You are using an outdated version of Internet Legislation. Would you like to update? [Yes] [No]
If there’s one place where you can generally get away with minor wrongdoings, it’s the Internet. In fact—so long as you stay within the boundaries of the law—you’re free to lie, cheat, and post pictures of cats to your heart’s content. Stepping outside of legal boundaries, however, can result in some of the harshest punishments dealt by the criminal justice system. Internet law violations can also result in almost no punishment of any sort—or anywhere in between. While other laws become increasingly codified, those regarding cybercrimes fail to keep pace with the technology they govern.
Legal restrictions on the Internet recently surged in the news after the death of Aaron Swartz, an internet activist and co-founder of Reddit. Swartz took his own life following his arrest and subsequent trial over his involvement in multiple counts of computer and wire fraud. His charges revolved primarily around his downloading of data from JSTOR (a digital journal for academic articles) from the Massachusetts Institute of Technology’s school network. In all, the 13 charges levied against Swartz were enough to put him behind bars for upwards of 50 years if the maximum sentences were pursued. Given the severity of these allegations, one would suspect Swartz’s operation to be prolonged and destructive. Yet the source of most of those charges was anything but. One night in an M.I.T. closet with his laptop, Swartz used M.I.T.’s server to begin downloading large batches of JSTOR files. When the university kicked him off the network, he changed simply the “identity” of his computer to allow him to continue. How did a few clicks and key-presses result in such a heavy sentence?
The answer lies somewhere within the hazy phrases and fuzzy statutes that govern this area of the law. Traditional crime exists in a cut-and-dry physical world. For cybercrimes, everything changes. A single action on the internet can involve layer upon layer of checks, permissions, and validations. Every internet service provider, application, and web site has its own documentation dozens of pages long that outlines its terms of use and service, most of which are ignored completely. A problem then arises when this heap of strictly enumerated digital agreements is subject to laws such as the Computer Fraud and Abuse Act, which condemns vague acts of “exceeding authorized access”. With the Internet’s fluidity of authorized access, a violation of one agreement could propagate violations in multiple other contracts, opening up the door for prosecutors to follow this interpretation to whatever extent desired.
A similar complication exists for wire fraud within the Communications Act Amendments. The definition of wire fraud dictates it as a “scheme to defraud, or for obtaining money or property by means of false pretenses, representations, or promises”. While “false pretenses” occupy a large enough category of subterfuge in the physical world, it contains the possibility for even more online, where an “identity” is comprised of a significant number of codes and addresses. For example, Swartz’s charges come from changing his IP and MAC addresses to conceal his identity—two adjustments that can be done right from Windows menus. Under this precedent, the notion of “false pretenses” can be extended to include a variety of techniques that everyday users employ to retain anonymity. In a realm where namelessness is valued, false pretenses such as these can be brought up whenever convenient.
A body of law must remain current if it is to remain applicable. Just as the invention of new guns should effect a change in the law concerning firearms, so should the progression of technology change the regulation of cybercrime. Following Swartz’s trial, interest groups have pushed for the amendment of many of these laws in an attempt to turn the open-ended legal jargon into applicable, technical terms. One such proposition by Representative Zoe Lofgren, dubbed “Aaron’s Law”, attempts to deal specifically with the terms of service agreements that could possibly fall under the umbrella of “unauthorized access”. Multiple such amendments could soon begin to transform these vague guidelines into an actually relevant body of law.
Modern automobile law is not dictated by the horse-and-buggy laws of the 18th century. There is no reason for the antiquated and outdated laws regarding cybercrime to govern the Internet of today.