3 Years After Aaron Swartz's Death, Here's What's Happened to Aaron's Law

Monday marks the third anniversary of Aaron Swartz's death. A hacktivist and early Reddit team member, Swartz was prosecuted in 2011 for downloading millions of academic articles from JSTOR while he was a fellow at Harvard University. Swartz worked for the Creative Commons and had a history of downloading paywalled academic material and releasing it to the public, according to Wired. He was accused of breaking federal hacking laws with intent to publicly disseminate the downloaded documents, and faced a 35-year prison sentence along with a $1 million fine. JSTOR, which incurred no financial damages, wasn't seeking a suit against Swartz. Two years into his legal battle with the federal government, Swartz was found dead in his Brooklyn, New York, apartment.

Swartz's indictment and his death spurred discussion about how severely cybercrimes should be punished, which in turn brought about Aaron's Law in 2013, a bill that sought to rein in penalties associated with hacking. Aaron's Law would amend the Computer Fraud and Abuse Act (CFAA), a law designed to penalize people who access computer systems they aren't authorized to use — people like Swartz himself.

In commemoration, a top Reddit post in /r/technology Monday urged users to have a conversation about the bill. Three years later, what happened to Aaron's Law, and what does the future look like for hacktivists like Swartz?

Aaron's Law is languishing in Congress. After it was first introduced, no action was taken for two years. Then, in 2015, the bill was reintroduced by Reps. Zoe Lofgren (D-CA) and Jim Sensenbrenner (R-WI), and Sen. Ron Wyden (D-OR). Now, there is no word on whether or when the bill will go to a vote. 

Mic reached out to the offices of Lofgren and Sensenbrenner with no response. Sensenbrenner's office passed us to the House Judiciary Committee. We learned that the House Judiciary Committee is currently seeking feedback from a variety of sources on how to revise CFAA, but there are no plans to vote on Aaron's Law.  

Mic also spoke with Electronic Frontier Foundation legislative analyst Mark Jaycox for more details on why Aaron's Law is stalled. Congress is divided over cybercrime punishment, Jaycox explained. Some representatives believe that strong punishments will deter potential cybercriminals from acting, so they're invested in continuing harsh penalties. 

Opponents argue that the CFAA is also overly broad and can be applied to too wide a range of infractions, leading to punishments disproportionate to their crimes. 

Here's how the Electronic Frontier Foundation describes it:

"Without this change, the government could've prosecuted everyday Americans for violating low-level terms of service violations, like accessing your friend's Facebook page, or, for a time, reading Seventeen when you are under 18 years old. In short, everyone would be a criminal, leaving it up to the government to decide when and where to bring down the hammer."

In addition to a disagreement over how punishments should be meted out, there may be an even larger hurdle in the way of tweaking the Computer Fraud and Abuse Act. Namely, Congress doesn't understand computers.

"There is a lack of technological understanding and a lack of understanding on how the CFAA is applied and used," Jaycox told Mic. He said this problem isn't limited to the CFAA; it's an issue that plagues a variety of laws governing digital spaces. "You see this in every computer law in front of Congress, from autonomous cars to even some of the government surveillance stuff."

There are members of Congress who don't use email, Jaycox said; some don't even text. In other cases, he said, they don't operate in or understand the very thing they are trying to govern. That confusion can ultimately hold up bills like Aaron's Law.

Or worse: It can lead to rulings that are in direct opposition to what the public wants. For instance, in October, the Senate passed the Cybersecurity Information Sharing Act of 2015, a law aimed at allowing businesses and the government to share information about cyber attacks with few privacy provisions in place. The passage came despite a deluge of over 6 million faxes in opposition to the bill along with firm disapproval from major tech companies like Apple, Yelp, Twitter and Reddit. (CISA was signed into law by President Barack Obama on Dec. 19.)

Part of the problem may have been that those faxes weren't sent from constituents, they were sent from privacy advocates. While Congress may be voting on computer laws in a way that's largely out of touch with millennial voters, it may not entirely be their fault.

We need to take action: "The question is," Jaycox said, "when is that constituency going to be activated and when are they going to turn out?" What's it going to take for us to care enough to engage with these issues, to care enough to pick up the phone and call our representatives?

Considering that most people are prone to spending six-plus hours a day online, according to the Global Web Index, computer and internet laws should seemingly be important to this demographic. While bills like Aaron's Law and laws like CISA stand to significantly affect anyone operating on the web, many young voters aren't speaking out about these issues. 

In fact, the majority of millennials aren't voting at all. According to a 2012 study from the Census Bureau, only 45% of people aged 18 to 29 voted. More recently, exit polls from the 2014 election cycle showed an even grimmer picture. Younger people accounted for 12% of voters in Iowa, 10% of voters in Georgia and 14% of voters in Colorado, according to a report in Mother Jones. 

What that means is that America is electing representatives and senators who don't necessarily represent its younger citizens — those of us who have largely grown up using computers and the internet. As a result, representatives are unlikely to make Aaron's Law a priority. 

"You're seeing key cultural questions being asked and answered in gay rights," Jaycox said. "I don't know if we've had that moment when it comes to computer law."