

The MIT report on aaronsw - steveklabnik
http://lessig.tumblr.com/post/56881544082/the-mit-report-on-aaronsw

======
denzil_correa
Oh well, apparently the access of AaronSw was not "unauthorized".

    
    
        If indeed Aaron’s access was not “unauthorized" — as 
        Aaron’s team said from the start, and now MIT seems to 
        acknowledge — then the tragedy of this prosecution has 
        only increased. 
    

I wonder how this makes the prosecutors look like now.

~~~
selter01
Why does it make the prosecutors look worse? Aaron killed himself, and if he
was convinced he was innocent, he should've stuck it out.

~~~
jychang
Plenty of people under torturous situations have committed suicide, even if
innocent. You're just standard victim blaming now.

------
ChuckMcM
This point, the one where if Aaron had sat in the library downloading Jstor
articles, it would have been "ok" (because it is allowed by the guest policy)
was always problematic for me as well.

~~~
MichaelSalib
I don't get this at all. If Swartz had walked into the library and told a
librarian, "hi! I'd like to download the entire JStor archive. Where can I
plug in?", they obviously would have told him "No". Everyone knows this.
Swartz knew this: that's why he did so much to conceal his identity and
conceal what he was doing.

~~~
ChuckMcM
That is the sticky bit isn't it?

Allowed by (then) MIT policy: Enter library, download "some" jstor articles.

There were no explicit limits other than 'we reserve the right to refuse
service' sorts of things in their policy. So were he a patient person it would
have been ok for him to come in each day, download some, until he had the
entire set of all documents, however long that took.

An analogy might be ketchup packets at a fast food restaurant. You are allowed
to take a 'few' for your meal, but clearly if you poured the whole box of them
into your back pack you would be asked to leave, not because you are
"stealing" ketchup, but because they _choose_ to refuse you service based on
your abuse of their free ketchup.

So he clearly abused their good will, and by that abuse they had the right to
revoke his access. And he was clearly working to avoid automated monitoring
and revocation (which is a stand in for the librarian kicking you out) But
prior to them revoking his access, his access was _authorized_.

Like I said, it's a weird thing. If someone comes to your "anyone is invited
party" and then starts making an ass of themselves and you ask them to leave,
you can't really accuse them of criminal trespass and breaking and entering.
But you can sue them in civil court if they damage stuff, and you can call the
cops to haul them away if they refuse to leave.

The point though of Lessig's note is, I believe, that this was an egregious
use of a poorly written law (CFAA) with a variety of legal problems with its
application. Had it gone to court the case law it might have established would
have been helpful in avoiding future abuses.

~~~
MichaelSalib
This really seems like sophistry to me.

Everyone agrees that if Swartz had asked the library staff to help him
download the entire JStore archive, they would have clearly said no. The
difference between "some jstor articles" and "the entire archive" is huge and
significant. His authorization was never a blanket authorization to do
whatever he wanted with the JStor access, in part because MIT could not offer
that: they could only offer access under terms that JStor set, and those terms
banned whole archive scraping.

~~~
brudgers
The idea that what is not explicitly prohibited is permitted is a very
American attitude toward the laws, rules and regulations.

As an illustration, compare the structure of the rules of NFL American
Football:

[http://static.nfl.com/static/content/public/image/rulebook/p...](http://static.nfl.com/static/content/public/image/rulebook/pdfs/2012%20-%20Rule%20Book.pdf)

To FIFA's Laws of the Game:

[http://www.fifa.com/mm/document/footballdevelopment/refereei...](http://www.fifa.com/mm/document/footballdevelopment/refereeing/81/42/36/log2013en_neutral.pdf)

------
forgotAgain
So basically he accessed a wiring closet without authorization. The 50 years
or so of time the federal attorney wanted to impose was all based on laws
concerning unauthorized access to the network, not the closet.

When do the judicial misconduct hearings start?

~~~
tzs
They wanted to impose a few months, not 50 years. To have even a shot at 50
years under the Federal sentencing guidelines, he would have had to have had
multiple prior convictions and to have basically been the Al Capone of
unauthorized access.

~~~
forgotAgain
They offered him a plea deal for a few months (6?) if he pleaded guilty. The
club they beat him with was the threat to pursue 50 years if he fought the
charges.

The prosecutor basically did sell him as an Al Capone of computer hacking; a
threat to the nation, Mom, apple pie, and all that is good and right in
America.

~~~
tptacek
No, that's not true. We know it's not true because Aaron Swartz's lawyer
disclosed the sentence they were threatening him with at trial, and it was
nothing resembling that number. You can go look it up yourself. In the
meantime, one wonders: since we know the number you stated can't possibly be
true, where did it come from? What enabled you to confidently state that
Swartz was threatened with a 50 year sentence?

~~~
forgotAgain
My apologizes it wasn't 50 years, it was 35.

 _Federal prosecutors later charged him with two counts of wire fraud and 11
violations of the Computer Fraud and Abuse Act,[17] carrying a cumulative
maximum penalty of $1 million in fines, 35 years in prison, asset forfeiture,
restitution and supervised release.[18]_

[http://en.wikipedia.org/wiki/Aaron_Swartz](http://en.wikipedia.org/wiki/Aaron_Swartz)

[Edit] Background information is also available here. It verifies the number
of charges filed but not the total length of the possible prison term
involved:
[http://video.pbs.org/video/2325573247](http://video.pbs.org/video/2325573247)

~~~
tptacek
No, you are still not even close. What's more, you didn't even respond to my
comment; you simply parroted again the press release maximum sentence. Press
release maximum sentences bear almost no relationship to reality. Once again:
we know what he was actually threatened with. His lawyer disclosed it.

~~~
forgotAgain
I've supplied a reference to what his maximum sentence could be given the
crimes he was charged with.

Where is your reference to the contrary?

~~~
tptacek
I'm going to let you do your own homework, because I expect that when I show
you you're wrong, rather than thanking me for correcting you, you're going to
get indignant and find some way to attack both me and the actual correct
answer to the question. Maybe if you look it up yourself, that won't happen.

I've given you more than enough detail to go find the right answer.

You can in the meantime take my word for it on two things: (1) that Swartz was
threatened with a specific sentence recommendation that was nowhere near 35
years (it was still a very tough sentence totally out of proportion to what he
did) and (2) that a DoJ press release maximum sentence bears no resemblance to
the sentences CFAA convicts can expect to receive from a judge.

~~~
forgotAgain
When you significantly edit a comment it's usually considered good form to
label the changes.

~~~
tptacek
None of my comments were edited at any point near any of yours.

