2013 in Review: Tragedy Brings CFAA Into the Spotlight
As the year draws to a close, EFF is looking back at the major trends influencing digital rights in 2013 and discussing where we are in the fight for free expression, innovation, fair use, and privacy. Click here to read other blog posts in this series.
For EFF, 2013 started on a tragic note when our friend, the gifted activist, coder, and Pioneer Aaron Swartz committed suicide in January. At the time of his death, Aaron was under indictment for allegedly violating the Computer Fraud and Abuse Act ("CFAA") when he used MIT's computer network to download millions of academic articles from the online archive JSTOR without "authorization." But out of his untimely death grew an enormous outcry against the CFAA and the government's prosecution of Swartz, including a Congressional hearing about the case, a bill introduced in his name to reform the CFAA, and a disappointing MIT report about the case.
Despite the renewed attention given the CFAA, it was still used in dangerous ways throughout the year.
First, in March Andrew "Weev" Auernheimer was sentenced to 41 months in prison following his CFAA conviction for revealing to media outlets that AT&T had configured its servers to allow the collection of iPad owners’ unsecured email addresses. We joined his legal team on appeal, arguing to the Third Circuit Court of Appeals that it's not a crime to view information on a publicly accessible website.
Then over the summer, we weighed in on craigslist's dispute with 3taps, a company that collects publicly accessible craigslist postings and makes the data available to other sites. 3taps provided craigslist apartment listings to Padmapper and craigslist sued both, claiming the companies had violated the CFAA. In an amicus brief, we explained that once craigslist made the information on their sites available to the whole world to see, they could not selectively decide to make someone's access "unauthorized" merely because they were competing with craigslist. The court partially agreed with us, finding that 3taps was authorized to view and use the listings until craigslist sent 3taps a cease and desist letter and blocked their IP address.
Finally, in the fall we submitted a support letter on behalf of "hacktivist" Jeremy Hammond before his sentencing after pleading guilty to violating the CFAA when he obtained credit card numbers and internal emails from intelligence contractor Stratfor. The emails revealed the company's work conducting surveillance on political protesters at the behest of both private companies and the government and were reported in major news outlets. Hammond was ultimately given the sentence requested by the government: ten years in prison, an unfortunate yet unsurprising development given the CFAA's draconian punishment scheme.
Hopefully, the push towards reform that began in 2013 with tragedies—death, incarceration and the stifling of innovation—will bear fruit in 2014, between Aaron's Law getting committee hearings in Congress, the Third Circuit reviewing Weev's case, and the renewed energy given to rein in the CFAA. You can help by telling Congress to support common sense changes to the CFAA and ensure that 2014 isn't another year of tragedy.
This article is part of our 2013 Year in Review series; read other articles about the fight for digital rights in 2013.