All well and good but the issue goes deeper than reforming any one law. At the end of the day what's needed is curbing prosecutorial overreach, and holding prosecutors accountable when it happens. Sending somebody to jail unfairly is a crime, and should be treated as such.
> Sending somebody to jail unfairly is a crime, and should be treated as such.
Very interesting take on things. I'm not sure if it would create a huge legal mess when a federal prosecutor is doing his or her job at prosecuting someone who's probably innocent.
First, Google didn't sneak into a closet at MIT and surreptitiously plug into their physical network. Second, Google has formerly coordinated with JSTOR to index its content. Third, Google doesn't bypass the paywall--it just links to freely available copies if they are available outside JSTOR.
So aside from the fact that it's completely different, you're right, it's exactly the same.
The articles Swartz intended to post online were in the public domain. Google does the exact same thing with public domain and copyright-protected books through the Hathi Trust and their own Google Books site.
The raw court filings refute this argument, which I think is probably folkloric. JSTOR did release many articles to the public domain, but they appear to have been a small subset of the total Swartz captured.
Aaron had every right to access JSTOR and did not bypass any paywall (I have the same access). He also had every right to access MIT's network, just like any other member of the general public does. The one thing you mentioned that might have been a crime was to enter a closet without permission, but he was not even prosecuted for that one.
1. He used the network closet because they booted him off of the wireless network.
2. He changed his MAC address because they blocked his old one.
I don't think that this alone should be enough for a conviction though. For instance, he wasn't privy to the reason that his network connection wasn't working anymore (so far as the MAC address was concerned). The prosecutors wanted to argue that changing the MAC address was a purposeful attempt to thwart restrictions, but from the outside he couldn't have known why the old MAC was no longer working.
3. Instead of using Harvard's network and signing up with his own name, he used MIT's network (which is open to the public) and signed up for access with a fake name. The prosecutors would have argued that this was his way of hiding his identity because he knew what he was doing was wrong.
4. The US Department of Justice has had a hard-on to expand the hacking statutes to cover "any crime with a computer." See the case about the MySpace/Facebook mother that drove her daughter's classmate to suicide. They tried to go after her for 'hacking' into the website because she signed up with a fake name which is against the Terms of Service (i.e. "unauthorized access" to the website).
For your point #4, I don't think the prosecutors were specifically trying to go after another _hacking_ conviction (to expand the statutes), but they were reaching for any law that could apply, since what the woman did (emotionally harassing a minor until driving her to suicide [allegedly]) was considered to be abhorrent but not in itself illegal -- just like the prosecutor's conduct with Arron. And in our society, any time something tragic happens people feel that someone has to be held accountable.
Problem is, once a law is used for a new use, no matter how virtuous it is, it will now be seen as one of the tools in the toolbox for prosecutors to punish people. Many of those new uses will not be looked on favorably, either.
There would be significant fallout from setting a precedent that violation of a website's Terms of Service constituted a Federal crime with punishment up to 35 years in prison, no matter how much we dislike the person being prosecuted.
> He also had every right to access MIT's network, just like any other member of the general public does.
You're conflating two networks. He had every right to access the public wifi network at MIT, which has numerous security and bandwidth-control mechanisms in effect.
He did not have every right to connect directly to MIT's core network infrastructure, which bypasses most of the above.
Was it properly labeled? Presumably some ports (outside of closets) don't go into the core; did he actually try and fail with one of those before going to the closet?
If an MIT professor left his laptop plugged into one of the public ports downloading a linux tarball unattended over night, is he liable under CFAA? What the professor left it in the unlocked closet instead, to minimize the risk of getting his laptop stolen?
I don't even know what to make of this. You think you need a label to tell you that you shouldn't open up random network closets at MIT (a billion dollar a year defense contractor) and plug in your laptop?
Then charge him with trespassing. To charge him under CFAA due to him getting on the privileged part of the network, I think you should have to show he knew it was the privileged prat of the network. Maybe they had evidence that he did, but just connecting his laptop in a closet after covering his face with a bike helmet isn't evidence of hit.
He could have covered his face after his experience with PACER where he was legally in the right, but still got hounded by the FBI.
