Last week a friend asked me to explain why the death of internet activist Aaron Swartz has become such a media sensation. What he knew is what's been commonly reported since Swartz's suicide in New York on Jan. 11: Swartz was an "internet folk hero"—a brilliant programmer and a leader of the fight against SOPA (the draconian Stop Online Piracy Act)—who broke into the computer system at the Massachusetts Institute of Technology and downloaded millions of scientific articles. The federal government cracked down hard on him, and he decided to kill himself rather than go to trial.
What's been lost in the coverage of "hacker" Swartz's "cybercrime"—as I've seen him and it described—is a lot of nuance. U.S. Attorney Carmen Ortiz, who led the case against him, attempted to portray Swartz's actions as a massive, brazen heist. The reality is that Swartz exploited a loophole in MIT's computer system that allowed him to download more articles—many more—than you're supposed to from JSTOR, aka Journal Storage, a repository of academic journals. The articles were obviously not meant for personal use, and there's no black market for stolen scientific articles. Instead, Swartz's actions were intended to draw attention to the scope of knowledge that is locked up in systems like JSTOR's.
If you go back and read Aaron Swartz's Guerrilla Open Access Manifesto, published in July 2008, it's easy to understand his motivations for the stunt: "The world's entire scientific and cultural heritage," he wrote, "published over centuries in books and journals, is increasingly being digitized and locked up by a handful of private corporations. ... Forcing academics to pay money to read the work of their colleagues? Scanning entire libraries but only allowing the folks at Google to read them? Providing scientific articles to those at elite universities in the First World, but not to children in the Global South? It's outrageous and unacceptable."
Though Swartz had the wherewithal to publicly release the downloads, he never actually did. In fact, he later returned them to JSTOR, which settled any claims it might have had against him and opposed his prosecution.
Still, the federal government smelled blood, and Ortiz and her team found a loophole of their own: They could threaten rather breathtaking punishment -- 26-year-old Swartz was charged with 13 felonies and faced $4 million in fines and more than 50 years in prison in his trial set to start this April -- by exploiting outdated provisions of the Computer Fraud and Abuse Act of 1986. (Under federal law, Swartz would have faced less prison time if he'd committed manslaughter.)
And here's where the story gets personal -- relevant to you -- dear reader.
Simply put, you are most likely a criminal given the same sort of broad reading of the CFAA that Ortiz's office used to go after Swartz.
As Tim Wu, a Columbia Law professor, wrote in The New Yorker, "Just last year, the Ninth Circuit Court of Appeals threw out a ... prosecution [similar to the U.S. Attorney's case against Swartz]. Chief Judge Alex Kozinski, a prominent conservative, refused to read the law in a way that would make a criminal of "everyone who uses a computer in violation of computer use restrictions—which may well include everyone who uses a computer.'"
I dug deeper into the court's majority opinion and spotted this passage:
"Minds have wandered since the beginning of time and the computer gives employees new ways to procrastinate, by g-chatting with friends, playing games, shopping or watching sports highlights. Such activities are routinely prohibited by many computer-use policies, although employees are seldom disciplined for occasional use of work computers for personal purposes. Nevertheless, under the broad interpretation of the CFAA, such minor dalliances would become federal crimes.... Ubiquitous, seldom-prosecuted crimes invite arbitrary and discriminatory enforcement."
In a footnote, the court added, "Enforcement of the CFAA against minor workplace dalliances is not chimerical. Employers have invoked the CFAA against employees in civil cases. In a recent Florida case, after an employee sued her employer for wrongful termination, the company counterclaimed that plaintiff violated section 1030(a)(2)(C) [of the CFAA] by making personal use of the internet at work -- checking Facebook and sending personal email -- in violation of company policy."
The court's message: Bad laws can and will be used against you. All it takes is a prosecutor looking for a trophy case -- someone willing to swat a fly with a sledgehammer to make a point.
Simon Dumenco is the "Media Guy" media columnist for Advertising Age. You can follow him on Twitter @simondumenco.