Do you know what foreign countries want to control? Do you know what military regimes use to spy, to oppress, and to attack both public and private institutions with? Do you know what law enforcement and intelligence agencies want to mine and monitor? It's called the World Wide Web. I am sure everyone here has at least used it at least once as it's a powerful tool. As Ben Parker in Spider-Man says, “with great power comes great responsibilities.” The internet and citizens around the world are in grave danger due to the Computer Fraud and Abuse Act (abbreviated CFAA henceforth). It has already taken at least one life. His name is Aaron Swartz. Since his life was taken, there was a bill created called Aaron’s Law. The internet and I need your help to get congress to discuss this law.
The Computer Fraud and Abuse Act, also known as the CFAA, was created by the Reagan administration and enacted by congress in 1986 as an amendment to the existing computer fraud law (18 United State Code Section 1030). It was known as the Counterfeit Access Device and Abuse Act. In 1996, the CFAA was, once again, broadened by an amendment that replaced the term “federal interest computer” with the term “protected computer.” It is now 2017 and we need congress to re-examine the act in order to make improvements to match today's society's usage of the internet.
The CFAA states, “whoever intentionally access a computer without authorization or exceeds authorized access, and thereby obtains information from any protected computer if the conduct involved an interstate or foreign communication shall be punished under the Act.” Along with that, there are seven different types of criminal activity mentioned in the CFAA. They are as follows: obtaining national security information, compromising confidentiality, trespassing in a government computer, accessing information to defraud and obtain value, damaging a computer or information, trafficking in passwords, and threatening to damage a computer.
The CFAA was intentionally made broad and used words with many meanings. One example of how broad it is: the CFAA does not define what "authorization" means. When the Reagan Administration created the CFAA, it also did not define "obtaining information." Obtaining information can range from downloading top secret government emails from the Secretary of State's personal server to simply loading Google. It is against the CFAA to partake in "inter-state or foreign communication," yet that is exactly what you are doing if you access your Facebook from outside of California (where Facebook's HQ is located).
There is a court case that is famous to activists and online trolls: United States v. Lori Drew. Lori was charged and convicted of a misdemeanor in violations of the CFAA over the cyber-bullying of a 13-year-old, Megan Meier, who committed suicide. Lori made a fake MySpace profile, and used it to torment one of her teenage daughter’s enemies until Megan decided to kill herself. Creating a fake profile on Myspace goes against their Terms of Service. A judge eventually removed Drew’s conviction- arguing that it was inappropriate to interpret the CFAA.
Members of Anonymous set up a petition on the White House official website on January 7, 2013, that asked the government to recognize the distributive denial of service attack (also known as DDoS), as a valid form of protest. DDoS is the practice by which a website’s servers are flooded with requests until they become overloaded- taking the website offline. The petition compares it to “repeatedly hitting the refresh button on a webpage.” TechDirt described DDoS as a “modern equivalent to the sit-in,” a civil disobedience tactic popularized by student activists in the 1960's. Clog the hallway of a government office with enough people, and it effectively ceases to function; direct enough traffic to a website, and the same thing happens. According to The White House website, on January 13, 2015, President Obama announced a "New Cybersecurity Legislative Proposal" to make harsher punishments for hackers and hacktivists.
According to The Electronic Frontier Foundation, Aarons Law removes the vague phrase “exceeds authorized access” and clarifies the definition of “access without authorization.” In addition to fixing these definitions, the bill incorporates judgments from the Fourth and Ninth circuits, which held that access in violation of private contracts, like employer agreements and terms of service, are not criminal offenses under the CFAA. With the current writing of the CFAA, you can be charged with multiple charges for one underlying criminal action. These are just a few of the many things that Aarons Law would change.
Aarons Law has been waiting to be brought up in congress for four years now. If you believe that congress needs to at least look over the CFAA and/or Aarons Law, NOW is the time to tell your representatives. NOW is the time to ask congress for an informed public debate to ensure lawmakers make the right choices- the ones which fully preserve the vital openness of the Internet and the privacy/civil liberties of its users.
There is very easy and simple way to message your local congressmen and woman: by clicking here.
To submit your stories of police/government abuse, visit our contact page.