Skip to main content

Sens. Introduce 'Aaron's Law' 'Fix' to CFAA

A pair of Democratic senators are introducing a bill that would reform the Computer Fraud and Abuse Act (CFAA), the law under which the late Demand Progress co-founder Aaron Swartz was prosecuted.

"Aaron's Law," backed by Rep. Zoe Lofgren (D-Calif.) and Sen. Ron Wyden (R-Ore.) would change the law so that it was no longer a federal crime to violate terms of service agreements, website notices, contracts or employment agreements with private companies, or to access information in "unexpected ways" by those with a legal right to that info.

It would also remove "exceeding authorized access" from the list of federal crimes, instead changing it to "Access without authorization" defined as "bypassing technological or physical measures via deception," which would include passwords, encryption or "locked office doors." The use of malicious code, denial of service attacks and other hacking methods would continue to be "fully prosecutable."

The bill would also set some thresholds for penalties, including that the information have a fair market value of at least $5,000. It would also hold that prosecutors could not seek enhanced penalties if the violation was committed in furtherance of a tortious (non-criminal) act or combined with other CFAA violations.

"Since we lost Aaron in January there have been good days and there have been bad days. This is a good day. Through the collective effort of the movement Aaron created at Demand Progress and through the hard work by representative Lofgren and senator Wyden, Aaron's work lives on," said David Segal, executive director of Demand Progress, in a statement. "When Aaron's Law is signed into law it will mean that Aaron will continue to do in death what he always did in life, protect the freedoms and rights of all people."