
In the Wake of Aaron Swartz's Death, Let's Fix Draconian Computer Crime Law - colin_jack
https://www.eff.org/deeplinks/2013/01/aaron-swartz-fix-draconian-computer-crime-law
======
polemic
There should also be a push for better use of discretion and 'common sense'
from the US judiciary. Most (all?) laws are, by their nature, crude sticks
that have to be wielded carefully.

I'm not sure that in this case, the law is 'wrong'. As has been outlined
elsewhere, by a reasonable reading of the applicable law Aaron's actions were
criminal and (in my opinion) the law itself, in spirit, is not unreasonable.

What _is_ unreasonable in this case, appears to be the application of the law,
and more generally, the cost in time and money that is required to mount an
adequate defence.

It should _never take two years and millions of dollars to have a case like
this settled_ , one way or the other. It seems a basic violation of human
rights that it _could_ happen. This is the general problem that needs to be
solved in the US.

To end with a favourite quote that feels timely:

 _"The fall of Empire, gentlemen, is a massive thing, however, and not easily
fought. It is dictated by a rising bureaucracy, a receding initiative, a
freezing of caste, a damming of curiosity - a hundred other factors. It has
been going on, as I have said, for centuries, and it is too majestic and
massive a movement to stop"_

\-- Isaac Asimov, Foundation, 1951.

Let's hope that's not entirely true.

~~~
AnthonyMouse
>What _is_ unreasonable in this case, appears to be the application of the law

I don't think you can let the law off the hook for allowing unreasonable
applications of itself. The idea of criminalizing "computer fraud" (i.e.
breaking into Amazon's servers to have it mail you expensive products without
paying or to steal credit card numbers) is not objectionable. But the breadth
and vagueness of the existing law, and the obscene penalties, most certainly
are objectionable and should be fixed.

I completely agree that something must also be done about the excessive cost
of criminal defense as well.

~~~
polemic
> But the breadth and vagueness of the existing law...

My point is this: of necessity, most laws are broad and vague, and it relies
on judges to build the necessary case law to interpret it.

The current law absolutely needs to be addressed, but 'computer law' will
always be 10 steps behind the technology. The _much bigger issue_ is the
fundamentally flawed, inhumane and insanely expensive US justice system.

~~~
sliverstorm
Agreed, this is part of why we have judges! Besides, if you think law is a
tortured convoluted process _today_ \- just wait until we try to write it to
explicitly handle every possible corner case.

The reason our laws have held up fairly well thus far is because they are
vague. For example, the "reasonable person" clauses. What is considered
reasonable changes with time. Do you really want to have to re-write all the
laws centered around "reasonable person" every couple decades?

Remember, the legal system is not a computer. It doesn't necessarily make
sense to approach it like one. Many of us here are programmers, and sometimes
it shows.

~~~
betterunix
"Do you really want to have to re-write all the laws centered around
"reasonable person" every couple decades?"

Yes, and in fact, I would like every law to expire no more than 10 years after
it is passed. We have too many laws and too many ways to become a criminal;
force politicians to spend their days renewing necessary laws and we'll curb
our out-of-control legal system. Keep the legal system straightforward, so
that nobody is confused about whether or not they are committing a crime.
Eliminate plea bargaining. Reduce the power of prosecutors, and reduce the
power of the police (let's start by reducing the power of their firearms -- we
really don't need soldiers serving search-and-arrest warrants).

~~~
sliverstorm
If this was such a great way of doing things, why don't we programmers (who of
course have everything all figured out) already do this in our code? Have a
harvester that regularly walks your VCS and deletes any function older than 1
year. Sound like fun?

 _Keep the legal system straightforward_

Being explicit is _not_ the way to achieve that. Explicit handling of corner
cases is always confusing when there are many, even more so when you are
speaking in legaleese. "Reasonable Person" codified explicitly would take
pages and pages and pages. You think that would be more understandable to the
layman than, "What a Reasonable Person would do"?

If Real Life and People could be so easily codified, heuristics would be a
completely useless field.

 _Eliminate plea bargaining. Reduce the power of prosecutors, and reduce the
power of the police_

What does that have to do with this line of discussion?

~~~
betterunix
"Have a harvester that regularly walks your VCS and deletes any function older
than 1 year. Sound like fun?"

Periodically reviewing code to ensure it still does what it needs to do is not
exactly unheard of, and neither is replacing old code with new code. It is how
we keep our software up-to-date.

How about the flip side: how would you like to have no code ever erased -- how
would you like to spend your time supporting code written 50 years ago side-
by-side with code written yesterday? That is what our legal system is like
right now: laws that made sense decades ago, laws that made no sense decades
ago, laws that were passed this year, etc., all relevant and applicable today.
The government cannot even count the number of laws on the books at this
point.

"Explicit handling of corner cases"

How about not bothering with corner cases? Let people whose actions seem
criminal but which do not meet the definition of any crime go free. Do we
really need to prosecute every single person who does something we do not
like?

Our justice system is _supposed_ to favor innocence, not guilt. Yet we see the
exact opposite happen with the "let's make sure we never have corner cases by
being as broad as we can be" approach to law.

The point is for laws to have a clear boundary between innocence and guilty.
_Nobody should be unsure about whether or not they are breaking the law_ and
we should not be relying on a handful of judges to make such determinations.

""Reasonable Person" codified explicitly would take pages and pages and
pages."

Sounds like the real problem here is that we have laws based on what
"reasonable people" do, which is a pretty conservative approach to law. Why
should the law be concerned with "reasonable people" -- why shouldn't the law
just clearly state which actions are illegal and which are not?

We seem to be pretty straightforward sometimes. We define BAC limits for DUI
laws. Why not be straightforward about computer crime too? Why not be
straightforward about all laws? You are right, most people cannot understand
pages and pages of laws -- so what are we supposed to do with the current
legal system? You walk down the street at the mercy of the policy, because in
reality you have no idea which laws you might have broken or which laws you
were expected to follow.

What would a reasonable person do? A reasonable person would get a job, climb
the social ladder, and never complain about it. Reasonable people in the 19th
century would not have complained about women not having the right to vote.
Reasonable people in the 18th century would not have complained about the
triangle trade or slavery in general. Reasonable people would not have
rebelled against British rule, nor written the Magna Carta. Laws should not be
based on what reasonable people would or would not do; laws should be based on
ensuring that people can continue to enjoy their freedom.

"What does that have to do with this line of discussion?"

I suppose that last comment was only tangentially related. The combination of
broad laws, powerful prosecutors, and plea bargaining are the reason America
is the world leader in imprisonment. Most of our prisoners never received a
trial, because they odds were so severely stacked against them that they just
accepted the plea bargain on the advice of their lawyers (often overworked
public defenders). This is not a theoretical problem, it is the reality of our
justice system and of our society.

~~~
sliverstorm
I think our disagreement boils down to one thing. You believe our legal system
could be fairly and justly encapsulated in a document perhaps the size of a
dime novel, if only people had the forethought to make laws the way
programmers (that godly race) write programs.

Yes, I'm being a little bit snarky. I can't help it. Besides the part where
the real world is infinitely more intricate than a computer, software projects
routinely fall into exactly the sort of chaos you are saying a pragmatic
"boolean" approach to law would avoid.

There's an effect whose name I cannot remember that people in tech fields are
particularly prone to fall victim to, wherein an individual _wildly_
underestimates the amount of difficulty and effort required to tackle fields
which are not his own. I believe you are falling victim to this effect.

------
gte910h
Let's instead fix vast overcharging, with 5x-20x pleabargain:max sentence
ratios. If something is bad enough to lock someone away for 20 years, 2 years
shouldn't be an option just because they made the legal system cost less
money. Plea bargains are coercive, undermining our rights to a trial by the
jury of our peers, and are likely coercing false testimony/false corroboration
of evidence against 3rd parties far more than they should

More trials for actual bad things, fewer arrests for just marginally bad
things, and less prosecutorial discretion is what we need here. Computer crime
having overly high penalties in most cases is merely a symptom of a general
problem we should be solving for all law.

~~~
westicle
This might be too extreme, but what about forcing the prosecution to put some
skin in the game where it comes to predicting the eventual outcome of the
case?

In civil matters parties have the option of making a "Calderbank Offer", in
which they put forth a reasonable resolution for the dispute by mutual
agreement. If the other side does not accept that offer, but does not get a
better outcome than the offer made, they are punished with costs consequences
(for tying up court resources, forcing the other party through expensive
litigation etc).

In a criminal trial, perhaps the prosecution should be required to go on
record stating the sentence they will be asking the court for. In the event
that the actual sentence varies significantly from the sentence threatened by
the prosecution, a discounting procedure could be applied (for every 10% the
prosecutor overstates the likely sentence, the accused receives a 5% reduction
in their sentence).

ie. if a prosecutor proposes a 4 month custodial sentence for accessing
academic journal articles, and a judge imposes 2 months, the accused would be
entitled to a 50% discount, and serve only 1 month. If the prosecutor proposes
35 years, the accused serves no time.

~~~
gte910h
Judges just accept prosecutor's amount over and over and over.

Doesn't work.

------
AnIrishDuck
The CFAA is far too big a stick to trust with federal prosecutors. Aside from
the case the EFF names, it was also used to threaten geohot [1] when he first
released details on the PS3 jailbreak. Sony argued that geohotz's access to
his own (!) PS3 constituted unauthorized access to a protected computer and
this claim survived a preliminary motion to dismiss.

1\. <http://www.groklaw.net/article.php?story=20110218181557455>

EDIT: I do realize that geohotz's case is civil; in my opinion _both_ the
civil and criminal aspects of the statute are wrong.

------
venomsnake
I think that the important part in the eternal debate about large vs small
government is missed - the real problem is fuzzy government. The one with
overly broad and ill defined powers and fuzzy laws. What we need is a precise
government where the functions and powers granted to the executive branch are
not allowed for discretion, interpretation and overzeal.

Unlike the rights of the constitution that are universal and eternal the laws
describe the here and now - so every law should have its built in expiration
trigger (10-20 years) - this will ensure that the congress will act to
reauthorize it if they like it so much. And because of the limited time they
will be forced to triage and some insanities will just expire.

~~~
toufka
There is always an other side. In general, I think you want fuzzy laws, as
there are fairly universally agreed 'bad' things, though not a single person
has a good definition of 'bad'. A computer 'crime' or 'fraud' can easily be
understood by an informed jury, judge and prosecutor and be just beyond the
very letter of the law. So long as our system is adversarial in nature, I
don't think an occasional push against the fuzzy line is in poor form, as long
as there is commensurate push back. And in general, in the long run, this is a
more equitable and just system than one of algorithmic rules where
technicalities truly do trump intent.

~~~
krichman
Sometimes I think the real problem is that we've lost the viewpoint of "it's
better 1000 guilty go free than 1 innocent be imprisoned".

At the very least it shouldn't be so easy to, for example, drum up 35 years
worth of charges on excessive downloading.

~~~
malandrew
In fact, the situation today is probably the opposite. With plea bargains, I
believe conviction rates are as high as 99.5% (IIRC). Somehow I find it hard
to believe that 99.5% of people charged with a crime in this country are
actually guilty. That seems dangerously high. I know that many innocent people
are let off when a case or charges are dismissed, but of all those that do go
to trial, more than a mere half percent must be innocent.

~~~
krichman
99.5% of accused are found guilty? That's totalitarian.

~~~
malandrew
Mainly because of plea bargaining.

    
    
      "Fewer than 10 percent of the criminal cases brought by the
      federal government each year are actually tried before 
      juries with all of the accompanying procedural safeguards
      noted above. More than 90% of the criminal cases in America
      are never tried, much less proven, to juries. The 
      overwhelming majority of individuals who are accused of
      crime forgo their constitutional rights and plead guilty."[1]
    

From what I've read elsewhere, of the 10% or so that do go to trial, something
like 9 times out of 10 the verdict is guilty. Given that a federal criminal
trial takes $1.5 million to defend and that the prosecutor has all the weight
and resources of the federal government behind then and the citizen has to
rely on his own financial resources (which are likely to be frozen if they are
well-heeled defendants), then that rate of conviction isn't surprising in the
least. Federal criminal cases are totally asymmetric in favor of the federal
government. As citizens, we always complain of well funded people prevailing
in civil and criminal cases because of the money they have to defend
themselves, but we ignore the well funded prosecution that US district
attorneys have that allow them to consistently find people guilty who may not
be.

[1]
[http://www.cato.org/sites/cato.org/files/serials/files/regul...](http://www.cato.org/sites/cato.org/files/serials/files/regulation/2003/10/v26n3-7.pdf)

------
ChristianMarks
It would help if defendants could speak more freely about their finances
without provoking the ire of a judge. This places advocates for free
information in a bind. If you need to mount an expensive legal defense because
you applied the principle that information should be free and, in consequence,
find yourself in legal trouble (I'm speaking generally to avoid argument on
inessential points) do you

1\. apply the principle that information wants to be free to yourself and
expose your finances, possibly provoking a judge; or

2\. selectively apply the principle and in your own special case, not disclose
your finances, although information wants to be free.

Until there is reform in this direction, activists for the information-wants-
to-be-free principle either have to reconsider, or else understand that their
ability to fund their legal defense may be compromised as well the principle
they acted upon.

Of course, a push for common sense and proportion from the judiciary might
obviate this.

~~~
ChristianMarks
Some rejoinders to myself:

1\. Personal information isn't the kind of information Swartz was attempting
to liberate. It was publicly funded academic research behind paywalls. There
is no principle of symmetry to appeal to. (If I am incorrect and the intent
was that "information wants to be free," then symmetry holds: one cannot
consistently be free with the information of others and prefer the exiguous
disclosure of one's own.)

2\. The government has systematically violated the laws it was accusing Swartz
of violating many times over. (An inadmissible legal argument, I understand,
but historically valid.)

3\. His assets may have been frozen.

4\. The disproportionate legal action against Swartz is an indication of the
government's cyberspace vulnerability. It is also an indication of the
imprecision of the law as it is written.

------
Codhisattva
Vindictive prosecutions intended to "set an example" or "send a message" are
simply cloaked ambition. And end up destroying lives.

------
perlgeek
In general, the sentences for different crimes/offenses have blown out of
proportion. Usually an outragous case of <mumble> goes around the media, and
politicians respond by increasing the punishment. Or Lobbyists push for it.

The whole thing (and not just in the US, in most states I know of) would need
a new assessment, and not just one section at a time, but some kind of unified
assessment.

It's a bit like a huge, sprawling code base that has never seen a major
refactoring, and is in dire need of one.

~~~
InclinedPlane
This happens all the time with weapons. For example, during the Bruce Lee
craze a lot of states passed laws against nunchucks which are still on the
books. It's a continuing pattern. Moral panic -> SOMETHING must be done ->
useless, unhelpful laws get put on the books. The same sort of security
theater that we see today with the TSA and whatnot.

------
rhizome
I have a better idea: a political party. The Internet Party.

~~~
dmix
<http://en.wikipedia.org/wiki/Crypto-anarchism>

~~~
rhizome
Just like I couldn't take a hint from aaronsw and suggest the Progress Party
due to cultural biases against Progressivism, anarcho-anything suffers the
same.

~~~
jlgreco
This is unfortunately true.

Crypto-anarchism is fairly unique though in an important way. It does not
require approval and the technologies that are created by self-described
crypto-anarchists can (ideally) be used by anybody, not just those who are
also interested in self-identifying as something so weird and fringey.

Hell, you can even create technologies that don't even need to be used by the
general public for the general public to benefit from them. Firesheep is a
fine example of such software; a few years ago most sites were wide open to
that attack but after the release of an exploit with a slick interface and
some effective publicity, most social networking sites tightened up their
ship. Sure, it is questionable what good this really does against a government
like the US, but people in other parts of the world surely benefit.

Your parents need never respect, understand, nor even hear of crypto-anarchy
in order for it to have a positive effect on the world. It has the potential
to do good without requiring ideological buy-in from the masses.

------
anigbrowl
Not to be argumentative, but I don't think the problem is draconian computer
crime law, as such. The problem here is a deeper one: the constitutional bias
towards procedural rather than substantive guarantees. This bias is partly
responsible for the constitution's longevity (and by extension, that of the
Republic), but is also responsible for the exhaustive and attritional nature
of common-law legal proceedings.

This is a huge problem in the criminal justice system in general, as well as
in other areas of law. I prefer common law to civil law systems, but that's
partly because I grew up in one. It's more flexible, but at the expense of
much greater complexity and arguably much lower predictability.

~~~
eru
Could you elaborate on what you mean by substantive vs procedural?

~~~
anigbrowl
Very, very briefly: Substantive is the what, procedural is the how. In Aaron
Swartz's case the substantive argument is that copying academic journal
articles shouldn't be a prosecutable crime in the first place, but at worst a
civil tort. The procedural argument is that Swartz went about his activities
in a demonstrably illegal fashion and was arrested pursuant to a properly
issued warrant. Is the law stupid? Maybe, but that's what it says and we're
just following it as written. Now in a civil law country (where legislative
text >> precedent) you'll often enjoy all sorts of substantive protections
that you wouldn't have in the US, but if you did break a law then you probably
won't be able to argue your way out on technicalities like whether the police
search was legal or you were read your rights correctly.

The constitution doesn't give you a whole lot of rights, but rather imposes a
variety of limitations upon the government. If someone in government can find
a hole in those limitations, then there isn't a whole lot you can do about it,
at least in the short term. Look at the drug laws; Congress certainly seems to
be within its rights to ban possession of certain substances, and there's no
substantive right to say you have jurisdiction over what you put in your own
body. Another famous legal example is the _Dredd Scott_ case; the Supreme
Court of the day said that a law law which gave a slave called Dredd Scott his
freedom was an unconstitutional infringement of his owner's property rights
(procedural argument). Now we consider the whole notion of people being
property invalid (substantive) so even the most logically watertight contract
in which someone agrees to be the property of someone else is void and
unenforceable. Now, contrast the familiar language of the US constitution with
things like the UN declaration of human rights, which imposes very few
strictures on _how_ governments go about governing, but has a great deal to
say about how people should be treated and is much more like the Declaration
of Independence than the Constitution
(<http://www.un.org/en/documents/udhr/index.shtml>).

This is a complex philosophical issue at the heart of legal theory and hard to
sketch out in only a few sentences. Think of the above as an impressionistic
sketch rather than a systematic description.

~~~
eru
Thanks. That reminds me of a German book on law that I read, that briefly
sketched how German law went from procedural to rights and obligations (i.e.
substantive, if I get it right).

Just to check my understanding: Roman law was mostly procedural, wasn't it?

------
peterhajas
> In the Wake of Aaron Swartz's Death, Let's Fix Draconian Computer Crime Law

I think this is an unfortunate attitude to have. When such an event happens,
it's easy to become blinded by emotions - and makes it more difficult to make
rational, reasonable decisions.

Let's think about this calmly, logically, and with a level-head. Let's not
have the reputation of making decisions that are emotionally driven.

~~~
betterunix
I have been thinking calmly and logically about the CFAA for years, starting
with my last year of college. I have long held the opinion that the
punishments handed down for computer crimes are entirely out of whack, and
time and time again we have seen computer crime laws used to attack people who
have not done anything most people would consider to be "wrong." Computer
crime laws seem to be based on the idea that hackers are dark wizards whose
powers are limitless if they are allowed to walk free. It is a symptom of a
society that is vastly ignorant of the machines it relies on, coupled with a
far-right ideology that says that the only reason anyone does anything is to
advance their financial interests (e.g. that nobody would download files that
a company makes millions selling access to unless their goal was to make
millions).

In the early 90s, the government tried to prosecute hackers over the Bellsouth
E911 document using computer crimes laws -- and they were laughed out of court
when the defense revealed that the document was a less-detailed version of a
technical document that could be purchased for less than $20. We are looking
at the same situation with the prosecution of Aaron Swartz: ludicrously
overstated charges and overzealous prosecutors whose knowledge of computers is
on the level of a chimpanzee (not to mention their sense of justice). Laws
like the CFAA create this situation by enabling the sort of behavior we saw
from the prosecutors in this case.

------
isalmon
I think the problem is not the Law itself. The problem is that in order to
protect yourself (even if you're not guilty) you have to spend ENORMOUS amount
of money. From this perspective rich people have more access to the basic
rights (in this case ability to defend themselves) rather than poor.

~~~
Shivetya
Connected people have a better ability, being rich does not guarantee you
protection from Federal prosecutors. The Feds act with near impunity and only
someone connected with the press or government officials really stand a chance
against them.

A relatively unknown internet person, regardless of money, is an easy mark to
them.

The issue I take with the case is the piling on by the prosecutors. There
needs to be some limit to the number of charges one can apply and total time
applied for cases where no life is lost. The current rules simply allow
prosecutors to intimidate people into accepting punishment, even when those
accused are not guilty of a crime; see the many false imprisonment stories
around the net.

People cheer on these laws when applied to people they don't like, financial
fraud cases are very similar and involve the same strategy, bury them in
charges so they have to accept something.

------
w_t_payne
You are fixing the wrong thing -- let's get the results of publicly funded
academic research into the public domain. That, as a goal, offers a far
greater good for humanity; the potential to save far more lives; and the
greatest net benefit to us all.

~~~
jwoah12
You are fixing the wrong thing. Let's secure world peace first.

See what I did there?

~~~
w_t_payne
Been there, tried that. Dinnae work.

------
RyanMcGreal
It looks like some members of the US government need to re-read Beccaria's _Of
Crimes and Punishments_.

------
kandahar
Ghouls.

