
Rep. Zoe Lofgren Introduces Aaron's Law [pdf] - luigi
http://www.lofgren.house.gov/images/stories/pdf/draft%20lofgren%20bill%20to%20exclude%20terms%20of%20service%20violations%20from%20cfaa%20%20wre%20fraud%20011513.pdf
======
tptacek
Would Aaron's Law have helped Aaron? Both Orin Kerr and Jennifer Granick have
said that his actions in evading filtering and shutoffs on MIT's networks
would have created a plausible argument for the prosecution that he had been
evading specific code-based authorization mechanisms and would have known his
access was unauthorized.

If you read Reason, you're immediately suspicious of laws with people's names
on them; they're often more about PR than about well-thought-out policy
changes.

Granick makes pretty good arguments that it's the sentencing structure of CFAA
that creates the largest problems (a low evidentiary standard for establishing
damages, not to mention the ridiculousness of criminal sentences that scale
with the number of documents you download). But more importantly,
prosecutorial misconduct is at the heart of this case. Surely we're going to
do something about that, right?

Obviously, I don't think TOS violations should be felonies, for whatever
that's worth. Lessig, on Reddit, says it's critically important.

~~~
jacquesm
I read the Granick piece. One thing that strikes me as completely absurd is
that the plea deal is for a substantially lower sentence and that if the plea
deal is rejected the prosecution will go for a much higher punishment,
sometimes as much as 10 times as much as offered in the deal. It would seem to
me that if you offer a guilty plea that is 10% of what you intend to seek that
if such an offer is on the record that a small multiple of that (say twice as
much) should become the new maximum sentence. It's utterly frivolous to mess
around with 90% or more of a sentence just to put pressure on people, that's
poker table tactics and we're dealing with people's lives here.

The most worrying bit is the part where she says that people will plead guilty
to things they did not actually do just to _not_ have the chance at a much
worse sentence during a trial stacked against them. This is not about justice
at all, it's just a numbers game.

~~~
marshray
> is rejected the prosecution will go for a much higher punishment, sometimes
> as much as 10 times as much as offered in the deal

In this case it sounds like the prosecutor was going for 70x the plea offer
before the plea was even rejected. Simply outrageous.

~~~
btilly
Not exactly. The statutory limit was that much. The prosecutor claimed to be
planning to press for about 12-14x the plea offer.

~~~
maratd
> The prosecutor claimed to be planning to press for about 12-14x the plea
> offer.

Is that better? There comes a point where it doesn't make a difference
anymore.

Ever see a sale like that? Where one day something costs 10 bucks and then the
next day it's 170? Me neither. That's not a deal. It's blackmail. Do what we
want or we'll do our best to destroy your whole life. Justice, eh?

~~~
foxbunny
We'll let you off the hook if you pay us $200 of the $2000 that you may or may
not actually owe us. And just in case you've missed it, there are four snipers
at the top of the roof. I don't know what they're doing there, but thought you
might wanna know.

------
bhousel
The important stuff:

 _SEC. 2. ELIMINATION OF CERTAIN VIOLATIONS OF AGREEMENTS OR CONTRACTUAL
OBLIGATIONS, RELATING TO INTERNET SERVICE, FROM THE PURVIEW OF CERTAIN
CRIMINAL PROHIBITIONS. (a) FRAUD AND RELATED ACTIVITY IN CONNECTION WITH
COMPUTERS. - Section 1030(e)(6) of title 18, United States Code, is amended by
striking ‘‘alter;’’ and inserting the following: ‘‘alter, but does not include
access in violation of an agreement or contractual obligation, such as an
acceptable use policy or terms of service agreement, with an Internet service
provider, Internet website, or employer, if such violation constitutes the
sole basis for determining that access to a protected computer is
unauthorized;’’._

 _(b) FRAUD BY WIRE, RADIO, OR TELEVISION. - Section 1343 of title 18, United
States Code, is amended by inserting after the first sentence the following:
‘‘A violation of an agreement or contractual obligation regarding Internet or
computer use, such as an acceptable use policy or terms of service agreement,
with an Internet service provider, Internet website, or employer is not in
itself a violation of this section.’’._

It essentially means that violating a TOS will not longer be considered "wire
fraud".

The law, currently:

18 U.S.C. § 1030: <http://codes.lp.findlaw.com/uscode/18/I/47/1030>

Summary:
[http://www.justice.gov/usao/eousa/foia_reading_room/usam/tit...](http://www.justice.gov/usao/eousa/foia_reading_room/usam/title9/48mcrm.htm)

18 U.S.C. § 1343: <http://codes.lp.findlaw.com/uscode/18/I/63/1343>

Summary:
[http://www.justice.gov/usao/eousa/foia_reading_room/usam/tit...](http://www.justice.gov/usao/eousa/foia_reading_room/usam/title9/43mcrm.htm)

~~~
tedunangst
And the important question: was jstor's tos the only mechanism used to deny
Aaron access?

~~~
bhousel
No, there were other mechanisms used to deny Aaron access to the JSTOR archive
(and he made several attempts). I don't think this law change would have
affected Aaron's case at all.

What he did was still plausibly wire fraud, computer fraud, unauthorized
access, and computer damage.

Edit: To those downvoting me, please read Orin Kerr's take on this case here:
<http://www.volokh.com/2013/01/14/aaron-swartz-charges/>

The charges against Aaron do appear legit, and I don't see how changing the
definition of wire fraud to exclude TOS violations would have affected Aaron's
case. Set aside the issue of whether you think the prosecution pursued Aaron's
case too aggressively (I think they did) or whether you think the permissible
sentences for these crimes are fair (I think they are not).

Interesting sidenote: Kerr himself defended Lori Drew in the so-called
"MySpace suicide" case (2008), in which Drew was convicted of computer crimes
and wire fraud for violating MySpace's TOS by "cyber bullying" 13-year old
Megan Meier, resulting in Megan's suicide (the conviction was overturned on
appeal). [http://www.mail-
archive.com/volokh@lists.powerblogs.com/msg1...](http://www.mail-
archive.com/volokh@lists.powerblogs.com/msg14744.html)

There is no federal law against cyber-bullying, so the prosecution in that
case used these same computer and wire fraud laws to go after Drew for her
role in Megan's suicide.

~~~
LiveTheDream
> There is no federal law against cyber-bullying, so the prosecution in that
> case used these same computer and wire fraud laws to go after Drew for her
> role in Megan's suicide.

This is the thing that's strange to me. Seems as though existing laws against
harassment would apply. What is so different about this activity online than
offline?

~~~
tedunangst
As noted elsewhere, CFAA has suped up mega penalties, so it's the hatchet of
choice when the public demands blood.

~~~
tptacek
Perhaps less that it has amped up penalties and more that it has a careless
and capricious standard for mapping alleged damages into sentencing
categories. It's not necessarily that the CFAA on it's face is unreasonably
harsh; it's that it's attached to a stupid scheme from which harshness is an
emergent property.

------
jelled
Just because this isn't a cure all magic bullet does not mean it isn't a step
in the right direction. Progress no matter how small is still progress.

I encourage those of you who live in the United States to drop a quick line to
your congressman and ask that they support this bill.

<http://www.house.gov/representatives/find/>

~~~
spinlocked
YES. Vote up this comment, for he speaks the truth.

Edit: Note to PG and HN mods. With power comes responsibility. You have in the
past allowed cynical posts from reaching the top and influencing opinion and
thats led to tragic consequences. See the infamous Aaron post from Ed. Its
happening again. I encourage you to vote down negative nonsense, even it
consists of well constructed sentences and comes from people with high karma
scores. Or whatever the kids call it these days.

------
luigi
Explanation here:

[http://www.reddit.com/r/technology/comments/16njr9/im_rep_zo...](http://www.reddit.com/r/technology/comments/16njr9/im_rep_zoe_lofgren_im_introducing_aarons_law_to/)

------
michaelfeathers
It's a nice narrow fix and I hope it passes, but the real elephant in the room
is 'plea bargaining.' That needs reform at the federal level.

~~~
kyboren
Federal prosecutors' primary tactics mirror those of the medieval siege. They
do their best to fling arrows at the castle by generating enormous amounts of
discovery material They starve defendants with insanely over-broad civil asset
forfeiture laws. They charge crimes on the prosecutor's whims: HSBC bankers
get away with laundering hundreds of billions for Iran, but go after Aaron
Swartz with utter malice. Of course, these whims are driven (as always) by
personal ambition, outright greed, and a strategy towards personal profit.
They strip the defendant of all his most essential Constitutional rights, and
then bully him into accepting the arbitrary conditions imposed by one in a
position of power, desecrating the right to a trial by peers--a right we
gained in the 13th century.

We must pass laws mandating adequate funding for the judiciary, and mandating
that after the prosecution's total expenditures surpass $50,000, the
prosecution must contribute the amount it spends on its own expenses, minus
the first $50,000, to a legal defense fund for the defendant.