> To charge him under CFAA due to him getting on the privileged part of the network, I think you should have to show he knew it was the privileged prat of the network. Maybe they had evidence that he did, but just connecting his laptop in a closet after covering his face with a bike helmet isn't evidence of hit.
To indict someone, you don't have to prove your interpretation of the facts. You have to present evidence that supports your interpretation of the facts. The fact that he hid is face is perfectly reasonable evidence to suggest he knew he was accessing MIT resources he should not have, sufficient to support an indictment.
Now, maybe he could have argued that he nonetheless didn't know it wasn't meant for public access. I doubt the prosecutor would have believed that claim, or a jury. I don't believe it, and I honestly don't think you believe it either. So why drag us both down this ridiculous hypothetical?
The miscarriage of justice here is that they dropped the trespassing charge because the CFAA charge was so much more lucrative. There is no reason a minor network intrusion should carry a firmer penalty than an equivalent physical trespass. I wholeheartedly agree on that point. But to make the stronger argument that Aaron did nothing wrong, you have to put aside common sense to the point where you're arguing that a grown man didn't know he wasn't supposed to be doing something when even a child could have parsed the situation correctly.
Not much. This is not about him doing something dangerous, this is about a government agency trying to set an example clearly pressured by businesses.
In Aaron´s case it wasn't even the affected part putting the pressure, but a whole industry that feels threatened by what 'hackers' can do with easy-to-access information. They don't feel threatened by google because if it infringes a law they know they can sue and settle for several millions, but they know they can't stop hackers sitting in a computer in their homes or a public library, so they need to scare them away with preemptive strikes.
It Aaron's dead results in a change of this policies, not only lives but innovation will be saved and at least his dead won't been in vain. Hopefully.
"Hackers" who access information they're not permitted to just because they can, against the law, are not to be lionized. They're nothing more than thugs and bullies, who think that their special talents give them the right to violate the rights of other people. The only difference is that their special talent is computer skills instead of physical strength.
I think if anything it's a disservice to Aaron's cause to mix him up with hackers who access information just "because they can" not to make some more meaningful point.
| this is about a government agency trying to set
| an example clearly pressured by businesses.
Which businesses? JSTOR recommended that the DoJ drop all charges. MIT possibly was pushing for the charges, but I wouldn't call that 'pressured by businesses.'
More likely that Aaron was: 1) a feather in the prosecutor's cap 2) a way to show the public that she is/was 'tough on crime', and/or 3) another attempt to stretch the Federal statutes on 'hacking' (setting precedent).
I think I wasn't clear enough on this point. I wasn't implying that Aaron's case was directly pressured by businesses, actually I said in my post that in his case the affected parts, i.e. MIT, JSTOR, et al, decided to not push anymore.
When I talked about "businesses" I was referring to the constant pressure they apply for regulators to punish these kind of practices, as the case of Andrew Auernheimer shows, he was also prosecuted for access publicly available information perhaps with the same severity they did with Aaron. Both cases demonstrate a common practice that initiated by the necessity of businesses of cover their backs against these "intrusions", and in both cases also the prosecutors went out of their ways to set an example.
Though some might see higher learning as a business these days, I still don't view universities in the same light as corporations, so no matter the level of pressure from MIT, I still wouldn't class it as, "pressure from businesses."
MIT isn't just a business, it's a quasi-corporate entity that is a key piece of the military industrial complex. It's a piece of the establishment that's open right up to the point where it's not. There is nothing wrong with that, and it's a true treasure to the U.S., but there is no need to pretend it is anything other than what it is.
People are demonizing JSTOR and making excuses for MIT in this situation, but their perception of who is the big faceless establishment entity here is wholly mistaken.
Have you ever used Google Scholar? When I did, even if it indexed paywalled articles it didn't offer direct links to it (would have made my job easier at the time, trust me).
It's hard to hold Google up as a paragon of "doing the right thing" IP infringment when they'll auto-remove videos from YouTube based just on their similarity to other videos that have been flagged inappropriately for copyright violation.
Google Scholar currently offers direct links to articles, free or otherwise. Many are posted on public sites, whereas others require institutional access.
