CRIMINAL PROHIBITIONS.
(a) FRAUD AND RELATED ACTIVITY IN CONNECTION WITH COMPUTERS.—Section 1030(e)(6) of title 18, United States Code, is amended by striking ‘‘alter;’’ and inserting the following: ‘‘alter, but does not include access in violation of an agreement or contractual obligation, such as an acceptable use policy or terms of service agreement, with an Internet service provider, Internet website, or employer, if such violation constitutes the sole basis for
determining that access to a protected computer is unauthorized;’’.
(b) FRAUD BY WIRE, RADIO, OR TELEVISION.—Section 1343 of title 18, United States Code, is amended by
inserting after the first sentence the following: ‘‘A violation of an agreement or contractual obligation regarding
Internet or computer use, such as an acceptable use policy or terms of service agreement, with an Internet service
provider, Internet website, or employer is not in itself a violation of this section.’’.

Explaining the Bill

Lofgren stated her position about the new legislation in a Reddit comment:

“As we mourn Aaron Swartz’s tragic death, many of us are deeply troubled as we learn more about the government’s actions against him. His family’s statement about this speaks volumes about the inappropriate efforts undertaken by the U.S. government. There’s no way to reverse the tragedy of Aaron’s death, but we can work to prevent a repeat of the abuses of power he experienced.

We should prevent what happened to Aaron from happening to other Internet users. The government was able to bring such disproportionate charges against Aaron because of the broad scope of the Computer Fraud and Abuse Act (CFAA) and the wire fraud statute. It looks like the government used the vague wording of those laws to claim that violating an online service’s user agreement or terms of service is a violation of the CFAA and the wire fraud statute.

Using the law in this way could criminalize many everyday activities and allow for outlandishly severe penalties.”

From this, a significant aspect of this billl is that it will no longer sweep up innocent activity on the net. “Instead, the definition of unauthorized use allows the CFAA to focus on hacks and dangerous computer activity—what was initially intended to be covered by the Act.

Aaron’s law would amend the CFAA to clarify the intent of the act. In particular, the bill clarifies the definitions of damages caused by computer crimes, makes penalties proportional to those damages, and disallows the stacking of duplicate charges, which is allowed under the current law. The modified CFAA would more clearly differentiate between serious computer fraud and minor violations such as terms-of-service violations and improper employee behavior without criminal intent.” (source: http://www.scientificamerican.com/article/its-times-reform-computer-fraud-abuse-act/)

The Fair Access to Science and Technology Research Act (FASTR)

The Fair Access to Science and Technology Research Act (FASTR), introduced over one month of the death of Aaron Swartz by Reps. Zoe Lofgren (D-CA), Mike Doyle (D-PA), and Kevin Yoder (R-KS) in the House and Senators John Cornyn (R-TX) and Ron Wyden (D-OR) in the Senate, “require[s] federal agencies with annual extramural research budgets of $100 million or more to provide the public with online access to research manuscripts stemming from funded research no later than six months after publication in a peer-reviewed journal.” The model is the success of the National Institutes of Health’s (NIH) 2008 public access policy.


Posted

in

, ,

by

Tags:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *