In a follow-up on the suicide of accused computer criminal Aaron Swartz, the Christian Science Monitor quotes experts as saying the 1986 federal Computer Fraud and Abuse Act is “hopelessly out of date.” “The punishments for these crimes are hugely disproportionate to the offenses listed,” said Adam Goldstein of the Student Press Law Center in Arlington, Va. “We wrote these laws based on the 1980s view of the worst-case scenario of hacking in a networked world.”
Robert Graham of Errata Security in Atlanta says the law “can be used to prosecute anybody for almost anything.” He says, “The issue is ‘authorization.'” Back in 1986, everyone had to be explicitly authorized to use a computer with an assigned username and password. But today, with the Web, we access computers with reckless abandon without knowing whether we are authorized or not. When you click on a URL, you are technically in violation of the law as it was designed.” Swartz was facing more prison time than he would have if he’d committed a serious physical crime, such as assault, burglary, grand theft larceny or involuntary manslaughter. “Why the penalties are stiffer for e-crime does not make sense,” said Chester Wisniewski, a senior security analyst in the Vancouver, British Columbia, office of the British security firm Sophos.