Hackers and hacking have been much in the news recently - for all the wrong reasons, unfortunately. The most dramatic case, perhaps, was the suicide of Aaron Swartz. He was threatened with 35 years in prison, partly for this:
a terms-of-service violation: when Swartz tried to download thousands of academic articles, he did so as an authorized guest user of the M.I.T.network. He didn't actually "hack" or "break" into the network; he violated the terms of service for guests by downloading too much stuff.
That's possible thanks to the US Computer Fraud and Abuse Act:
the most outrageous criminal law you've never heard of. It bans "unauthorized access" of computers, but no one really knows what those words mean. Orin Kerr, a former Justice Department attorney and a leading scholar on computer-crime law, argues persuasively that the law is so open-ended and broad as to be unconstitutionally vague. Over the years, the punishments for breaking the law have grown increasingly severe-it can now put people in prison for decades for actions that cause no real economic or physical harm.
Indeed, here's an example from just last week:
Today in astonishing prison time for computer crimes: Andrew 'weev' Auernheimer has been sentenced to 41 months in jail, pretty much because he handed over some iPad email addresses to Gawker. Yes, that's a very long time for something that might not even be considered a crime. In addition, Auernheimer has to pay $73,000 to AT&T, all allegedly because he obtained "unauthorized access" to AT&T's information. The feds are using the now all too familiar charge of conspiracy to access a computer without authorization, along with a count of identity fraud - both of which Auernheimer was found guilty of back in November - to back up the three-plus years in prison, which he's appealing.
And here's another:
Keys who was terminated from the Tribune Company before he allegedly helped hackers from Anonymous break into the Los Angeles Times website and deface a single article. It was fixed within 30 minutes.
The suggested punishment for this crime?
up to 25 years in prison and $750,000 in fines for a few keystrokes.
As the last article points out:
Keys would've been better off putting his old Tribune boss in the hospital. Indeed, the maximum penalty for aggravated assault is 25 years in prison, based on the state. In New York, the fine cannot exceed $5,000. So should the criminal justice system treat computer nerds like violent criminals? Is it equally as harmful to society when a hacker replaces a headline on a news site with a weird joke - that's basically all Anonymous did with Keys' help - as it is to beat someone with a crowbar? Most reasonable people probably wouldn't think so, but it seems like federal prosecutors are not reasonable people, when it comes to computer crimes.
Sign up for Computerworld eNewsletters.