Democrat warns revamp of hacking law could take ‘a very long time’

Rep. Zoe Lofgren (D-Calif.) wants to overhaul a computer hacking law in the wake of the suicide of Internet activist Aaron Swartz, but she warns it will not be an easy task.

"I think there does need to be a broader rewrite," Lofgren told The Hill. "I think that's likely to take a very long time"

For now, Lofgren is pushing a much narrower revision to the Computer Fraud and Abuse Act, a 1986 law that makes it illegal to gain access to a computer "without authorization."

Lofgren announced a draft of her bill in a post on the social media site Reddit on Tuesday. Her bill, titled "Aaron's Law," would specify that violating a company's terms of service agreement does not constitute criminal hacking under the law.

Lofgren argues that the Computer Fraud and Abuse Act is written too broadly and allowed the government to bring "disproportionate charges" against Swartz.

In 2011, Swartz was charged with breaking into a computer network at the Massachusetts Institute of Technology and downloading 4.8 million documents from JSTOR, a subscription service for academic articles.

Swartz, an accomplished programmer who helped create Reddit, campaigned to make more online information available for free to the public. Prosecutors admit there was no evidence that he planned to profit from the academic articles.

The charges carried a maximum penalty of 35 years in prison and a fine of up to $1 million. His trial was scheduled to begin in April.

"It looks like the government used the vague wording of those laws to claim that violating an online service’s user agreement or terms of service is a violation of the CFAA and the wire fraud statute," Lofgren wrote in the Reddit post.

U.S. Attorney Carmen Ortiz, the prosecutor in charge of Swartz's case, issued a statement defending her office's conduct.

She said prosecutors offered Swartz 6 months in a low-security prison if he pled guilty. She said that his actions, while a violation of the law, "did not warrant the severe punishments authorized by Congress."

Lofgren said the case shows that it’s time for Congress to work on a comprehensive rewrite of the Computer Fraud and Abuse Act.

"We're a universe away from 1986, technologically," Lofgren said.

But she said that for now, she is working on her bill that would exclude terms of service violations from the hacking law because that is an important fix that is possible to achieve in this Congress.

She declined to discuss whether her bill is gaining support among other lawmakers.

"I never discuss with the press the private conversations I'm having with other members," she said.

But she acknowledged that some lawmakers, concerned about softening penalties for malicious hackers, might be resistant to her bill.

Rep. Darrell Issa (R-Calif.), who worked with both Lofgren and Swartz to defeat online piracy legislation last year, is launching an investigation into the prosecutors' handling of the case.

But in a conversation with The Hill, he declined to discuss revisions to the Computer Fraud and Abuse Act, saying “cybercrime and hacking has to be taken seriously.”

Lofgren said she is listening to input from Reddit users, legal experts, her colleagues and others and plans to rework the bill to address their concerns.

Internet activists flexed their political muscle last year when they staged a massive one-day online protest to kill the Internet piracy legislation backed by the entertainment industry.

But rewriting the Computer Fraud and Abuse Act, the foundational law for defining computer crime, could take years and will require a much more sustained effort and attention.