Aaron Swartz, vindicated

Van Buren and the CFAA.

Cory Doctorow

--

A 2009 portrait of Aaron Swartz. Image: Sage Ross https://commons.wikimedia.org/wiki/File:Aaron_Swartz_2_at_Boston_Wikipedia_Meetup,_2009-08-18.jpg CC BY-SA: https://creativecommons.org/licenses/by-sa/2.0/deed.en

It’s been eight years since Aaron Swartz took his own life. Aaron had been charged with 13 felonies under the Computer Fraud and Abuse Act (CFAA) for violating the terms of service on the JSTOR database of scholarly articles.

Prosecutors Stephen Heymann and Carmen Ortiz didn’t dispute that Aaron was allowed to access the articles he retrieved. Rather, they said that the WAY he accessed them (using a script instead of clicking on links) was a terms-of-service violation and hence a crime.

In other words: any business could conjure a felony out of thin air by making you click through an unreadable garbage-novella of legalese proscribing the use of a service they granted you access to. Violate any of those terms and you face a prison sentence.

This isn’t law as we know it, it’s Felony Contempt of Business Model, and the most alarming thing was that this interpretation of the CFAA wasn’t completely ridiculous, given how badly drafted that law is.

Ronald Reagan signed CFAA into law. Fed prosecutors had been seeking broad authority to punish “hacking” and had drawn up an absurdly broad definition of cybercrime that would give them latitude to go after anyone they didn’t like.

--

--