Personal Democracy Plus Our premium content network. LEARN MORE You are not logged in. LOG IN NOW >

Swartz’s Suicide Prompts Proposals To Curb DOJ’s Prosecutorial Power

BY Sarah Lai Stirland | Wednesday, January 16 2013

The suicide of Aaron Swartz, a prodigy whose technical contributions and political advocacy helped to shape the open architecture of the Internet, has revived calls to rein in the extent of the power that the Justice Department enjoys when it pursues suspects accused of computer crimes.

Swartz became the focus of a DOJ prosecution in 2011 after he allegedly violated the terms of service of JSTOR, a not-for-profit database of academic journals, by using an automated program to rapidly download in bulk almost five million articles between late September 2010 and early January 2011. Swartz downloaded the journal articles at MIT, whose network administrators then tried repeatedly to block his laptop from the university’s network. Swartz responded by changing the settings on his computer to get around these attempted virtual road blocks.

In an updated indictment filed with the federal district court for the district of Massachusetts last September, DOJ prosecutors criminally charged Swartz with violating several sections of the Computer Fraud and Abuse Act. Among other things, the DOJ charged Schwartz with violating JSTOR’s rules for using its service, fraudulently obtaining access to MIT’s network and the JSTOR database, accessing MIT’s network on an unauthorized basis, and impairing access to both JSTOR’s databases and MIT’s network while downloading thousands of journal articles en masse. Swartz potentially faced millions of dollars in fines and decades behind bars. His lawyers and family say the Justice Department prosecutors abused the power they wielded in order to coerce Swartz into a deal.

Many cyberlaw expertssay that the DOJ wouldn’t have been able to wield as much power if the Computer Fraud and Abuse Act wasn’t so vaguely written. Beyond “accessing a computer without authorization,” the law itself doesn’t provide much more detail, leaving it up to prosecutors to argue, and courts to determine, what nature of access constitutes a felony and what doesn’t.

“Since every communication with a computer is access, the distinguishing line between legal and prison is the ephemeral concept of ‘authorization.' Authorization is in the eye of the beholder," writes Jennifer Granick, the civil liberties director at Stanford University’s Center for Internet and Society in a recent blog post. Granick has also defended several hackers during her career. “Desired uses of systems can be expressed in terms of service, clickthrough notices (sometimes competing) cultural expectations, technological protection measures, employment contracts, or cease and desist letters.”

Similarly, Orin Kerr, a professor at George Washington University law school who’s seen as one of the preeminent voices on cybercrime law, has argued in the past that the law is too vague because it could make the violation of any contract a crime, regardless of the alleged crime’s impact. (But in Swartz’s case, he argues that the Justice Department brought the case based on a fair reading of the law — the question is whether they should have brought the case against him at all.)

To address these concerns, Rep. Zoe Lofgren is working on a bill that would specify that violations of terms of service contracts and employment agreements governing computer use are not a form of “unauthorized access” under the criminal code.

Lofgren posted a discussion draft of the proposed legislation on the social news site Reddit on Tuesday night. Harvard Law professor Larry Lessig, a friend and mentor to Swartz, posted a comment there saying he thought it was a good idea.

The California lawmaker’s move to amend the legislation is just the latest legislative attempt to fix what many critics are calling a crucial flaw in the law that gives the DOJ to much leeway in the way it pursues its cases against anyone accused of hacking.

Patrick Leahy, chairman of the Senate Judiciary Committee, has repeatedly tried to add an amendment with similar language to various legislative vehicles in the past couple of years. However, the status of that effort is in doubt, as the Electronic Frontier Foundation recently pointed out, because the Justice Department is pushing to expand its powers as part of the administration’s push on cybersecurity.

In testimony prepared for the Senate Judiciary Committee from November 2011, the DOJ explicitly opposed narrowing the definition of what “unauthorized access” means.

“We are concerned that that restricting the statute in this way would make it difficult or impossible to deter and address serious insider threats through prosecution,” according to testimony submitted at the time by Richard Downing, the DOJ’s deputy chief of its computer crime and intellectual property section of its criminal division.

He then proceeded to name several cases whereupon prosecutors had successfully used to the law and its wording to go after individuals who had done nefarious things in different circumstances. In one example, Downing recalled a case where a police officer leaked information from a law enforcement database to a defense investigator in a drug trafficking case. Federal prosecutors successfully used the Computer Fraud and Abuse Act and its language on unauthorized access to argue that the officer had exceeded the authority given to him when accessing the database for an improper purpose.

