"Aaron's Law," a proposed overhaul of the Computer Fraud and Abuse Act (CFAA) that would rein in legislation which privacy rights advocates have long argued has been misused by overzealous prosecutors, has returned to the docket in Congress, according to NakedSecurity.
The action comes two years after U.S. Rep. Zoe Lofgren (D.-Calif.) introduced legislation to deter the CFAA from being used to go after cases like those faced by Aaron Swartz, a 24-year-old Harvard researcher and internet activist who faced computer intrusion, fraud and data theft charges.
Swartz was accused of downloading 4.8 million articles from subscription-based journal archive JSTOR with the intention of redistributing them for free. He faced a 35-year maximum sentence plus restitution and a fine of $1 million. He committed suicide in January 2013. As it currently stands, the CFAA could potentially jail computer users who violate a website's terms of service or employer agreement.
Rep. Lofgren argued that the law went beyond its original anti-hacking intent and was broadened by prosecutors to hand out "inordinately severe criminal penalties for less-than-serious violations." Aaron's Law would alter the definition of “access without authorization” in the CFAA to refocus efforts away from "common computer and internet activities" to "truly malicious hackers and bad actors," such as those sending fraudulent emails, inserting malware or viruses, or launching denial-of-service attacks.
Companion House and Senate bills have garnered bipartisan support.