June 20, 2013, 4:13 PM — Two U.S. lawmakers have introduced a bill that would prevent the Department of Justice from prosecuting people for violating terms of service for Web-based products, website notices or employment agreements under the Computer Fraud and Abuse Act (CFAA).
On Thursday, Representative Zoe Lofgren, a California Democrat, and Senator Ron Wyden, an Oregon Democrat, introduced Aaron's Law, a bill aimed at removing some types of prosecutions under the CFAA.
The bill is named after Internet activist Aaron Swartz, who committed suicide in January while facing federal prosecution for allegedly hacking into a Massachusetts Institute of Technology network and downloading millions of scholarly articles from the JSTOR subscription service.
The bill would remove the charge of "exceeds authorized access" from the CFAA, instead creating a definition for "access without authorization." Access without authorization would include bypassing technology and physical measures through deception or through gaining access to an authorized person's credentials.
"Aaron's Law is not just about Aaron Swartz, but rather about refocusing the law away from common computer and Internet activity and toward damaging hacks," Lofgren and Wyden wrote in a joint statement. "It establishes a clear line that's needed for the law to distinguish the difference between common online activities and harmful attacks."
The bill would also narrow the penalty enhancement provisions in the CFAA, making it tougher for prosectors to seek enhanced penalties for crimes involving little financial gain.
Lofgren released a draft bill to amend the CFAA back in January, days after Swartz killed himself. The sponsors of the bill posted drafts on Reddit.
Digital rights groups have called on lawmakers to soften the CFAA after prosecutors in Massachusetts threatened Swartz with a lengthy jail sentence.
"In drafting Aaron's Law ... we did not opt for a quick fix of the CFAA that could bring with it unintended consequences," Wyden and Lofgren wrote. "Instead, we undertook a deliberative process for crafting this legislation. We reviewed extensive input from a broad swath of technical experts, businesses, advocacy groups, current and former government officials, and the public."
Demand Progress, the digital rights group Swartz cofounded, praised the legislation.