Header graphic for print
Trading Secrets A Law Blog on Trade Secrets, Non-Competes, and Computer Fraud

Computer Activists Take Over Sentencing Commission Website

Posted in Computer Fraud and Abuse Act, Legislation

Anonymous, the aptly named anonymous collective of hackers, hacked into the United States Sentencing Commission’s website on January 23 to protest the government’s prosecution of Aaron Swartz, who committed suicide last month. The group initially hacked the site on Friday January 22, replacing the contents of the site with its own video. In the video, which has since been taken down, but still exists elsewhere on the internet, Anonymous denounced the government’s prosecution of Swartz. According to Anonymous’ statement in the video, “a line was crossed” when Swartz, facing ‘a twisted and distorted perversion of justice,’ decided to kill himself.” According to Anonymous, it was time to do something, now that “several more of our brethren now face similar disproportionate persecution.” The website was taken offline and restored to its proper formatting, but by Sunday, Anonymous had hacked the site again, replacing it with a game of Asteroids which the visitor must play to reveal the message, “We do not forgive, we do not forget.”

According to Anonymous, the hacking was designed to call attention to “the federal sentencing guidelines which enable prosecutors to cheat citizens of their constitutionally-guaranteed right to a fair trial.” In the group’s statement, which was posted on the Sentencing Commission’s website along with a ten minute video, the group stated, “the time has come to give this system a taste of its own medicine. The time has come for them to feel the helplessness and fear that comes with being forced into a game where the odds are stacked against them.” According to the statement, the group chose the U.S. Sentencing Commission’s website because of its symbolic nature: “ the federal sentencing guidelines. . . enable prosecutors to cheat citizens of their constitutionally-guaranteed right to a fair trial, by a jury of their peers [and] are in clear violation of the 8th amendment protection against cruel and unusual punishments.”

In its statement, Anonymous pushes for “reform of outdated and poorly-envisioned legislation.” The group objects to legislation like the Computer Fraud and Abuse Act, which is “written to be so broadly applied as to make a felony crime out of violation of terms of service, creating in effect vast swathes of crimes, and allowing for selective punishment.” The group also pushes for a reform of mandatory minimum sentencing, and for laws to be upheld “unselectively, and not used as a weapon of government to make examples of those it deems threatening to its power.”

Anonymous is reportedly planning to release a number of files (which the group refers to as “warheads”) named after the justices of the United States Supreme Court. According to the ABA Journal, the files are heavily encrypted, and no explanation has been offered as to what the files contain. Anonymous has threatened to release heavily redacted partial contents of the encrypted files to a media outlet, however, the release of these files has yet to occur.

Richard McFeely, the executive assistant director FBI’s Criminal, Cyber, Response Services released a statement in response: “We were aware as soon as it happened and are handling it as a criminal investigation. We are always concerned when someone illegally accesses another person’s or government agency’s network.”

It remains to be seen whether Anonymous will actually release any files or whether this is simply a ploy in the struggle for legal reform. Regardless, Anonymous’ actions are just the latest in a growing push for legal reform in the wake of Aaron Swartz’s death.

A push for legal reform is also occurring in the US House of Representatives, where Darrell Issa (R-California) and Elijah Cummings (D-Maryland) of the House Oversight Committee authored a joint letter to Attorney General Eric Holder regarding Aaron Swartz’s criminal prosecution. The letter questioned the procedural standards applied in the case, including the “factors that led to the decision to prosecute Swartz, along with key decisions after the case began.” The letter also asks if Swartz’s political advocacy was considered relevant in deciding whether to prosecute Swartz. The Justice Department (“DOJ”) has agreed to brief the two congressmen, however, the Huffington Post notes that the DOJ “has been fighting” efforts to reform the Computer Fraud and Abuse Act, according to a congressional staffer familiar with legislative discussions.

In addition, Aaron’s law, the legislation recently proposed by Representative Zoe Lofgren (D-California), has undergone revisions, and is gaining additional support in Congress. According to Representative Lofgren, the draft has been revised to explicitly exclude “breach of terms of service or user agreements as violations of the CFAA or wire fraud statute.” Additionally, changing or disguising an IP or MAC address on its own is not sufficient to constitute a CFAA violation. Furthermore, the revised draft further limits the CFAA’s scope by defining “access without authorization” as the” circumvention of technological access barriers.” Ms. Lofgren has begun to solicit co-sponsors in the House of Representatives for the bill. Additionally, Senator Ron Wyden (D-Oregon), who was involved in the revisions of Aaron’s Law, is poised to sponsor the bill in the Senate. Senator Wyden has begun to talk to members of both parties about how to modify the CFAA. According to Senator Wyden, “This is going to take some time, and as with everything in this area, you try to look for what can actually get accomplished because you have people with very strong views. But to me, if you start with that basic proposition — this law as currently written just kind of defies common sense — then I think that there’s an opening.”

Aaron Swartz’s death is likely to lead to additional calls for reform in the coming months, as well as changes in the law. We will continue to keep you informed of further developments on the Computer Fraud and Abuse Act.