Print 53 comment(s) - last by ebakke.. on Jun 28 at 3:27 PM

Tragedy provided the momentum to

A new bill has been introduced in the House and Senate dubbed "Aaron's Law", which looks to reform the badly outdated and ambiguous Computer Fraud and Abuse Act of 1986 (18 USC § 1030).  So who is Aaron and why is a law being named after him?  The answer traces back to a tragic event that occurred early this year.

I. A Tragic Loss Leads to Reform

Aaron Swartz, a Reddit co-founder and co-developer of the RSS standard, committed suicide this January leaving behind a complex legacy of success and controversy.  While amassing enough money to live comfortably following the sale of Reddit to Conde Nast, Mr. Swartz became an ardent activist.  

In 2011 while visiting the Massachusetts Institute of Technology (MIT) he downloaded a 4.8 million scholarly journal articles from JSTOR -- a subscription only distribution service.  The authors made no money off the publication, he figured. It all went to the publishers.  Further, the research was paid for with taxpayer money.  So he boldly offered up the articles online.
JSTOR logos
And he paid for it.  Federal prosecutors, aided by MIT administrators, hit him with numerous CFAA charges with a maximum penalty of $1M USD and 35 years in prison.  As the feds piled on more charges (nine additional counts in Sept. 2012 alone), Mr. Swartz allegedly grew despondent, and ultimately chose to hang himself.  His then-girlfriend found him at their shared Crown Heights, Brooklyn, New York apartment.

But his death set off a spark.  At his funeral at Central Avenue Synagogue in Highland Park, Illinois, his father Robert Swartz was unequivocal, stating, "[Aaron] was killed by the government, and MIT betrayed all of its basic principles."

Aaron Swartz
A media storm ensued.  Congress soon took up the issue.  And some feared -- like many Congressional inquiries -- the momentum would eventually die down.

II. "Aaron's Law" Looks to Clean up CFAA Mess

But ultimately two bills have emerged from the tragedy -- the second of which was introduced today.

One man standing firmly behind both bills is Sen. Ron Wyden (D-Ore.) -- a man who might have more in common with social libertarians like Rep. Ron Paul (R-Tex.) than his Democratic colleagues, when it comes to civil rights.  But the credit for "Aaron's Law" goes primarily to its author, Rep. Zoe Lofgren (D-Calif.).

The bill points out that the language of the CFAA "invites abuse" in that it makes it hard to differentiate between law-abiding users and criminals.  For example the CFAA makes it a felony to "access a computer without authorization or exceed authorized access" -- while failing to define exactly what that blob of tech jargon means.

Ethernet Cables
"Aaron's Law" finally clarifies "authorized access" from a technical standpoint.
[Image Source: Boot Click]

That ambiguity has made it the favorite tool of zealous district prosecutors; after all, almost any action using a digital device could be construed as "exceeding the authorized access".  Further the law allows for redundant charges within the bill itself, and allows these charges to be piled atop state statutes -- which was what happened in Mr. Swartz's case.

The proposed bill does the following:
  1. Prevents redundant charges within the bill itself
  2. Prevents federal charges that overlap state charges.
  3. Allows flexibility to downgrade charges to a non-felony.
  4. Explain what "exceeding authorized access" means.
The final amendment is particularly important.  The bill -- at last -- offers a quasi-technical definition of access, writing:

(A) to obtain information on a protected computer;
(B) that the accesser lacks authorization to obtain; and
(C) by knowingly circumventing one or more technological or physical measures that are designed to exclude or prevent unauthorized ndividuals from obtaining that information.

In other words all manner of attacks on systems protected by cryptography would be considered a crime.  But data dumps on open interfaces -- such as imprisoned computer specialist Andrew "weev" Auernheimer's scraping of openly accessible online ID data for Apple, Inc. (AAPL) iPads or Mr. Swartz's data dump -- would arguably not qualify.  Of course such actions could still violate state criminal or civil statutes, but at a federal level, at least, a "locked door" analogy would be adopted when it comes to access.

Sen. Wyden and Rep. Lofgren write in a Wired op-ed that critics of the bill are ignorant to the fact that other laws already protect companies and institutions against the unauthorized distribution of proprietary information.  They write:

Other critics may argue that Aaron’s Law reforms remove one specific scenario from CFAA: an authorized individual using their own authorization (such as password credentials) to access and use information in unauthorized ways. Although we do not wish to create any new vulnerabilities, the overbroad approach currently taken by the CFAA potentially criminalizes millions of Americans for common Internet activity. Moreover, numerous laws like Theft of Trade Secrets, the Privacy Act, copyright law, the Stored Communications Act, wire fraud, and HIPAA already criminalize misuse of information.

The pair did say that they were open to suggestions by businesses on that topic of tweaking the language to fairly punish the theft of insider secrets.

Sen. Wyden
The bills have the backing of Sen. Ron Wyden (left). [Image Source: Kevin Krejci]

The cost of inaction is too high, they conclude, writing:

The consequences of inaction are all too clear. We live in an age where people connect globally by simply touching a device in the palm of their hand, empowered by online advances that have enriched the world scientifically, culturally, and economically.

But ill-conceived computer crime laws can undermine this progress if they entrap more and more people — simply for creative uses of the technology that increasingly mediates our everyday activities and our interactions with the world. This not only fails us today, it can also become an obstacle to the innovations of tomorrow.

