Category Archives: Aaron Swartz

My New Article for Takepart.com on what’s wrong with the CFAA

7 Things You Might Be Doing Online That Could Get You Arrested
The Computer Fraud and Abuse Act, a criminal statute originally intended to prosecute felony computer hacking, can now result in a person’s going to prison for failing to abide by a website’s terms of service or end user agreement.

(Here’s the list of references I used to write this article.)

By Lisa Rein for Takepart.com

(The CFAA) makes it illegal to intentionally access a computer “without authorization” or “in excess of authorization,” yet the meaning of those phrases is the subject of considerable dispute, and the law doesn’t provide much in the way of guidance.

Creative prosecutors have taken advantage of this confusion to bring criminal charges for acts that are more about information accessed in a way other than what was originally intended than they are about any kind of “fraud and abuse.” For instance, in Swartz’s case, his “crime” was having a script download the journal articles rather than sitting there and downloading them one at a time himself. Yet it’s not clear that such automation even violates MIT and JSTOR’s terms of service. As computer expert Alex Stamos describes it: “[Aaron] was an intelligent young man who found a loophole that would allow him to download a lot of documents quickly. This loophole was created intentionally by MIT and JSTOR, and was codified contractually” in documents revealed during the discovery phase of the government’s case against Swartz.