Aaron’s Law, designed to stop the Department of Justice from acting as enforcers for private corporations, has been formally introduced into the US house of representatives.
The Bill, nicknamed after Aaron Swartz – who was hounded to death by the Department of Justice – will stop prosecutions based on violations of terms of service for web products, website notices or employment agreements under the Computer Fraud and Abuse Act (CFAA).
Swartz committed suicide in January while facing federal prosecution for allegedly hacking into an MIT network and downloading millions of scholarly articles from the JSTOR subscription service.
The bill would remove the charge of “exceeds authorised access” from the CFAA. It would replace it with a definition for “access without authorisation”, which would include bypassing technology and physical measures through deception or through gaining access to an authorised person’s credentials.
Representative Zoe Lofgren and Senator Ron Wyden said that it would refocus the law away from common computer and internet activity and towards actually damaging hacking attempts.
Aaron’s Law establishes a clear line that’s needed to distinguish the difference between common online activities and harmful attacks.
It would make it tougher for prosecutors to seek long jail terms for crimes involving little financial gain.
Swartz was threatened with a lengthy jail sentence in the hope that he would admit to a lesser charge which carried a smaller jail sentence.
Demand Progress, the digital rights group Swartz cofounded, said that it was backing the legislation. Executive director David Segal said that when Aaron’s Law is signed into law it will mean that he will continue to do in death what he always did in life, which was to protect the freedoms and rights of all people.
It is not clear how the Bill will progress. After all, there are a lot of private interests which quite like the idea of people being jailed for violating their terms and conditions of use.