The second pending bill was already introduced back in February, dubbed The Fair Access to Science and Technology Research Act (FASTR).  Sponsored by Sen. Wyden, Sen. John Cornyn (R-Tex.), and Rep. Lofgren (among others), this law is nicknamed "The Other Aaron's Law".  Its primary purpose would be to force taxpayer-funded research to be released to the public .

Sources: Aaron's Law (PDF), The Fair Access to Science and Technology Research Act (FASTR) [PDF], Sen. Wyden, Rep. Lofgren on Wired

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: Millenials
By conq on 6/24/2013 1:34:58 PM , Rating: 2
All you had to do was quote the 4th amendment to him since he's clearly never read it before:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

NO NO IT'S FINE THEY'RE PROTECTING YOU. But in all seriousness you have nothing to worry about as long as you're a nobody. If you ever become an activist, rub a politician the wrong way, do anything to peak their interest and put you permanently on their radar, then you have to look out. I have no idea why Aaron gave up on the cause and himself. Every cause demands a martyr but there are much better ways than that.

RE: Millenials
By SublimeSimplicity on 6/24/2013 2:17:03 PM , Rating: 2
...and don't because to successful either. Your competition might have the right senator in their pocket to get a hold of your data you shared via external email, phone calls, text message, etc.

RE: Millenials
By maugrimtr on 6/25/2013 11:00:35 AM , Rating: 2
People rarely just "give up" unless cruel and unusual means are employed or unless they have some mental illness. We should know that torture can break a person and force them to admit or say practically anything to make their suffering stop.

In Aaron's case, he suffered from depression. As do I.

Depression is a horrendous disease that can push a person into some pretty extreme places. You can feel sad, depressed, alone and desperate for absolutely no good reason. Most people with depression manage their issue and live near normal lives. Sometimes, what seems a tolerable experience for most can be too much. Being prosecuted so unfairly would have driven Aaron's depression into overdrive, robbing him of the ability to think clearly about his actions. He was not in his right mind and we shouldn't judge him too harshly for having some challenging genes.

I'm sure the prosecutors could care less.

RE: Millenials
By Ammohunt on 6/24/2013 4:07:09 PM , Rating: 2
against unreasonable searches and seizures

Prove that what the NSA is doing is unreasonable considering the current state of war this country is in. Prove that this system was abused in a fashion that you are implying.

RE: Millenials
By ritualm on 6/24/2013 4:17:24 PM , Rating: 2
Do you honestly think the NSA should be given unlimited powers to spy on everyone without a shred of accountability and following due legal process?

Do you honestly think the NSA will not abuse its powers against us? Remember, there is no such thing as illegal and running afoul of the law when you work for the NSA.

RE: Millenials
By Ammohunt on 6/24/2013 4:51:05 PM , Rating: 2
Do you honestly think the NSA should be given unlimited powers to spy on everyone without a shred of accountability and following due legal process?

Where is the proof they have been spying on "Everyone"? Please...

I agree accountability could be better their needs to be a better way of obtaining a warrant when it comes to time sensitive targets. That being said i haven't seen a shred of evidence that this data was abused in any fashion.

Do you honestly think the NSA will not abuse its powers against us? Remember, there is no such thing as illegal and running afoul of the law when you work for the NSA.

Rumors and hearsay about the NSA but no concrete evidence yet. All i have seen from netziens is the knee jerk NSA = Governemnt = BAD! Having some personal experience with this topic the answer is no.

RE: Millenials
By maugrimtr on 6/26/2013 7:00:34 AM , Rating: 2
You should pay more attention to history. It is rife with examples of those with power abusing it. It's such a common theme that there's even a phrase for it.

"Power corrupts; absolute power corrupts absolutely."

We don't require proof of NSA abuses. We just need to recognize that the capacity for abuse exists and put in place controls to prevent it. This perfectly normal and expected.

In this case, however, one essential control happens to be a secret court with secret rulings and unknown case law that coincidentally approves >99% of all requests.

RE: Millenials
By anactoraaron on 6/24/2013 4:21:01 PM , Rating: 2
Prove that what the NSA is doing is unreasonable considering the current state of war this country is in

I never realized our government was at war with all of its citizens.

RE: Millenials
By Reclaimer77 on 6/24/2013 4:44:07 PM , Rating: 2
Prove that what the NSA is doing is unreasonable considering the current state of war this country is in. Prove that this system was abused in a fashion that you are implying.

The NSA was founded with the expressed written mandate that their intelligence apparatus would "never" be turned on U.S citizens. The NSA has no legal authority to spy on American citizens or interests.

Does that help "proving" things to you a bit? And please, if you ask me to "prove" what I just said to you, instead of researching things yourself, I'm going Taken on your stupid ass. I will find you, and I will kill you.

RE: Millenials
By Ammohunt on 6/24/2013 5:01:45 PM , Rating: 2
let me ask you a couple questions:

Do illegal aliens or green card carriers use mobile phones on America cell phone networks?

Do naturalized American citizens receive calls from countries hostile to our nation?

The answer is yes in case you are wondering and until they start issuing special government phones to said individuals it appears that the collection methods of the NSA are spot on. There is not a shred of evidence that US Citizens have been "Spied upon" by the NSA none nada zip.

I will find you, and I will kill you.

Lol save your threats for your enemies Patrick.

"Let's face it, we're not changing the world. We're building a product that helps people buy more crap - and watch porn." -- Seagate CEO Bill Watkins

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki