A proposal in the U.S. Congress to strengthen the penalties in the Computer Fraud and Abuse Act is a "giant leap in the wrong direction" for digital rights activists calling for changes in the law after the suicide of hacktivist Aaron Swartz earlier this year.
The draft legislation, uncovered by tech policy blog Techdirt this week, would expand the CFAA by raising the penalties for some hacking-related crimes and expanding activities covered by the statute.
The draft legislation, being circulated by staff of the U.S. House of Representatives Judiciary Committee, comes as several lawmakers and digital rights groups have called for a rewrite of CFAA to rein in some types of prosecutions after Swartz's suicide.
Swartz died in January while facing federal prosecution for allegedly hacking into a Massachusetts Institute of Technology network and downloading millions of scholarly articles from the JSTOR subscription service. Swartz wanted to make the articles available for free.
"Apparently, the House Judiciary Committee has decided to raise a giant middle finger to folks who are concerned about abuses of the CFAA," Techdirt editor Mike Masnick wrote. The draft legislation is "so bad that it almost feels like the Judiciary Committee is doing it on purpose as a dig at online activists who have fought back" against the CFAA and other laws, he added.
The draft bill is just the beginning of a process to amend the CFAA, a committee staffer said. The draft is being circulated to generate discussion and to "bring everyone to the table to make any necessary changes or improvements to the proposal," the aide said by email.
Demand Progress, the digital rights group co-founded by Swartz, said it will oppose efforts to pass the draft bill.
"This proposal is a giant leap in the wrong direction and demonstrates a disturbing lack of understanding about computers, the Internet and the modern economy," David Segal, the group's executive director, said in an email.
The proposal would not only allow prosecutors to charge suspects for exceeding authorized access of a computer system, including misusing an employer's computers, as the CFAA does now, but also for planning to do so, Demand Progress said.
"Under the current law, if you check your March Madness [basketball] bracket at work you could be prosecuted for a federal crime," the group said. "Under this proposal, if you plan to check your bracket at work you could be prosecuted for a federal crime."
The draft is "wholly unacceptable," Segal said. "This proposal should be a wake-up call to every computer user in America."
Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is [email protected]