When Aaron Swartz, a prominent programmer and digital activist, was arrested in 2011, he was halfway through a fellowship at Harvard’s Center for Ethics. Police took him in after he entered a computer closet at MIT and downloaded enormous amounts of data from JSTOR’s extensive database of academic research.
Swartz was charged with 13 felonies, 11 of them based on the Computer Fraud and Abuse Act, or CFAA. Some of the charges hinged on violations of JSTOR’s terms of service, which prohibit bulk, automated downloads that prevent other customers from accessing its documents. Faced with the possibility of decades in prison and up to a million dollars in fines, Swartz took his own life in 2013.
The ordeal brought CFAA—a 30-year-old anti-hacking law that has been updated half a dozen times to keep up with new technology—under intense scrutiny. Digital-rights activists decried the law for its vague definitions of “unauthorized access” to a computer, and for punishing researchers and academics who analyze and pick apart computer systems they don’t own or operate. Some members of Congress tried (and then tried again) to roll back elements of the law, including those that have been used to criminalize terms-of-service violations. But a bill sponsored by Representative Zoe Lofgren and Senator Ron Wyden—a pair of tech-savvy Democrats—died in 2013, and is currently stalled after being reintroduced in 2015. The lawmakers named their bill “Aaron’s Law” after Swartz.