‘Aaron’s Law’ Proposes Reining in Federal Anti-Hacking Statute

The suicide last month of coder and internet activist Aaron Swartz prompted an outcry about the manner in which a U.S. attorney used anti-hacking legislation to launch a heavy-handed prosecution for what many considered a minor infraction.

Federal prosecutors in Boston defended their actions, saying they were only upholding the Computer Fraud and Abuse Act, under which Swartz was charged.

But two lawmakers are proposing long-overdue changes to the law that would help prevent prosecutors from overreaching in their use of the law, as has occurred in a number of cases in recent years.

The amendments, referred to as Aaron’s Law by Rep. Zoe Lofgren (D-Calif.) and Sen. Ron Wyden (D-Oregon), exclude breaches of terms of service and user agreements from the law and also limits the scope of the definition of unauthorized access to make a clear distinction between criminal hacking activity and simply acts that exceed authorized access on a minor level.

Source: www.wired.com...
PDF of Proposed Bill: www.wired.com...

Ron Wyden just became more awesome in my book. So far he's tried to save us from drone attacks, SOPA, various assaults on the 4th amendment and now this.

Since ATS is so full of keyboard warriors, please, put your keyboards to good use and email your Senators telling them to support this bill!

The thought that "electronic" crime could carry more time than harming another human being is absurd.

The legal system has become about protecting corporate profits and keeping the disadvantaged locked up than about justice.

I am a believer in no Internet hacking laws at all, but I will support this as a starting point.

Sad thing is, the people passing these laws wouldn't know what a SQL injection, forced packet, etc is if slapped them in the face, so to speak.

In my opinion, if you want to be sure you keep your info safe... Don't put it on the www. There are other ways to share confidential info, people are just too lazy to explore all the avenues.

SnF for the thread.

I don't say that often

Im very glad to hear this.

Whats really crazy is this is what Anon said needed to happen to prevent thier "warhead" from going off.

Didnt they say it would take players that where not in top positions but key position to bring about the change they sought?

Did the US government just negotiate with "terrorist".... (im not against this if they did) .

Thats perhaps its own thread (Anybody feel free to use that if they want) but If they did than Anon, way to watch out for your brethren.

reply to post by CitizenJack


Much like the drug cartel that released the hacker they held when threatened by ANON.

Makes me wonder what the hell kind of info they had if that was the motivation behind this...

reply to post by benrl


I tend to think this gives them credibility, I know alot of people knock them or call them CIA or what not.
But it seems they know what they are doing.

Its not like the gov can send them an email and say lets work something out.
So they release a news story pretty much saying.. ok ok your right we are being dicks and our laws need reworking you just put the "warhead" away and well take care of this. Knowing that Anon is paying attention.

I wonder if Anon will issue a response?

Originally posted by YouAreLiedTo
Sad thing is, the people passing these laws wouldn't know what a SQL injection, forced packet, etc is if slapped them in the face, so to speak.

Thing is, those are actually real hacks. All Aaron did was download material that was freely made available to download in the first place. He just downloaded a LOT of it, which irritated MIT, but even they said they didn't want any charges filed for anything.

The problem is when you have technologically illiterate people in the DOJ making decisions about matters they have no understanding of. They just think "hacking = oooh bad" just like a monkey thinking "shiny thing = me want."

In addition to this bill which is a good start, I think there needs to be some rules in place that dictate that anyone making a decision with regards to computer crime (such as whether or not to prosecute) needs to have an actual understanding of the technological underpinnings of the matter they're making a decision on.

reply to post by benrl

The thought that "electronic" crime could carry more time than harming another human being is absurd.

Maybe not outright assault or murder, but even digital property is still property. You wouldn't want someone using your credit card to purchase massive amounts of gay pornography or stealing the password on your WoW accounts and selling all your hard earned gear and items.

reply to post by YouAreLiedTo

I am a believer in no Internet hacking laws at all, but I will support this as a starting point.

Have you ever been hacked? Has your website been vandalized? Did you smile and say "This is freedom, this is what i want."

Hackers are criminals. They vandalize other peoples property for there own gain. The make Victims, they are not saving anyone.

There are other ways to share confidential info, people are just too lazy to explore all the avenues.

Nice way to blame the crime of identity theft on the people who are the victims.

Originally posted by TsukiLunar
Hackers are criminals.

This is really an ignorant statement and epitomizes exactly the problem that led to the whole Aaron fiasco. 'Hacking' is just a tool, that can be used for good purposes, or criminal purposes, or neutral purposes. Jailbreaking an iPhone, rooting and Android, or even using Game Genie codes for a video game console are all considered hacking, but none are illegal.

Sure, some choose to use their knowledge for ill-gotten financial gain, and do things like steal identities and credit card numbers. Some choose to distribute viruses and spyware. Some choose to run bogus craigslist scams, distribute spam, and run email scams. Those people should of course be hunted down and prosecuted. But that's not what this discussion is about. This discussion is about the need for better laws that prevent the heavy-handed, irresponsible use of computer crime laws that are intended to prevent the latter, to prosecute the former.

Companies and government officials become their own worst enemy when they ostracize and alienate white-hat hackers, because who is going to protect them from the black hats? If I find a security hole in a company website, and faithfully report it to them so they can fix it, and they turn around and prosecute me for it, I guarantee nobody will bother to tell them about their security flaws again. Then their systems will remain wide open to attack, and they'll figure it out the hard way when an actual criminal comes along and exploits the weakness for malicious purposes.

reply to post by SilentKoala


My statement was not to put a net over all hackers. Merely the ones that do it for nefarious purposes. I enjoy a "no-cd crack" as much as the next man, but its not the same thing as identity theft and vandalism. Or just hacking for the lulz.

I hope if my first post was unclear, that this one clears up any confusion.

The legal system is well aware that it is trying to catch up to the new capabilities, options and repercussions of emerging technology. Good to see that a more reasonable approach is being considered from the heavy handed tactics used more to discourage than resolve the conflict in a just way.

reply to post by TsukiLunar


Understood, brother.