A Year After Aaron Swartz’s Death, Our Terrible Computer Crime Laws Remain Unchanged

Aaron Swartz, 2009
Aaron Swartz at a Boston Wiki Meetup in 2009.

Photo courtesy Sage Ross/Wikimedia Commons

On Jan. 18, 2013, one week after Aaron Swartz committed suicide, a group of his friends and admirers gathered in the lobby of the MIT Media Lab to commemorate Swartz’s life and mourn his death. On one side of the room, the event’s organizers had unfurled a homemade banner. For about an hour that night, I watched people approach the banner, grab a marker, and scribble their thoughts. The most memorable was a skinny kid in a sweatshirt and ugly sneakers, who scrawled, “We will continue.”

When I profiled Aaron Swartz for Slate last February, I concluded my story with this anecdote. It was a powerful moment, one that’s stuck with me even though I can’t be entirely sure what that kid meant by his handwritten message.

Continue with what, exactly? That’s been the question that Swartz’s colleagues and acolytes have been trying to answer in the year since his death. Swartz’s busy, complicated life defied easy categorization. He was a programmer who didn’t like to be called a programmer, an Internet millionaire who was deeply ambivalent about Silicon Valley. People called him an “Internet activist,” but he was becoming less interested in “Internet issues” with every passing year. He jumped from project to project, cause to cause, and while this restlessness is part of what makes him such a widely heralded figure—so many groups are able to claim him as their own—it also makes his life difficult to distill into bullet points.

The Department of Justice was perhaps the one group that didn’t have trouble summarizing Aaron Swartz. To the DoJ, he was a computer criminal.

Nobody really knows why Swartz decided to kill himself on Jan. 11, 2013, but those closest to him believe that the criminal charges against him had a lot to do with it. For almost two years, Swartz had been in trouble for accessing the computer network at the Massachusetts Institute of Technology—where he was neither enrolled nor employed—and downloading almost 5 million journal articles from the online database JSTOR. When he hanged himself in the small Brooklyn apartment he shared with his girlfriend, he was facing charges that theoretically could have brought him 50 years in prison.

Swartz’s lawyers were prepared to argue that Swartz had committed no crime and done no lasting damage, and that his use of the MIT network had been tacitly authorized, thanks to the school’s “extraordinarily open” computer network. Even if you disagree with this argument, it is hard to argue that any of Swartz’s actions merited prison time. But the DoJ has not wavered from its contention that the charges were appropriate. In an appearance before the Senate Judiciary Committee last March, Attorney General Eric Holder called the Swartz case “a good use of prosecutorial discretion.” Neither U.S. Attorney Carmen Ortiz nor her associate Stephen Heymann have faced any sort of public reprimand for their handling of the Swartz case—and why would they? Ortiz and Heymann were doing nothing different than what federal prosecutors have done for decades: threatening alleged criminals with disproportionately large sentences in hopes of securing a plea bargain, thus avoiding the expense and effort of a full-fledged trial. These 50-year threats are all part of the game that prosecutors play.

In Swartz’s case—and in the case of Andrew “Weev” Auernheimer, Matthew Keys, and many others—the prosecutors were aided by the Computer Fraud and Abuse Act, the terrible computer-crime statute that allows ambitious, hardline prosecutors to willfully characterize minor transgressions as malicious criminal activity.

The CFAA became law in the 1980s in the days before the World Wide Web and widespread personal computing, and was meant to deter hacking into systems maintained by the government or financial institutions. The legislation has not kept pace with the times. Today the CFAA allows prosecutors to charge defendants for “exceeding authorized access”—a vague term that could be defined as something as benign as violating a website’s terms of service—to “protected computers,” which essentially means any computer with an Internet connection. It is ripe for prosecutorial abuse.

After Swartz died, Rep. Zoe Lofgren, D-Calif., announced that she would introduce a bill called “Aaron’s Law,” which would reform the CFAA. Among other things, the bill would clarify the definition of “authorized access” and impose some limits on the CFAA. Aaron’s Law would also make it more difficult for prosecutors to threaten CFAA violators with excessive felony sentences, which would be a welcome development.

While Aaron’s Law has stalled, thanks to standard Washington inertia and a general political reluctance to appear soft on crime, Swartz’s friends and supporters remain intent on legislative reform, either through Lofgren’s bill or some other measure. Such a move would be a fine way to honor Swartz’s memory. Because Aaron Swartz was a lot of things, but a “computer criminal” was not one of them.

(Note: I am currently writing a book about Swartz, copyright activism, and the rise of the free culture movement. If you want to learn more about the project, or receive periodic updates about the writing and reporting process, send me an email at