In the wake of Aaron Swartz’s suicide, sympathetic supporters of the young man have been calling for changes in how the government prosecutes certain digital crimes. U.S. Rep Zoe Lofgren (D-CA) has answered those calls with a proposed amendment to the Computer Fraud and Abuse Act (CFAA).
Swartz was charged with violating MIT’s terms of service, which allowed prosecutors to pursue a harsh sentence, which most everyone besides the prosecutors themselves found way out of proportion to the crime. The amendment would exclude terms of service violations from the law, in hopes to prevent what happened to Swartz to happen to anybody else. While it’s certainly a noble effort, there are still critics of this proposed amendment. Security experts feel that excluding the terms of service violations would open up systems to huge breaches and more dangerous cybercrimes. They say that the CFAA isn’t the problem here, and shouldn’t be touched in any way, as it is a perfectly acceptable means of charging and prosecuting such crimes. They focus on creating prosecutorial guidelines, so that lawyers and law enforcement officials can’t intimidate the accused into doing something like Swartz.
Which side do you fall on? What implications would the amendment have on cybercrime and internet privacy? What are the arguments on both sides? What’s the absolute best way to approach this issue so that it is prevented in the future?
Susan Freiwald, Professor of Law at the University of San Francisco School of Law where she teaches Cyberspace Law, Information Privacy Law, and Contracts
Jody Westby, CEO & Founder of Global Cyber Risk, a cybersecurity firm that provides advisory services to corporations and governments in the U.S. and globally