Is the Federal Cyber-Crime Crackdown the Next War on Drugs?

Months after Aaron Swartz’s suicide, the Computer Fraud and Abuse Act is still tossing longtime prison sentences at small-time crimes.

If you were waiting for Congress to fix the extremes of the law that pushed Aaron Swartz to the edge, your wait is not over. (Photo: Noah Berger/Reuters)

Apr 23, 2013· 3 MIN READ
Matt Fleischer is a TakePart contributor who was awarded a Fund for Investigative Journalism grant for his series “Dangerous Jails.”

When electronic activist and online pioneer Aaron Swartz committed suicide earlier this year, there was an immediate outcry to change the criminal justice code that some feel pushed Swartz to his death: the Computer Fraud and Abuse Act (CFAA).

Prosecutors used the CFAA to threaten Swartz with a 35-year prison sentence for allegedly using Massachusetts Institute of Technology computers to hack into the academic database JSTOR and publish its archives of academic and library journal articles for free public consumption.

Amid the outcry over Swartz, U.S. Congresswoman Zoe Lofgren introduced a new bill, Aaron’s Law, designed to curb the excesses of the CFAA. That bill appears to be stalled—it hasn’t been formally presented for a vote. In the meanwhile, the government is moving full-bore forward in pushing similar extreme CFAA cases.

Last month, Matthew Keys, a social media editor for Reuters, was accused by the government of conspiring with Anonymous to hack into the website of the Los Angeles Times.

A former employee of the Tribune Company-owned Fox affiliate KTXL in Sacramento (Tribune owns the Times), Keys allegedly gave away login keys to the Tribune website in an online chat room. A hacker, the indictment alleges, then used the login data to access and alter the online version of an LA Times news story to read: “Pressure builds in House to elect CHIPPY 1337.”

Keys was suspended from his Reuters social-media duties after his indictment, and has since been fired. Unemployment is not his most pressing concern.

For conspiring to participate in the creating of a wacky headline, Keys faces 25 years in prison under the CFAA—a more severe sentence than he would have faced had he kidnapped and raped the former employer who left him supposedly disgruntled.

Several years ago, a Missouri woman, Lori Drew, was brought up on charges of violating the CFAA for lying about her age on Myspace. Just about anyone who uses the Internet has violated a terms of service contract—even if they weren’t aware of it.

“Commit a crime with a computer, and you face double or even 10 times the prison time you would face if you committed same crime in the real world,” Trevor Timm, an activist with the Electronic Frontier Foundation, tells TakePart.

According to its interpretation of the CFAA, the U.S. Justice Department considers violating the “terms of service” of websites such as Facebook a criminal offense.

“These terms of services contracts between two private parties are written as broadly as possible,” explains Timm. “It’s a contract between private parties. This is not a criminal matter—under several hundred years of statutes. But that’s not the case online, according to the justice department. This is a crime people can be prosecuted for.”

Several years ago, a Missouri woman, Lori Drew, was brought up on charges of violating the CFAA for lying about her age on Myspace. Timm argues that just about anyone who uses the Internet has violated a terms of service contract—even if they weren’t aware of it.

“The government isn’t going to go after the vast majority of people who violate these contracts. The problem is that it allows them to wield this law as a sword and go after anyone they choose, instead of going after real criminals.”

As Keys’s case demonstrates, despite the backlash against the CFAA after Swartz’s suicide, the government appears to have no intention of easing the penalty scheme for accused cyber-crimes any time soon.

Earlier this month, instead of pushing for Aaron’s Law or a comparable measure, the powerful House Judiciary Committee drafted revisions to the CFAA that would enhance the prosecutorial sweep of the CFAA.

“The House Committee went in the completely opposite direction,” says Timm. “The proposed changes codified the criminalization of terms of service violations and doubled and tripled the penalty for online crimes.”

The proposed CFAA provisions left former Justice Department prosecutor and current George Washington University law professor Orin Kerr baffled:

“If I read it correctly, the language would make it a felony to lie about your age on an online dating profile if you intended to contact someone online and ask them personal questions. It would make it a felony crime for anyone to violate the TOS on a government website. It would also make it a federal felony crime to violate TOS in the course of committing a very minor state misdemeanor. If there is a genuine argument for federal felony liability in these circumstances, I hope readers will enlighten me: I cannot understand what they are.”

Under public pressure from the EFF, First Amendment- and online-activist groups, the proposed revisions were quietly put to pasture days after their proposal, says Timm.

That setback doesn’t, however, mean they can’t be revived when the public is less vigilant.

Should lying on a social media profile be prosecuted as a felony crime? Explain why not or why or in what context in COMMENTS.