

Aaron Swartz hit with 9 more felony charges in MIT hacking case - esolyt
http://www.dailydot.com/news/aaron-swartz-mit-jstor-hack-charges/

======
mukaiji
RANT: Anyone here interested in the underlying issue of academic publishing?
To me, the very notion that publicly (or privately for that matter) funded
academic research gets locked behind paywalls of organizations that have not
contributed financially to the research endeavor published, seems like irony
to me. In short, they pay not a single dime to produce the content, charge the
researchers to have their submission reviewed and published, publish the
content and make money off of the subscription they sell, and sue the hell out
of anyone who tries to wrestle it back out of their control.

~~~
danielweber
_organizations that have not contributed financially to the research_

 _charge the researchers to have their submission reviewed and published,_

As you point out, they are providing a valuable service. The research is peer-
reviewed and published.

You can argue that they aren't needed in the modern peer-to-peer wikiresearch
napster world, where anyone can just publish their research wherever they
want.

If the researchers don't want their research behind the paywall, they are not
forced into the transaction. They must be finding the value-add of the "peer-
review and publish" significant enough to give up publishing rights elsewhere.

~~~
ek
Unfortunately, this is something that has to occur as a systematic change.
Individual researchers are not to blame, necessarily. When you are told by
your university that you must publish or face not getting tenure, what they
mean is that you must publish in a peer-reviewed journal (or conference, since
most of what we talk about here is CS and CS is still a conference field
mostly). We could realign the review process so that it was something taken on
by universities, for example, but this will require a major systematic change.

Peer review is important. It will not stop being important, but unfortunately
the service of peer review is currently only being offered by mostly for-
profit organizations, which is the primary problem.

~~~
udpheaders
So true. It's not like publishing your paper on your lab's website will
satsify the "publish" requirement for obtaining tenure. Why can't we separate
the process of peer review from the process of letting a journal handle
distribution of the paper?

My pet peeve when downloading articles from journals is that it is a chain of
needless HTTP redirects and elaborate cookies. If you are accessing the
network from an approved IP address, is all that really necessary? Why can't
it be a simple direct download? Answer: Because they've commercialized the
process of reading publicly-funded research results. And with that comes the
usual mindless hoop-jumping for even the simplest things.

Many investigators will just post a copy on their lab's website anyway. And
that's the link that they will often give to students who need a copy of the
paper. So the whole scheme of commercializing the publishing of noncommercial
research just looks silly.

Don't question it, just follow along.

------
thaumaturgy
Just FYI, this is often a prosecutorial bargaining tactic for dealing with an
uncooperative defendant (based on personal experience, anyway).

That said, I wish articles like this one would quit making the rounds. It's
macabre theater and isn't doing aaronsw any favors.

~~~
ajross
Is the goal to do aaronsw favors? This is pretty clearly newsworthy.

I think you can ding the reporting for missing important subtleties and
lacking context (i.e. the fact that the downloaded material wasn't covered by
a JSTOR copyright somehow gets skipped!). But arguing that we should plug our
ears to news about a case with clear impact to the community because it might
look bad for the defendent is just ... weird.

The point about this being a bargaining tactic makes sense though. They want a
plea on something to avoid embarrassment, and it wouldn't surprise me if Aaron
was refusing to deal.

~~~
tptacek
How does ratcheting up the charges minimize the embarassment to the DOJ if
Aaron is ultimately vindicated?

~~~
bonzoesc
The DoJ isn't human and is not subject to emotions like "pride" or
"embarrassment." Their goal is to win cases and enforce laws, and if the
bureaucratic cost of adding more charges improves their chances of having the
defendant found guilty on them, they're successful.

~~~
ajross
The DoJ is part of the executive branch, and ultimately answerable to elected
officials who _absolutely_ are sensitive to embarassment. No one wants to see
a headline like "FBI wastes $2M on failed prosecution of harmless nerd" when
it could be "Hacker gets jail time and fine". So they're throwing mud trying
to get something to stick. If it looks like anything does, they'll offer a
plea again.

You can't really believe that politics have no impact on the case decisions in
the DoJ, can you?

------
__del__
I'm not sure I want to live in a society where reading too many academic
papers too fast is a multi-felony. _"Swartz’s program was so powerful…"_

~~~
udpheaders
As if Python was the most powerful language, heh. :)

Maybe he was going for a world record of most citations in a single paper.
Who's to say he wasn't just doing research? How many downloads is too many?

I would be willing to bet that the JSTOR TOS do not give a specific number.
e.g. "You may not download more than n papers in 24 hours." And if they don't
state a maximum in the TOS, then why shouldn't they, for clarity?

~~~
danielweber
It sounds like you are trying to invoke Loki's Wager -- since you cannot
define N where downloading N is too many and N-1 is not too many, there must
not be such a concept as downloading too many.

People who deal with the law don't have much patience for this.

