|
This, to be fair, is the biggest problem with the CFAA. It's sort of an inchoate statute (you generally use computers as a means to conduct other offenses --- in fact, some of the reason we have a CFAA in the first place is that legislators felt that there weren't statutes that addressed computer crimes that didn't have immediate financial benefits, which themselves could be charged as fraud). The major sentencing knob CFAA comes with is 2B1.1(b), which is a table of offense level by dollar loss incurred. There are crimes where I think 2B1.1(b) probably makes sense (like, if you're literally stealing, or deliberately incurring monetary damage --- remember, your intent in committing a crime is extremely important, despite a common message board belief that it is somehow unknowable and a non-factor in legal decisions). But in a lot of cases, it's literally just the induction variable in a loop, and it makes no sense to boost an offense by 10 levels because you wrote "2000" in your for-loop instead of "20". It's 2B1.1(b) that takes you from offense level 8 (0-6 months, probation eligible) to level 24 (5 years) based on 2 million dollar of incurred loss. Again, though: the 2 million dollar figure is highly implausible. Prosecutors could have argued for it (they can argue anything they want), but it's hard to see them getting it for a non-remunerative crime that involved publishing academic journal articles. Swartz's attorney was probably a bit rosey-eyed here, though: figure any charged computer offense probably incurs losses at least in the mid-5 figures (almost mechanically, because real companies have insurance obligations to conduct external forensic investigations when incidents like this happen), and you get to a year and change sentence pretty easily. |
Actually this ran in parallel with the tail end of the Jammie Thomas-Rasset lawsuit, in which the various damage figures thrown around for sharing two albums' worth of stale, degraded-quality top-40 songs did include one in the seven-figure range.