Congress debates update of aging cybercrime law

Thirty years ago, the Macintosh was a new product, and the Internet was the little-known realm of the federal government and academia. That’s when 1984 Computer Fraud and Abuse Act — the guiding law that still defines and governs cybercrimes — was born.

In dealing with computer-related wrongdoing in 2013, though, there are few who believe the law remains adequate, fair or modern enough to apply. But if there’s broad agreement that the CFAA sorely needs an update, dueling draft bills in the House illustrate dramatic differences among possible directions to go — stricter, looser or a combination. The Justice Department and some in Congress, alarmed by a rise in major cybersecurity crimes, want stiffer penalties for hacking. That effort, though, faces fierce pushback from a coalition of Internet activists and civil rights groups who want to ease or remove certain types of prosecutions and lighten penalties. CFAA reform was already looming, but the suicide of 26-year-old Reddit co-founder Aaron Swartz in January helped galvanize groups to change the law so that not all hacking is considered the same and to make penalties less draconian in some cases. Swartz killed himself as he faced up to 35 years in prison and a $1 million fine after prosecutors alleged he stole more than 4 million documents from the JSTOR database of academic research papers at MIT.