This will ensure the government will not resort to dirty tactics like
inundation with discovery materials, since they will just have to pay for the
defendant's lawyers to read them all. They will not be able to subjugate
defendants with their might, because defendants will have the means available
to them to stand up to it.

~~~
rayiner
This would basically mean you could never get a large company or criminal
organization for anything. If you're trying to uncover e.g. systematic FCPA
violations, you can't help but make the case complex.

~~~
kyboren
Fine, and so the case is complex and expensive. If the accused truly are
guilty, then they will be afforded due process of law _and then_ convicted.
The case may cost twice as much for the government to prosecute, but the large
company will forfeit any profits derived from that criminal activity.

Besides, the DoJ consumes an absurdly low proportion of the Federal budget
[1]. Even if this law doubled the DoJ's budget (impossible; they still have to
pay for facilities, support staff, etc.), it is a worthy price to pay for a
safeguard of the liberties we've enjoyed for nearly a millennia.

1:
[http://www.justice.gov/ag/annualreports/pr2012/section3.pdf#...](http://www.justice.gov/ag/annualreports/pr2012/section3.pdf#1)
\-- page III-18. Total appropriations received: ~$27 billion, $18 billion of
which went to supporting the goal, "Prevent Crime, Protect the Rights of the
American People, and Enforce Federal Law". The total of Federal expenditures
for FY12 was $3,538.3 billion
(<http://www.fms.treas.gov/annualreport/cs2012/finhigh.pdf>).

------
kyboren
We need to ensure that "Internet website" is replaced with "any computing
device which intentionally uses electromagnetic radiation to communicate with
other computing devices".

EDIT: OK, how about, "any device which intentionally communicates with other
devices". Is that better?

~~~
politician
I'd strike "computing" from your suggestion as well.

~~~
AnthonyMouse
Also, "uses electromagnetic radiation to" -- let's not be limited to
particular technologies.

And maybe strike "intentionally" too, or you'll have lawyers arguing about the
intent of a piece of networking equipment.

~~~
politician
So, "any device which communicates with any device" then? We might need to add
a clarification that communicating with itself is included, and that
communication could be uni-, bi-, or multi-directional...

------
Bud
Zoe Lofgren is my Congresswoman. Her office is across the street from where I
live.

I think I'll visit her office tomorrow to thank her for this; it makes me
proud.

~~~
mindslight
Before you do, make sure you spend some time reading the analysis here and on
reddit, and come to a solid conclusion whether this proposed change actually
would have helped Aaron, or whether it's a feel good attempt to use his name
for political gain.

~~~
Bud
I think it's possible for the bill to be a good idea even if it would not have
helped Aaron, and also possible for it to be suitable memorial even if it
would not have helped in his particular case. The fact that it could help
prevent some other similar cases would be good enough for me, for instance.

If you have any analyses you think are particularly valuable, feel free to
recommend; I'm reading dozens of things per day about this story as it is, at
the moment, as so many of us are.

~~~
mindslight
I'm envisioning a course of events where this bill gains support and gets
passed (fixing one problem, yes), but nothing is done to address the real
causes of what happened. It's then reported on in the media as if this
longstanding severe criminalization of acts-with-technology has been fixed,
when the reality is that people like Aaron are extremely rare and we're
unlikely to see a similar case in the next decade (/me knocks on wood).

Sorry to jump at you a bit. Most of the comments on reddit seem to be
unthinking sycophantic praise, and don't really consider if this is the
appropriate response.

------
jMyles
Am I the only one who thinks that the current situation requires _removing_
text from the federal register rather than adding it? In both cases, the
changes here are insertions, with no deletions. There's plenty of offending
code to delete, why let it rot more?

~~~
ahallock
I agree with you, but I don't know how much credit she'd receive for merely
trying to eliminate law.

We wouldn't need this massive, inconsistent, vague, and convoluted law system
if we just followed a few fundamental moral principles. An analogy would be
the overly-complex equations to support the Earth being at the center of the
solar system. When the sun was rightfully placed there, the equations became
more elegant.

A programming analogy would be to refactor similar laws into a more general
form, follow KISS, use open-source software (free market) instead of
reinventing the wheel (the type of wheel you'd find in Death Race 2000, btw),
etc. But just like the programmer who gets job security from tangled,
inscrutable code, Statists and lawyers do so from law.

~~~
rayiner
No, the proper analogy is Windows, except 1000x more complex. The complexity
of the Windows code doesn't exist because Microsoft profits from keeping it
hard to understand.

------
spinlocked
Lets just sit back and revel in the irony of programmers discussing broad
fixes to federal laws, based on insights from reddit comments.

