Press contact: Mark Stanley, 202.681.7582
Email: [email protected]
The following statement may be attributed to David Segal, Executive Director of Demand Progress. Demand Progress was cofounded by Aaron Swartz, who committed suicide in 2013 while under indictment under the Computer Fraud and Abuse Act — for allegedly downloading too many academic articles from MIT’s open internet network.
The Computer Fraud and Abuse Act is entirely out of sync with the way people use computers — and with a changing criminal justice paradigm that recognizes the particular undue harshness of the American criminal code.
It’s idiomatic that the punishment is supposed to fit the crime, yet the Computer Fraud and Abuse Act’s penalty scheme remains divorced from the severities of the behaviors it’s been wielded against. Today’s conviction of Matthew Keys is yet more evidence that this needs to be fixed.
With much bluster, the Department of Justice has pointed to the absurd statutory maximal penalty for somebody in Keys’s shoes: 25 years for enabling a harm that entailed changing the words on a website for all of an hour.
So we are witness to yet another abuse of a law that’s used to police online behavior even though it was written in 1986 — years before the World Wide Web was invented.
An amendment being offered to the “Cybersecurity Information Sharing Act” by Senator Sheldon Whitehouse would expand the scope of, and penalties under, the CFAA.