The Washington PostDemocracy Dies in Darkness

The law used to prosecute Aaron Swartz remains unchanged a year after his death

Aaron Swartz speaking at an anti-SOPA rally. (Daniel J. Sieradski via <a href="">Flickr</a> )

A year ago today, Aaron Swartz was found dead in his New York apartment. Swartz was a true child of the Internet: a programming wunderkind who helped create the popular online syndication protocol RSS at just age 14 and a prodigious activist for Internet freedom issues who led the charge against the broad online copyright-enforcement proposals SOPA and PIPA in 2012. He also killed himself in the midst of a lengthy legal battle over charges related to his bulk-downloading of documents from an academic database while connected to MIT's network. Several of those charges were based on a cybercrime law dating back to 1986.

In the wake of his death, friends, family members and allies called for reforming that law, the Computer Fraud and Abuse Act (CFAA), which critics have long argued is overly broad, contains harsh penalties and could be used to criminalize many Americans for common online behaviors -- such as violating the terms of service agreements of Web sites. Swartz himself faced a maximum of 35 years behind bars for what some describe as "checking too many books out of the library."

The alleged facts of the case were a little more complex than that analogy -- court documents say Swartz used a pseudonym on the MIT guest network and bulk-downloaded documents from the academic database JSTOR using a Python script, changing his IP and MAC addresses after being blocked and eventually hard-wiring a laptop into an MIT network closet.

But at worst, the original complaint alleged, "Swartz intended to distribute a significant portion of JSTOR's archive of digitized journal articles through one or more file-sharing sites." That wouldn't be completely out of character for Swartz, an advocate of information freedom who once used an automated script to bulk-download documents from a free trial program for the paywalled public record database PACER. However, that complaint included no evidence that was his plan. And while MIT stayed silent on the case, JSTOR said it had "no interest" in his case "becoming an ongoing legal matter."

But prosecutors pressed on with 13 felony counts including charges of wire fraud, computer fraud and “unlawfully obtaining information from” and “recklessly damaging” a “protected computer.” Then nearly two years after his initial arrest, Swartz committed suicide -- and the Internet sprang into collective action.

Immediately, there were calls for an "Aaron's Law" to limit the scope of the CFAA. And in June, a bipartisan group of lawmakers introduced such a proposal -- prompting support from many advocacy groups, including the Demand Progress group Swartz had founded during his action campaign over SOPA, as well as opposition from some software industry groups such as  BSA. But as Congress ground to a halt amid partisan gridlock and a government shutdown last fall, Aaron's Law went nowhere.

Activists are invoking Swartz's name for an upcoming day of action against NSA surveillance. Senators continue to question the Justice Department over the aggressiveness of his prosecution. A year after Swartz's death, the CFAA not only remains unchanged, but some proposals might actually strengthen it.