To all the armchair legal experts of HN, here's a challenge: draft legislation
that fixes what you propose and post it here.If you can't do that, you are not
qualified to comment on the matter.

The EFF has addressed the technology aspects of this. You have ascended into
general purpose prosecutorial reform. The legal profession has a vast number
of incredibly intelligent people and the legal process has vast nuances, and
to think you are an expert in the subject is downright arrogant.

You solve this problem by momentum and visibility, not tossing out arbitrary
criticisms.

In the meanwhile, vote up the comment that urges readers to help get this
passed.

~~~
BrokenPipe
It's quite disturbing that people expert in technology (such as HN visitors
are) should not comment on the matter because they have no 'law'
qualification.

Is this 'law' thinghy you are talking about something that only applies to
people with 'law' qualifications?

Oh no you say? it applies to everyone ? OMG!

Here's my draft legislation: get rid of the laws used to incriminate Aaron as
they are crazy, overreaching and unjust. No need to polish a turd and I'm sure
real crimes are already covered by non computer laws.

~~~
spinlocked
My 3 year old niece is far more articulate than you. I'm serious, you're an
embarrassment to this board.

------
rplacd
Who does the typesetting on these documents? I'm curious - the Supreme Court
looks like it uses TeX; here it looks like they're rendering XML.

~~~
josteink
I was curious about this as well.

It looks like a XML document with some standard XSLT presented in a browser
and "printed" to PDF.

Which to me sounds way too technical for any lawmaker to be doing.

Anyone got any insight into this?

~~~
rplacd
I just found this - <http://xml.house.gov/drafting.htm>

Some relevant quotes:

> ...most legislation in the House is worked on by attorneys in the Office.
> The signed paper version submitted to the Clerk of the House on the House
> Floor is the official document of record.

> HOLC, the main drafters of House legislation, consists of approximately 35
> attorneys and a support staff of about 15 individuals, and is headed﻿ by the
> Legislative Counsel of the House who is appointed by the Speaker of the
> House...

> Because the paper version is the ﻿document of record, the drafters provide
> their clients with typeset drafts or PDF files that can be printed in the
> client’s office. The paper version of legislation is currently created in
> one of two ways...

The gory details come just after that, but the site itself seems out of date.
More interesting is the peek at the physical process of drafting legislation.

------
csense
Even though it might not have made Aaron's specific case go away, this bill
does solve a serious problem with EULA breaches being used for overzealous
prosecution.

Say that my ToS / EULA says "By using my product, you agree to hop on one foot
while doing so." If some terrible person uses my product without hopping on
one foot, then the _worst_ thing that can happen to them in the legal system
should be _civil_ actions, namely, I can sue them for breach of contract.

If they can be _criminally_ prosecuted for "hacking" my software/website, that
seems to go against the entire concept of having a divide between civil and
criminal cases. Only the government should have the power to declare that the
specific behavior of failing to hop on one foot is criminal.

Letting any private party set arbitrary rules for any other private party
_that are enforced by criminal penalties_ is just nuts.

------
sneakest
Its too short, wont pass. Add about 100 pages of junk to it and you might have
a shot at getting it passed.

~~~
tlrobinson
Don't worry, that will come later.

------
smogzer
Aarows laws:

1) Thou shall not harm those weaker than you. See too big to fail for names to
go after.

2) Thou shall protect and let them have freedom of choice and experimentation
and broad access to knowledge.

3) If thou cannot avoid being bureaucratic in the age of information, take
into account that time waiting for decisions is painful. See 1).

4) Thou shall avoid giving money and encouraging practices that lead to 1)
either in your country or in other countries. A living creature is the same
everywhere.

------
lessnonymous
This sounds like its clarifying what the founding fathers really meant when
they wrote the law way back in 2002.

------
ericcumbee
maybe i am missing the point. But by applying the logic of this bill to other
laws. Then trespassing on private property, being asked to leave several
times, but not doing so, should not be a crime either.

~~~
marshray
That's not a crime that will typically get you threatened with 50 years in
federal prison, no.

We can't expect our 3000 year old "tresspass" and "stealing" concepts to work
well as metaphors for information systems built specifically to copy
information at the rate of thousands or millions of times a second.

------
jstanley
This seems like a udiff would be a much easier way to represent the changes.

------
ck2
Had Aaron ever been found guilty of any other crime?

Because if not, first time offenders almost always get probation unless they
killed someone.

Some drunk drivers who killed people get only a couple years.

Destroy the economy = no jail time, free information that was already
technically free = mandatory minimums?

------
pingbear
That kerning is making my eyes twitch.