~~~
udpheaders
I'm not sure if I am interpreting your last sentence correctly. Can you
rephrase it?

~~~
danielweber
Courts have a very long history and lots of people have tried lots of really
weird things over the years. Swartz will hopefully have a good lawyer, and a
good lawyer won't even try to something along the lines of "there wasn't a
preset limit on X therefore my client didn't do anything wrong" when his use
of X was over a hundred times the combined consumption of all the legitimate
users over two months.

Judges are not computers. If counsel presents them with a bad enough argument,
they might get insulted that counsel thinks the judge is dumb enough to fall
for it. Things that depends on the judge's mood (like purposefully obtuse
arguments) are not a good courtroom strategy.

~~~
udpheaders
You are jumping around a bit. We were talking about TOS and now we're in a
court room and using the words "judge" and "dumb" in the same sentence. I was
kidding about doing research. Humor. We all know what he was doing. But the
truth is I'm serious about these types of TOS. And I'm looking at this mainlly
from the end user's perspective. You see the same type of ambiguous TOS
language everywhere on the web. Let's stay focused on TOS for a moment, and
leave aside the Swartz case. Do you think ambiguous contracts (TOS) are
"better"[1] than unambiguous ones? For example, would reducing ambiguity lower
the probability of (costly) disputes?

1\. better for who?

~~~
danielweber
ToS might be interesting in some cases, but not in this one. JSTOR and MIT
kept on denying access to Swartz and he kept on working around their defenses.

~~~
udpheaders
What if we looked beyond the Swartz case? Then what do you think about these
types of TOS?

Maybe another example would be more interesting. Say you have a choice between
an API that allows a "reasonable" number of requests in any 24 hour period and
one that allows n number of requests in any 24 hour period. Which one would
you prefer?

First assume you're an API user. Then assume you're the API provider.

Anyway, this kind of question is what I was getting at. What is reasonable? I
don't know what their server capacity is.

I like using automation, I prefer non-interactive to point and click, and I
have always found TOS on academic databases, not to mention most websites,
interesting. Because they fail to account for anyone who might want to use
automation (reasonably, having respect for the resources of the server). But
maybe I'm the only one who finds this question interesting.

------
SeanDav
EDIT:Make my point more clear

Edited comment:

It seems to me that Federal law is able to be applied to websites created by
private individuals or businesses. As long as the ToS has knowingly been
broken and the person doing the breaking has benefited materially then he is
at risk of federal prosecution. I don't see a lot of comment about reasonable
the ToS has to be. This just strikes as being completely irrational.

Original comment:

Riiiigght, so I can put together a website with some strange terms of service
and then the FBI will come arrest anyone breaking those terms of service
because it is a federal crime.

Just what planet do these guys live on....

~~~
tptacek
No, you cannot do that. A prosecutor must demonstrate, first to a grand jury,
then to a criminal jury, and simultaneously to a judge, that the accused not
only violated the terms of service to a website, but in doing so caused
material harm or found material gain, _and_ that they did so knowing that they
were violating the terms of the site.

~~~
SeanDav
The fact seems to remain that any private individual can create a website and
have the force of federal government apply to a third party as long as said
party has knowingly broken the ToS and gained materially somehow from that.

~~~
tptacek
Don't knowingly break the terms of service of websites for profit or to harm
others. Sounds straightforward to me.

~~~
aggronn
If a restaurant had a 'terms of service' that said no reselling of food that
they make, should you be open to federal prosecution if you stopped by to pick
up food for yourself and some co-workers? Especially if someone gave you a few
dollars for the trouble of running the errand? And even more, if the
restaurant has their own delivery service?

Am I missing an important distinction here? Should private companies be able
to make binding rules that open people up to criminal prosecution for
something that doesn't violate any laws per se? A person breaking a specific
law AND breaking a ToS makes sense. A person breaking a law BY breaking a ToS
doesn't make sense.

~~~
tptacek
I can't reply to this because no part of the example you provided constitutes
a federal crime under the CFAA.

On the other hand, the criminal aspect of using a university's noncommercial
JSTOR access to scrape a substantial portion of the entire database so you can
put it on BitTorrent is not hard to understand.

