Death & Data What should the punishment be for a crimethat’s often benign in nature and consequence?
This past January Aaron Swartz, a brilliant young computer programmer and activist, committed suicide after apparently being harassed for over a year by federal prosecutors. Swartz, the twenty-six-year-old who helped develop the social news site Reddit and founded the Internet activist group Demand Progress, was a technological pioneer who cared as much about the next big digital breakthrough as he did about social justice.
Swartz was also very interested in how knowledge is shared in modern society, and how the concentration of knowledge behind pay-to-view barriers could cause entire segments of the population to be less educated and therefore less likely to succeed in an information-based economy. With this concern in mind, he set out to share a virtual treasure trove of academic articles from the online archive JSTOR. Swartz downloaded several million academic articles and, while he never actually published them online for anyone to see, he did receive an unwelcome visit from the government and several law enforcement agencies. Swartz was promptly charged with thirteen felony counts of hacking and wire fraud, charges that mandated decades in prison and some pretty monstrous fines.
It’s apparent now that the laws Swartz was accused of breaking are as draconian as they are obsolete. The most flawed is the Computer Fraud and Abuse Act, which contains provisions that are just plain unworkable in our interconnected world. For example, the CFAA makes it illegal to gain access to computers or websites “without authorization” or in a manner that “exceeds authorized access.” Unfortunately, authorization is never really defined by the CFAA, and that ambiguity has allowed federal prosecutors to stretch the law in order to put more people in jail.
This authorization provision effectively means that a website or blog could post a “terms of service” agreement banning, say, people with red hair from accessing that particular website. Regardless of how silly and unfair this sounds, any redhead who visited the website after that point would technically be doing so without the required authorization and would conceivably be subject to criminal charges. It doesn’t matter whether or not they knew about the red-hair provision, or whether the terms in the agreement are fair. The only thing that matters in the eyes of the law is that these red-haired criminals violated the terms of service for using that website.
Unfortunately, most of us really don’t have the time or patience to read the fine print on every “terms of service” agreement presented by programs like iTunes and online archives like JSTOR. Still, if we’re to be punished for violating the CFAA, what should the punishment be for a crime that is often benign in nature and consequence?
Swartz was charged with violating several provisions of the law by the office of U.S. Attorney Carmen M. Ortiz, who has since been decried as overzealous in her attempt to put Swartz away for as long as possible. To many, including myself, the punishment just didn’t seem to fit the crime, and the ferocity with which the Justice Department pursued the case appeared unmerited.
Swartz’s supporters argue that he wasn’t really committing a crime because he had no intention of selling the articles or harming JSTOR. They also point to the fact that visitors to MIT, the location where he downloaded the data, are allowed to download as many academic articles as they want from JSTOR while at the university. This would seem to contradict the government’s claim that Swartz accessed a protected computer and website without authorization.
In 2011 Ortiz wrote, “Stealing is stealing whether you use a computer command or a crowbar, and whether you take documents, data or dollars. It is equally harmful to the victim whether you sell what you have stolen or give it away.”
The questions we’re now forced to ask are whether or not Swartz’s actions should be considered illegal and, if so, how these illegal acts should be punished.
I firmly believe that the spread of information without monetary gain is fundamental to the advancement of human society, and I question whether Swartz’s actions are any more controversial than knowledge-sharing efforts by websites like Wikipedia. I understand that academics and researchers spend their lives gathering knowledge, and that the distribution of their hard work without compensation will adversely affect their livelihoods. But since most research projects and scientific studies receive grants from the government, it must also be noted that the public has a right to access this important information without undue financial burden.
We simply must reform the laws that apply to data theft and hacking. The CFAA is almost thirty years old, and the sector of society it attempts to regulate has changed drastically since the law’s adoption. That means concepts like “unauthorized access” must be clearly defined and updated to reflect the nature of the modern Internet. No person should be punished for the so-called unauthorized viewing of a public website, nor should we be forced to analyze thirty pages of legal jargon before we feel safe enough to use the latest app or cell phone.
Perhaps the most unfortunate aspect of this tragedy is that young innovators like Swartz are the ones who are best equipped to understand how the Internet works and what it’s likely to become in the near future. But now many of his fellow digital wunderkinder view any cooperation with the government as assisting the enemy. That’s why it’s so important that we restart the conversation over government regulation of technology and information, but this time without any recriminations or hostile attitudes. We may not have enough people like Aaron Swartz to help us in this effort if we continue along our current path of antagonism and legal overreach.