Congress' horse-and-buggy computer laws


Share
Originally Posted Online: Feb. 24, 2013, 6:00 am
Last Updated: Feb. 24, 2013, 4:26 pm
Comment on this story | Print this story | Email this story
By Michael Hiltzik

The prosecution of software programmer Aaron Swartz exposes the poorly written, anachronistic laws governing a range of computer use.

As martyrs go, Aaron Swartz was an extraordinary example of the breed. A computer programming genius, he had helped develop the social networking site Reddit and became known as a leading advocate for easy and free information sharing on the Web.

When Swartz committed suicide in January, while awaiting trial on federal computer hacking charges that could have landed him in prison for 35 years and cost him fines of $1 million, his death was seen as a reproach to overzealous federal prosecutors. But the case raises a broader issue: Why is Congress so awful at writing computer and Internet laws?

Swartz was indicted in 2011 under the Computer Fraud and Abuse Act, a 1984 law that has struggled to keep up with the times. It's been amended seven times and is more outdated than ever. The charges stemmed from his efforts to allegedly break into MIT's computer network and use it to download millions of academic articles kept by JSTOR, a nonprofit, fee-based service. Legitimate MIT users could access JSTOR articles for free. (JSTOR advocated dropping the case, but MIT did not.)

The Computer Fraud and Abuse Act, or CFAA, may be the worst of the statutes Congress has passed or debated as ways to address what is vaguely shoveled into a bin labeled "computer crime." Â But others are nearly as frightful. The Digital Millennium Copyright Act, or DMCA, of 1998 imposes excessive civil and criminal penalties for activities engaged in by many users of digital books, movies and music in the real world.

In 2011, Congress contemplated a bill called the Stop Online Piracy Act, or SOPA, which would have given owners of supposedly pirated or counterfeited property nuclear-scale weapons to use against websites they didn't like, by allowing them to simply assert rights infringement to shut down a site. SOPA was derailed by an online campaign spearheaded by, among others, Aaron Swartz.

The three laws had much in common. They were written broadly, in a fruitless effort to future-proof them against new technologies. They imposed excessive penalties, on the reasoning that if a crime is bad, it's much worse when committed with these mysterious devices called computers. And they offered special interests such as copyright claimants, corporations facing trade competition, and media conglomerates opportunities to assert new legal rights they were denied in the world of old technologies.

"Congress tries to write technology-neutral laws," says Jennifer Granick, an Internet law expert at Stanford, "but there's been a wholesale change in how we interact with computers"€ that renders these laws quickly anachronistic.

Clever lawyers and aggressive prosecutors often rush in to fill the gaps. The DMCA was originally aimed to discourage hackers from copying code-protected DVDs; but it's been cited by a garage door-opener company against a rival making universal clickers, and by desktop printer makers against knock-off toner cartridges. The recording industry threatened to prosecute Edward Feltenif he reported publicly on how he had broken the industry's digital protection technology -- an effort he undertook at the industry's invitation.

By imposing extra penalties for using a computer to do things that have traditionally been handled in civil court, "€œthese broader laws have criminalized things that are of dubious criminality,"€ Granick told me.

The CFAA is a perfect example. The measure was written as a cyberspace analogue to trespass laws. Its broadest provision says that anyone who intentionally "exceeds authorized access and thereby obtains information from any protected computer" has committed a federal crime.

This is a wide-open definition that prosecutors have used very aggressively. A "protected computer," by Justice Department definition, can be almost anything with a microchip, including your Internet-savvy refrigerator or your car. "Unauthorized access" could mean viewing a website in violation of its terms of use, that mass of impenetrable legalese that most of us click on blithely without reading, just to use the site. Do that to obtain or read any "information," and you've committed a federal crime.

If you think this is an alarmist interpretation, consider the Lori Drew case -- the €œposter child€ for CFAA overreaching, in the words of Orin Kerr, a Georgetown University cyber-law expert who argued Drew's side. She was was accused of helping set up a fake Myspace page to bully a classmate of her daughter. The classmate later committed suicide. Since there is no federal cyber-bullying statute, prosecutors charged Drew under the CFAA for violating the Myspace terms of use, which requires users to provide only accurate information about themselves. A Los Angeles jury found her guilty.

Los Angeles District Judge George Wu overturned the verdict. But ederal prosecutors have not abandoned their expansive interpretation despite its obvious absurdities: Until they were changed in March 2012, Google's terms of service required users to be of "lÂœlegal age," meaning that a middle school child conducting a Google search was theoretically committing a federal crime. So are users of dating websites who exaggerate their good points, in violation of terms of use requiring rigorous accuracy about their height, weight, physical condition and charm.

The law places a powerful weapon in the hands of employers. "The computer gives employees new ways to procrastinate by chatting with friends, playing games, shopping or watching sports highlight," wrote Appellate Judge Alex Kosinski in a ringing denunciation of the CFAA last year. "Under the broad interpretation of the CFAA, such minor dalliances would become federal crimes." His ruling upheld the dismissal of CFAA charges against a corporate headhunter who used information from his old employer computer system to start a competing company.

Efforts are underway in Congress to pare back the CFAA. Rep. Zoe Lofgren, D-Calif., has proposed Aaron'€™s Law, which would ban prosecutions based strictly on violations of a website's terms of service or an employer's policies. She would also make clear that tweaking a computer's digital signature -- as Swartz did to conceal his identity in a weeks-long cat-and-mouse game with MIT network overseers -- is not in itself a crime.

Yet nothing in Lofgren's bill would address the fundamental problem of Congress writing nonsensically laws to govern cyberspace and letting the Justice Department work out the kinks. But prosecutors always agitate for more discretion and stiffer penalties, Kerr says; that'€™s how we end up with criminal penalties for lying about one's age on a dating site.

It's also how Swartz gets threatened with 35 years in jail for downloading academic papers that MIT students could access for free. Prosecutors' goal was to pressure him to take a plea, but the instrument was put in their hands by a Congress that couldn’t be bothered to educate itself about the real world of computers and networks before legislating about it. That' the type of legislating that has to change to avoid more cases like Swartz's,
Michael Hiltzik writes for the Los Angeles Times; mhiltzik@latimes.com.
















 




Local events heading








  Today is Monday, Sept. 15, the 258th day of 2014. There are 107 days left in the year.

1864 — 150 years ago: The Rock River Illinois conference of the Methodist Church will hold its annual sessions this week in this city. About 200 ministers are expected to attend.
1889 — 125 years ago: The Brush electric company had prepared a new schedule of rates to become effective Oct. 1, with slightly increased rates to consumers.
1914 — 100 years ago: The Rock Island Aerie of Eagles made plans for the laying of the cornerstone of a new $50,000 Eagles Home. W.C. Maucker is to be master of ceremonies.
1939 — 75 years ago: Col. Charles A. Lindbergh spoke on "America and Foreign War" in a neutrality debate over nation wide radio hook-up.
1964 — 50 years ago: Two awards of the National Safety council were presented to the city of Rock Island today at noon at a meeting held in the YWCA.
1989 — 25 years ago: The final tallies are not yet in for the summer 1989 Quad-Cities tourism season, but officials are expecting the number of visitors to the area to be at least as good as, if not better than, 1988.






(More History)