A large group of “security researchers, academics, and lawyers” have signed onto a letter to Congress demanding that lawmakers enact “Aaron’s Law,” which would reform the antiquated and terrible Computer Fraud and Abuse Act, which US prosecutors claim makes violating online terms of service into a felony punishable by imprisonment. This is the law that was used to persecute Aaron Swartz, who was accused of violating terms of service by automatically downloading academic articles, rather than accessing them one at a time. The federal prosecutor threatened Aaron with 35 years in prison.
While seldom heralded publicly, security researchers in academia, industry, public service, and independent practice work to identify serious security shortcomings in systems ranging from medical devices to voting machines to cloud services to critical national infrastructure. This research and investigation is especially urgent as we find ourselves integrating computers into our homes, vehicles—even our bodies. The security research community stands ready to meet that technical challenge, but we need Congress to clear legal hurdles out of our way.