What Aaron did sounds seriously sketchy (sneaking into MIT wiring closets, trying to download the entire database, etc.), a fact that Demand Progress and several commenters here seem to be ignoring.
Defending his actions would require a very strong, multi-pronged version of the argument "if it's physically / technologically possible, it must be ok." Can MIT legally limit guest access to its network? Can JSTOR limit access to its content? Well, technically, their software didn't limit it, right? He just changed his IP address and they let him right back on, gave him permission. And then he had to change his MAC address. And then physically move to a different building.
But it doesn't matter anyway, because legal restrictions are legal restrictions. It's impossible to enforce every legal restriction in software. Put another way, we don't have to read JSTOR's server code to figure out if there's a violation of policy here -- the policy is written out as a legal document.
In the hacker world, there's a tendency to think that if something's possible, even easy, then it shouldn't be considered "breaking in" or "stealing." If my Gmail password is "password," then of course you're going to read my email! I had it coming. In the real world, though, this is still a crime.
Right, because the standard penalty for trespass onto campus property is a federal indictment. Good thing no MIT student has ever snuck into a restricted area before.
Even with MIT's charitable (but declining) tolerance towards student hacking/pranking, they take a very dim view of non-students doing the same (even alumni).
There used to be considerable tolerance of Harvard students doing pranks at MIT also, since Harvard/MIT had a bit of a prank-exchange rivalry (though MIT students engaging in shenanigans on the Harvard campus is more common than vice-versa).
Is this worse than the sort of thing that goes on in the early days of most startups, including our most revered? People around here have a lot of respect for pg, rtm, tlb and their startup Viaweb - go back to "Founders at Work" and read how they got computer time needed to get the startup going. That kind of thing is practically universal in startups. The good ones, anyway.
So Aaron appears to have cut some corners in getting an interesting project off the ground. Slap him on the wrist.
Well, this again is a very hacker-centric perspective. Even if it's truly important that someone be able to surreptitiously copy all of JSTOR once in a while for the sake of innovation, who is in a position to let him off based on that?
Plus, putting everything else aside and evaluating him as a hacker, he doesn't come out looking too good. If he'd scraped all of JSTOR without getting caught, it would make a better story. As it is, he attracted a lot of attention, and the report of how he was caught has an air of inevitability to it. JSTOR called up MIT, MIT was looking for him, and he gave them a lot of time to find him.
Defending his actions would require a very strong, multi-pronged version of the argument "if it's physically / technologically possible, it must be ok." Can MIT legally limit guest access to its network? Can JSTOR limit access to its content? Well, technically, their software didn't limit it, right? He just changed his IP address and they let him right back on, gave him permission. And then he had to change his MAC address. And then physically move to a different building.
But it doesn't matter anyway, because legal restrictions are legal restrictions. It's impossible to enforce every legal restriction in software. Put another way, we don't have to read JSTOR's server code to figure out if there's a violation of policy here -- the policy is written out as a legal document.
In the hacker world, there's a tendency to think that if something's possible, even easy, then it shouldn't be considered "breaking in" or "stealing." If my Gmail password is "password," then of course you're going to read my email! I had it coming. In the real world, though, this is still a crime.