New bills informed, and not, by Aaron Swartz's legacy

Apr 24, 2015 4:39 pm

Mike Masnick at reports that two very different bills about computer hackers were introduced in Congress last week. Aaron's Law, from Senators Ron Wyden and Rand Paul and Rep. Zoe Lofgren, is designed to fix problems with the Computer Fraud and Abuse Act (CFAA). Aaron's Law is named after Aaron Swartz, faced 30 years in jail under the CFAA because he downloaded too many academic journal articles that he may have been entitled to download. The talented computer activist committed suicide instead of face those 30 years for that somewhat trivial transgression. The same day that Aaron's Law was introduced, Senators Mark Kirk (R-IL) and Kirsten Gillibrand (D-NY) introduced a competing law called the Data Breach Notification and Punishing Cyber Criminals Act although they did not release text of the proposed law, just a YouTube video (above) and a press release. Gillibrand says, "The bill raises the maximum allowable fines and imprisonment for many of the statutes which cyber criminals are charged: identity theft, conspiracy to commit access device fraud, obtaining information from a protected computer without authorization and computer hacking with intent to defraud." Masnick at Techdirt argues that the, "obtaining information from a protected computer without authorization" was the concern in the Swartz case. A too-broad term was used to inflict a sentence far too harsh. "It suggests a pretty serious cluelessness about the incentives and motivations of those who commit many of those breaches," he wrote. "Increasing the number of years they could spend in time from crazily high to insanely high isn't going to change a damn thing." Read the full story at