The suicide of Internet activist Aaron Swartz on Friday has sparked a new debate about how the legal system should treat alleged computer crimes.
Swartz was facing an April trial date for wire fraud, computer fraud and a host of other counts that could have landed him in federal prison for 35 years. His crime? Swartz allegedly used the Massachusetts Institute of Technology's computer network to download millions of scholarly articles from the nonprofit academic publisher JSTOR. In the process, he apparently evaded controls that were meant to limit the number of articles that could be downloaded.
No one ever disputed that Swartz's motive was to make the articles more accessible. In fact, he seems to have acted out of deep-seated, long-held belief that spreading information served a public good. Many other academics agreed with Swartz; this weekend, a good many of them tweeted links to PDFs of their own scholarly papers.
Before the JSTOR incident, Swartz played a pivotal role in helping to launch RECAP -- a browser add-on that lets people access federal court documents for free. The federal PACER system charges users 10 cents a page to access public records, but some libraries had terminals that offered free access to the documents. Swartz went to one and downloaded millions of pages in order to make them available on RECAP. Before that, when Swartz was still a teenager he helped create RSS.
But the government, unimpressed with Swartz's motives, was insisting that he serve jail time for downloading the JSTOR papers, according to The Wall Street Journal. What's remarkable about that stance is that JSTOR itself had no interest in pursuing charges. JSTOR said today that Swartz returned the data and settled civil claims in June of 2011. "The case is one that we ourselves had regretted being drawn into from the outset, since JSTOR’s mission is to foster widespread access to the world’s body of scholarly knowledge," the organization stated.
Regardless of JSTOR's preferences, once the criminal prosecution was set in motion, it was hard to stop it. The charges themselves appeared to be legally sound, according to computer fraud legal expert Orin Kerr. "I think the charges against Swartz were based on a fair reading of the law," he writes today on the Volokh conspiracy blog. (Kerr previously represented Lori Drew, who was accused of computer fraud law for violating MySpace's terms of service by helping to create a fake account; teenagers later used that account to torment 13-year-old Megan Meier, who ultimately committed suicide.)
But if Kerr is right, and the case was based on a legitimate interpretation of the 1986 Computer Fraud and Abuse Act, that only highlights the myriad array of problems with that law. The most significant is that the anti-hacking statute makes it a crime for people to exceed authorized access to a computer. But the phrase "exceed authorized access" is so vague that no one knows what it means.
For instance, one defendant, David Nosal, was convicted for encouraging former co-workers to violate their employer's computer policies by downloading contact lists; the company's policy prohibited disclosure of confidential information. Last year, the 9th Circuit Court of Appeals threw out charges based on that allegation. But other courts have come to the opposite conclusion and ruled that employees can be prosecuted for computer fraud for disregarding their employers' computer policies.
Last year, Sens. Al Franken (D-Minn) and Chuck Grassley (R-Iowa) introduced an amendment to the Computer Fraud and Abuse Act that would make it clear that violating a private company's terms of service isn't a crime. The proposal hasn't yet gone anywhere.
Of course, even if the prosecution could have convicted Swartz, that doesn't mean the government should have done so. Unlike defense attorneys, or civil litigators, prosecutors have an ethical mandate to seek justice, not merely win cases. That means they are supposed to exercise discretion.
In this case, the prosecutors exercised extremely poor judgment by insisting on jail time for a victimless crime aimed at making the world a better place. As of Monday afternoon, more than 15,000 people have signed an online petition demanding the removal of the U.S. Attorney in Massachusetts, Carmen Ortiz, who was responsible for prosecuting Swartz.
https://petitions.whitehouse.gov/petition/remove-united-states-district-attorney-carmen-ortiz-office-overreach-case-aaron-swartz/RQNrG1Ck
Here's an example of the danger. If a big company like facebook or google which has a lot of users doesn't like the 2nd Amendment, they can change their TOS to ban access by gun owners. Next time they use the site, these gun owners become criminals and lots of people unwittingly lose their constitutional right to bear arms. It's theoretical, but it could happen, and no private company should have that type of power.