>Beyond that, I worry that what geeks hope for is a situation where the plain language of the law protects them from "overcharging". That's never going to happen. A zealous prosecutor is going to be able to make your life miserable no matter what. That's the problem we need to address.
I don't know if overcharging is an unsolvable problem. "Plain language" may not be the right approach, but taking the excessive breadth and poor wording out of existing legislation would go a long way toward removing the number of felony counts a prosecutor can "legitimately" charge a typical bystander with.
Here are a couple of examples: A lot of these laws have threshold amounts of property that have to be in question before someone can be guilty of the crime. (And the amounts haven't been adjusted for inflation in several decades, which we could easily fix too.) But the real trouble there is that we take the amounts and then shovel a whole bunch of questionable nonsense into what can qualify. If I'm reading Prof. Kerr's analysis correctly, if someone breaks into your computer and you hire someone to clean it up, that goes in. You're paying them, so just pay them enough to hit the threshold and you've made a felon of the accused. It seems the value of intangible works goes in, so you bring in the copyright mathematicians who say one copy of one work is worth $150,000, which makes that element of the charge totally redundant in virtually every single case involving a computer, because all computers do is send data to one another, and virtually all data is copyrighted, so you copy one work and it exceeds the threshold and you're guilty of a felony. So let's take the ability to count all of that sort of thing out of that requirement and only include actual cash money or tangible physical products with specific market values, and if you want to have criminal copyright statutes or trade secret misappropriation statutes with appropriate penalties then let them be separate from statutes originally intended to deal with fraud and sabotage.
Then we can get rid of the vagueness. "Unauthorized access" is nonsense words. If someone is guilty of fraud, charge them with fraud. If someone is guilty of copyright infringement, sue them. If someone accesses a computer without authorization and hasn't committed any other offense whatsoever, use technological measures to prevent future access and don't charge them with anything.
Furthermore, we can do something about the maximum penalties. 35 years is insane. It's insane for actual hardened criminals -- bank robbers often go to jail for five years. Murder is on the order of 25 to life. We can make the maximum penalty for any computer crime that isn't also a serious non-computer crime something like 364 days.
Is that the sort of thing you mean to do to check over-zealous prosecutors, or did you have something else in mind? Because I'm open to suggestions. And we can do both.
A problem with this analysis is that Swartz was charged with fraud.
There is no question, at least none I can find anywhere, that Swartz was overcharged, and that requiring prison time from a plea deal or a threat of 6-7 years in prison was unreasonable. The problem we face is that prosectors aren't held accountable for failures to exercise discretion. In Chicago, a local prosecutor pursued a felony charge against someone who recorded two internal affairs officers. She was roundly castigated in the media for doing so, but won reelection handily, because nobody pays any attention to what prosecutors are doing.
It may very well be that the problem here is lack of funding for prosecutors and the courts; that we should give them more money, instead of playing a futile game of whack-a-mole when problems like this happen, so that we can make saner decisions about prosecuting people and not immediately push every case into a tragic game of chicken.
>A problem with this analysis is that Swartz was charged with fraud.
That's what I'm saying. We should change the definition of "computer fraud" and other felonies so that they no longer cover what Swartz is alleged to have done.
Computer fraud should cover breaking into Amazon's order processing system and modifying the database so that they ship you $50,000 worth of jewelry without you paying for it. What Swartz allegedly did is more accurately characterized as something like excessive use or (for entering the network closet) physical trespass, for which the maximum penalty should be a modest fine along the lines of a speeding ticket. There should exist no felony charge available for prosecutors to use whose text can be legitimately said to cover his actions. All felonies should require extremely serious harm, such as personal injury or death, physical damage, or depriving others of extremely high value property explicitly for the purpose of personal financial gain. In all other cases there may be an offense but it should not be a felony, and we can work to have the law changed to reflect that.
I understand that even if we do that, it may be possible for prosecutors to file totally fictitious charges against their targets, but in those cases at least in theory it should be trivial for the defendant's lawyer to win quickly with a motion to dismiss, unless law enforcement is going so far as to fabricate evidence and the like, which is a different class of problem.
>It may very well be that the problem here is lack of funding for prosecutors and the courts; that we should give them more money, instead of playing a futile game of whack-a-mole when problems like this happen, so that we can make saner decisions about prosecuting people and not immediately push every case into a tragic game of chicken.
I agree with this as long as you concede that the only way it will be possible is to drastically reduce the number of accused somehow. If we prosecuted significantly fewer criminals (for example because we repealed many of the unnecessary laws that they are now prosecuted under) then we can easily afford to spend more resources on each case. I don't think the alternative will be possible: Spending significantly more per case without significantly reducing the number of cases would be prohibitively expensive, because there are currently so many people accused of serious crimes.
He's not accused of overusing JSTOR's systems so much as he is accused of intentionally copying their whole database so he could deliver them to file sharing networks. That action would have seriously harmed JSTOR.
I think we could reasonably argue about that; the entire database is freely available to anyone who goes into a major university library, etc., and unless posting the articles resulted in universities ceasing to subscribe to JSTOR (which seems unlikely) then they lose no significant revenue. But this is going off on a tangent.
Even if I concede that JSTOR would be financially harmed, it still shouldn't be a felony. Let them sue him for copyright infringement.
I guess I'm not willing to consider intrusion for the purpose of getting broadly-available content to be in the same category as theft of PII or theft of real secrets intended to remain secret, and none of these in the same category as modifications or destruction.
I don't know if overcharging is an unsolvable problem. "Plain language" may not be the right approach, but taking the excessive breadth and poor wording out of existing legislation would go a long way toward removing the number of felony counts a prosecutor can "legitimately" charge a typical bystander with.
Here are a couple of examples: A lot of these laws have threshold amounts of property that have to be in question before someone can be guilty of the crime. (And the amounts haven't been adjusted for inflation in several decades, which we could easily fix too.) But the real trouble there is that we take the amounts and then shovel a whole bunch of questionable nonsense into what can qualify. If I'm reading Prof. Kerr's analysis correctly, if someone breaks into your computer and you hire someone to clean it up, that goes in. You're paying them, so just pay them enough to hit the threshold and you've made a felon of the accused. It seems the value of intangible works goes in, so you bring in the copyright mathematicians who say one copy of one work is worth $150,000, which makes that element of the charge totally redundant in virtually every single case involving a computer, because all computers do is send data to one another, and virtually all data is copyrighted, so you copy one work and it exceeds the threshold and you're guilty of a felony. So let's take the ability to count all of that sort of thing out of that requirement and only include actual cash money or tangible physical products with specific market values, and if you want to have criminal copyright statutes or trade secret misappropriation statutes with appropriate penalties then let them be separate from statutes originally intended to deal with fraud and sabotage.
Then we can get rid of the vagueness. "Unauthorized access" is nonsense words. If someone is guilty of fraud, charge them with fraud. If someone is guilty of copyright infringement, sue them. If someone accesses a computer without authorization and hasn't committed any other offense whatsoever, use technological measures to prevent future access and don't charge them with anything.
Furthermore, we can do something about the maximum penalties. 35 years is insane. It's insane for actual hardened criminals -- bank robbers often go to jail for five years. Murder is on the order of 25 to life. We can make the maximum penalty for any computer crime that isn't also a serious non-computer crime something like 364 days.
Is that the sort of thing you mean to do to check over-zealous prosecutors, or did you have something else in mind? Because I'm open to suggestions. And we can do both.