As predicted, the suicide of Aaron Swartz, the widely admired hacktivist who helped create RSS and Reddit, has provoked at least one lawmaker to seek changes in the Computer Fraud and Abuse Act, or CFAA -- the law that federal prosecutors were using to try to send Swartz to prison.
Enacted in 1986, the act bars "unauthorized access" to government and financial data or to "protected" computers used in or affecting interstate commerce (e.g., Web servers). Its broadest provision outlaws accessing "protected" computers without authorization and with intent to defraud, obtaining anything worth more than $5,000.
Swartz was charged with three different violations of the act as well as committing wire fraud, which involves using communications technology to defraud someone or obtain property under false pretenses. Federal prosecutors reportedly demanded that Swartz go to prison as part of any plea deal; after Swartz's suicide, his family said that this pressure was at least partly to blame.
This week, Rep. Zoe Lofgren (D-San Jose) started floating a draft bill that would narrow the scope of the computer fraud act and the wire fraud law, addressing one of the ways prosecutors have stretched those laws to cover all sorts of alleged digital misdeeds. Her bill, which she dubbed Aaron's Law, would say that gaining access to or altering information in violation of a website's, ISP's or employer's terms of service or acceptable use policy was not, in and of itself, illegal.