~~~
aggronn
It was unclear if what you were implying was that you shouldn't violate a ToS
for your own profit (or at someone's expense) because it was a federal
offense. (I can see now that that was not what you were trying to get at)

What are your thoughts on PadMapper vs CL? What is the distinction between
scraping that data vs scraping this data that makes one worthy of federal
prosecution, but not the other? Considering in both cases it was done for
profit or detriment

~~~
tptacek
Elements missing from a CFAA case for PadMapper include _at least_ interstate
commerce and intent to defraud.

Swartz's prosecution alleges --- credibly, given what Swartz allegedly posted
prior to scraping JSTOR --- that Swartz intention was to liberate data from a
commercial database onto file sharing networks, making intent a much easier
case to prove. Moreover, the indictment is at pains to point out that MIT and
JSTOR repeatedly attempted to stop Swartz from continuing his plan, and found
themselves in a cat-and-mouse game with Swartz eventually trespassing to
maintain access.

PadMapper found itself having exceeded Craigslist's terms, found out by having
its access withdrawn and becoming the target of a civil suit, and did not
(directly, at least) attempt to evade the countermeasures Craiglist applied to
prevent them from obtaining further access.

Whether or not you believe Swartz did something wrong here (I do) or whether
you think he should get a felony conviction for doing it (he probably
shouldn't), you can see pretty clearly how JSTOR had no straightforward civil
remedy to what Swartz was doing. Swartz was playing chicken with them, and he
lost --- or rather, his bicycle collided with JSTOR's semi truck at high
speed.

------
salimmadjd
This could be very troubling for scrapers, as they frequently breach the terms
of service. If successfully prosecuted it would encourage and empower sites
with content that get scraped to push for criminal charges and win given this
precedence.

~~~
biot
Are you suggesting that mere scraping alone would demonstrate sufficient
intent to warrant prosecution? Can you elaborate? Various courts have had
mixed interpretations on the enforceability of sites' terms of service. How
would this impact the body of case law that has been building around automated
scrapers such as the many "... vs Google" cases? Also, "precedence" is ranking
something in priority; "precedent" is the legal term.

~~~
tptacek
The indictment goes into great detail as to how Swartz would have known his
actions violated JSTOR's terms, and how he repeatedly took surreptitious steps
to continue his plan despite the obvious efforts of both MIT and JSTOR to stop
him.

"Mere scraping alone" is unlikely to land you a federal charge; the
prosecution needs to demonstrate your intent to act unlawfully. A far more
typical outcome for a scraping case is a C&D from the site you scraped.

For obvious reasons, JSTOR can't C&D Swartz once their content hits
BitTorrent. Similarly, if you scrape a site and post it to file sharing
networks, you might have something to be concerned about.

------
logn
This is potentially terrible precendent essentially allowing private entities
to write federal law.

~~~
tptacek
What?

~~~
Domenic_S
Step 1: Write a ToS for your private entity

Step 2: Catch someone violating it

Step 3: Sic the Feds (government) on them for violating it (your private,
unvetted agreement).

(no comment from me personally, but I think that's what the GP was saying.)

~~~
raldi
I'm pretty sure sneaking into a server closet and patching your computer into
their network was already against the law before this incident happened.

~~~
sp332
It was a janitorial closet, not a server room. And connecting to a network is
not illegal.

~~~
raldi
You're asserting that it's legal for you to plug your computer into a piece of
networking infrastructure that's clearly not intended for general public use,
without the permission of that network's owner?

I'm going to have to slap a [citation needed] on that.

~~~
sp332
It's the same network that's available elsewhere on campus, so it's not like
he was connecting without authorization. Aside from possibly trespassing, what
kind of crime would it be?

~~~
tptacek
Are you suggesting that there's a kind of network equipment that you have to
trespass to access for which people have a reasonable expectation that they
are authorized to use it?

There's no giant sign hanging over the breaker box in my building's elevator
room saying "AUTHORIZED USE ONLY", but I'm pretty sure I'd get in trouble if I
went in there and started flipping switches.

~~~
sp332
If I'm a student, and there's a switch in the teachers' lounge that connects
to the same network that I am allowed to access in the rest of the school,
then I can illicitly enter the teachers' lounge _and_ plug in to that network
with the same authorization that I would have outside.

Edit: doesn't have to be wifi.

~~~
tptacek
I don't follow, but then, we're not talking about wifi networks.

------
rjurney
Remember the FREE KEVIN bumper stickers?

FREE AARON.

Just to elaborate... what it seems we have here is a brilliant engineer and
idealist leftie that lost his grip on what is reasonable. He seriously fucked
up, and then he seriously fucked up by getting caught. He isn't a hardened
criminal, he wasn't stealing to make money and he can almost certainly be
reformed with a light sentence, community service and probation.

Only the oppositional system doesn't see things that way.

~~~
abecedarius
I have way more sympathy for aaronsw than I had for Mitnick. Maybe this would
change if I looked into Mitnick's case, but my prior is that this analogy
would not help Aaron.

~~~
hollerith
Same here. The difference is that the motivation that caused Aaron to break
the law is a _genuine_ desire to improve the world -- and that's what
advocates for Aaron in the arena of public opinion should focus on.

------
bensw
It's embarrassing how much of this article is wrong.

------
mkhalil
Anons Unite.

