The law provides for penalties of up to life in prison for hacking. Prosecutors allegedly led Swartz into believing he faced 35 years in prison for his actions -- a prospect that is believed to have spurred his decision to kill himself.
The CFAA, drafted by Congress in 1986, was originally designed to deter criminal hacking for data theft or sabotage. Critics of the law say that its loose definition of key terms, like those related to unauthorized access and exceeding authorized access, have allowed creative prosecutors to apply the CFAA to a broader set of circumstances.
The critics have noted that over the years hardline prosecutors have used the law to criminalize such transgressions as violating a website's terms of service agreements or a company's internal computer use terms.
People have been indicted under the law for creating email accounts and social media profiles using fake email addresses. Others have been banned from logging onto specific websites for not adhering to the site's terms of service agreements. Theoretically at least, the law makes it a felony to provide fake information when filling out a social media profile, the law's critics say.
They also say that even misdemeanors become felonies with disproportionately punitive punishments under CFAA.
Aaron's Law, introduced last June by Sen. Ron Wyden (D-Ore.) and Reps. Zoe Lofgren (D-Calif.) and Jim Sensenbrenner (R-Wisc.) sought to address some of the issues by deleting certain terms and tightening the definition others.
With its failure to advance, however, change has remained elusive.
"I don't think we are any closer to CFAA reform than we were a year ago," said Eric Goldman, a professor at the Santa Clara University School of Law. "Any reform impetus that was spurred by Swartz's death has probably dissipated."
Some federal courts have begun to make a "brighter distinction" between intruders, who never had authorization to access a third party's computer, and legitimate users, who lost or exceeded their access, he said.
Despite this, "we still need structural CFAA reform, and we need similar changes in overbroad state computer crime laws," Goldman said.
Shawn Tuma, an attorney with the law firm BrittonTuma in Plano, Texas, who has defended clients in CFAA lawsuits, said the real problem is not with the law, but the manner in which prosecutors have applied it.
"I think the CFAA is a powerful and good tool," Tuma said. "But we have seen some horrible abuses [of the law] by government," he said.
The law needs to be revised in order to allow for lesser charges such as misdemeanors, Tuma said. "I don't agree with felony charges for terms of service and contract violations."
Sign up for Computerworld eNewsletters.