Death of Swartz could yield reform of anti-hacking law

That decision said employees who violate their organization's user policies – which may include something as simple as visiting a website they are not supposed to – do not violate the CFAA. The ruling (PDF) involved the case of David Nosal, a former manager at executive search firm Korn/Ferry. He was charged with convincing three of his former co-workers to use their valid login credentials to access and download customer lists and then transfer them to him so he could start a competing company.

Swartz, meanwhile, allegedly used a software program to automate the downloading process and evade detection by monitoring systems, prosecutors said. The massive amount of downloads damaged JSTOR's computers, brought down some of its servers and prevented some MIT computers from accessing research.

But according to an expert witness who was helping the defense prepare for Swartz's upcoming trial, MIT's network is widely known as one of academia's most open and unrestricted, and, while Swartz allegedly broke into a wiring closet and used a custom computer script that enabled him to download the mass quantity of articles, he did not perpetrate a conventional hack.

"Aaron did not use parameter tampering, break a CAPTCHA, or do anything more complicated than call a basic command line tool that downloads a file in the same manner as right-clicking and choosing 'Save As' from your favorite browser," said the witness, Alex Stamos, CTO of Artemis Internet.

In addition to Logren's measure, a petition has been filed to reform the CFAA, as well as another to remove from office the prosecutor in Swartz's case, Carmen Ortiz. The White House must respond once 25,000 signatures are reached.