The courts, however, are split on the issue. While a 9th Circuit appeals court has decided that the language should be interpreted narrowly, the 5th, 7th and 11th circuits have interpreted the law as is, setting up the issue for the Supreme Court to potentially settle.

Some believe the recent focus on the Computer Fraud and Abuse Act is misguided, and that changing the wording in the law wouldn’t have helped Swartz much because DOJ attorneys have access to a broader range of legal tools they did and could have used against Schwartz. (The DOJ charged Swartz with wire fraud too.)

“There’s all kinds of statutes you can use,” noted Nick Akerman, a former federal prosecutor at the DOJ and trial lawyer and partner in the New York City offices of Dorsey, a law firm. “The whole idea that somehow changing this unauthorized access makes a difference is nothing more than saying whether this person had permission or did not have permission. That only begs the question of whether this case was worthy of being brought or not in the first instance under any fraud statute.”

News Briefs

RSS Feed tuesday > Reboots As a Candidate Digital Toolkit That's a Bit Too Like launched with big ambitions and star appeal, hoping to crack the code on how to get millions of people to pool their political passions through their platform. When that ambition stalled, its founder Nathan Daschle--son of the former Senator--decided to pivot to offering political candidates an easy-to-use free web platform for organizing and fundraising. Now the new is out from stealth mode, entering a field already being served by competitors like NationBuilder, Salsa Labs and And strangely enough, seems to want its early users to ask for help. GO

Armenian Legislators: You Can Be As Anonymous on the 'Net As You Like—Until You Can't

A proposed bill in Armenia would make it illegal for media outlets to include defamatory remarks by anonymous or fake sources, and require sites to remove libelous comments within 12 hours unless they identify the author.


monday >

The Good Wife Looks for the Next Snowden and Outwits the NSA

Even as the real Edward Snowden faces questions over his motives in Russia, another side of his legacy played out for the over nine million viewers of last night's The Good Wife, which concluded its season long storyline exploring NSA surveillance. In the episode titled All Tapped Out, one young NSA worker's legal concerns lead him to becoming a whistle-blower, setting off a chain of events that allows the main character, lawyer Alicia Florrick (Julianna Margulies), and her husband, Illinois Governor Peter Florrick (Chris Noth), to turn the tables on the NSA using its own methods. GO

The Expanding Reach of China's Crowdsourced Environmental Monitoring Site, Danger Maps

Last week billionaire businessman Jack Ma, founder of the e-commerce company Alibaba, appealed to his “500 million-strong army” of consumers to help monitor water quality in China. Inexpensive testing kits sold through his company can be used to measure pH, phosphates, ammonia, and heavy metal levels, and then the data can be uploaded via smartphone to the environmental monitoring site Danger Maps. Although the initiative will push the Chinese authorities' tolerance for civic engagement and activism, Ethan Zuckerman has high hopes for “monitorial citizenship” in China.


The 13 Worst Bits of Russia's Current and Maybe Future Internet Legislation

It appears that Russia is on the brink of passing still more repressive Internet regulations. A new telecommunications bill that would require popular blogs—those with 3,000 or more visits a day—to join a government registry and conform to government-mandated standards is expected to pass this week. What follows is a list of the worst bits of both proposed and existing Russian Internet law. Let us know in the comments or on Twitter if we missed anything.


Transparency and Public Shaming: Pakistan Tackles Tax Evasion

In Pakistan, where only one in 200 citizens files their income tax return, authorities published a directory of taxpayers' details for the first time. Officials explained the decision as an attempt to shame defaulters into paying up.


wednesday >

Facebook Seeks Approval as Financial Service in Ireland. Is the Developing World Next?

On April 13 the Financial Times reported that Facebook is only weeks away from being approved as a financial service in Ireland. Is this foray into e-money motivated by Facebook's desire to conquer the developing world before other corporate Internet giants do? Maybe.


The Rise and Fall of Iran's “Blogestan”

The robust community of Iranian bloggers—sometimes nicknamed “Blogestan”—has shrunk since its heyday between 2002 – 2010. “Whither Blogestan,” a recent report from the University of Pennsylvania's Iran Media Program sought to find out how and why. The researchers performed a web crawling analysis of Blogestan, survey 165 Persian blog users, and conducted 20 interviews with influential bloggers in the Persian community. They found multiple causes of the decline in blogging, including increased social media use and interference from authorities.