Is illegally accessing MIT's network and downloading millions of copyrighted documents no worse than re-playing an NFL game to your buddies?
I think this is the heart of why people in the tech community can't make sense of what happened, and unfortunately probably why Swartz didn't realize what he was getting himself into.
I don't think it's just prosecutors or husbands of prosecutors who think illegally accessing the network of a key piece of the defense industrial complex (whatever else MIT might be, it is certainly that) is a bigger deal than putting together a March Madness pool.
Is accessing MIT's network and downloading millions of documents worse than illegally re-playing a copyrighted NFL game to your buddies?
No, people in the tech community can't make sense of what happened because they viscerally understand what he actually did, just like everybody understands how to record and replay TV. Aaron plugged into an ethernet port to get a faster connection, something people do every day. Aaron continued downloading files after he was told to stop. Should he have faced some penalty for continuing after being told to stop? Sure. Should it have been decades in prison for asserting his right to a jury trial? Of fucking course not.
You can't just throw away all context to make it seem like he did something everyone does every day. If I plug into the Ethernet network in my closet to get a faster connection, that's one thing. If I go into the network closet at Lockheed-Martin and do the same thing, it's a big fucking deal.
MIT is a key piece of the defense industrial complex. It might be a hotbed of internet intellectualism, but it's also at various points been one of the top non-profit defense contractors. I can guarantee you that when the police found someone was attached to the network switch, before they figured out the identity of the person, they ran through the scenarios of whether the downloading was a cover for accessing classified information, etc. They wouldn't be doing their jobs otherwise.
Once you've created that kind of suspicion in people, they're not as eager to give you the benefit of the doubt as people on Hacker News who see the story in full hindsight and with sympathy towards his motivations.
> If I go into the network closet at Lockheed-Martin and do the same thing, it's a big fucking deal.
Not if you're already using the network at Lockheed-Martin, and the "network closet" is the only quiet place that has an ethernet port and a chair because it doubles as sleeping quarters for the local homeless population. But presumably at Lockheed-Martin, they bother to maintain some physical campus security, including the locks on their doors, and don't have an environment primarily based on openness and exploration.
MIT is also a key piece of Cambridge, which is a key piece of Massachusetts, which is a key piece of the US, which is a key piece of the world. OMFG Aaron was hacking the planet!! And yeah I've no doubt the police thought that, partially because it's good investigation, but largely because they gain funding and importance by overblowing every possible threat. See also: small town cops getting helacopturs in case terrists try to blow up their water tower. But this is mostly irrelevant anyway, as it should have been sorted out by the legal system.
Now I know that over the past few days, you've been seeing a lot of tenuous reasoning based on blind emotional outrage. But buried in there, there's also been plenty of well reasoned analysis as to the actual causes of this outrage, that you have been ignoring (overly broad law which criminalizes every online activity, ridiculously harsh penalties for digital trespassing, denied right of due process due to immediate $1.5MM fine, denied right of jury trial under threat of multiplying his sentence by one and a half orders of magnitude).
If you honestly cannot understand that these things are major systematic problems facing all hackers, I question why you're even on HN. Wouldn't you be happier over at some lawyer forum where you can pretend that your system works, its errors are just "people doing their jobs", hacking (the breaking of abstractions) is a mortal crime against the state , etc ? I know that the world hackers have built currently looks an awful lot like your comfortable feudalism, but please just take our 'gifts' of phpbb and facebook and resume leaving us alone so that we may progress our world in peace.
I'm sorry, I didn't get the memo that hanging out on HN requires you to buy into the whole information anarchy movement.
It's incredibly frustrating to see people like you claim to speak for techies everywhere. I learned to program in C++ when I was 12 and have stared at more hex dumps than I care to remember. But guess what, I also believe in a world with fences and boundaries and rules. I think it's reckless to mess with the network of a $10 billion institution that does almost a billion dollars of defense contracts each year, just as it's reckless to jump the fence at a nuclear power plant. People get sensitive around sensitive things and I think they are right to do so.
I guarantee you I'm not the only one that feels this way, even within the techie community, so please don't act like you speak for me.
I'm trying to counter this notion that MIT is a place where information runs free and people are encouraged to explore to their heart's content. The fact that MIT is a billion-dollar defense contractor means that its culture of freedom and openness necessarily exists within well-defined boundaries. Judging from its reaction, MIT clearly felt that those boundaries had been crossed.
From the perspective of a prosecutor, what do you do in that situation? Can you not see how the nature of MIT as a major defense contractor would color an outsider's view of the situation? Do you honestly think the prosecutor would have acted similarly if Swartz had plugged into the network of a sports bar?
I shouldn't have to point this out, but again, I'm not saying that 50+ years or whatever would've been an appropriate punishment for what happened. I'm in fact quite sympathetic to the problem of overly aggressive laws re: network security. But I think it's willful blindness to paint this situation as someone doing something totally harmless and every day and being totally unable to comprehend why anyone would react differently.
It's odd that you're hilighting MIT's status as a defense contractor, when their primary role should be as a university. MIT is also able to draw remarkable talent in part because they have fostered a culture that challenges the concept of boundaries; if MIT now lacks the technical fortitude to deal with their network security in anything other than a litigious fashion, then they have fallen very far indeed from their reputation.
Further, if the cost of MIT's status as a defense contractor has indirectly been the death of one of the bright individuals in the very field that MIT holds the most prestige, then I think the cost is too great.
The U.S. is not a country that really believes in the idealistic rhetoric about academia that people sometimes indulge themselves in. Universities are, in the U.S. firmly entrenched in various massive complexes: defense, pharmaceuticals, agriculture. They are cogs in the engine of industry. Anyone who thinks these major research universities are anything other than the establishment are naively optimistic. Nobody gets a billion dollars of DOD money each year without being thoroughly part of the establishment.
Now, that does not mean that MIT does not or cannot foster a culture that encourages challenging boundaries. It just means that there are firmer boundaries further out from the playground in which the undergraduates play.
I think that explains MIT's reaction in this situation. Going into the closet to plug into the network came too close to breaching that hard outer boundary for the University's taste.
And to circle back to my other point: MIT's status as massive defense contractor colors how other people perceive what happens there. When the prosecutors in the DOJ think of MIT, they don't think of a place where students are encouraged to "challenge boundaries." They think of it as a place that does critical research often on very sensitive subjects--a vital part of the national infrastructure. Please tell me you understand why someone would be more sensitive to a network intrusion at MIT while operating under the latter premise than under the former.
I have no idea how you think you can get away with describing what "the U.S." believes as though it supports your point. Your entire argument here seems to depend on this absurdly shallow fiction of universities as being nothing more than aspects of corporate and military development. I already disputed this, and you doubled down on it without saying anything new.
What you're saying about MIT's network policies doesn't even help your point, it helps mine, unless you actually believe that e.g. running BitTorrent on MIT's network should justify really stiff penalties just because of some DoD involvement in other parts of MIT's network.
By the way, one of our clients has been on-and-off-again funded by the DoD, and we are directly responsible for their network, and we were audited by representatives of the army not too long ago. So, I do have some notion of the expectations for network security in such an environment, and I can tell you that everyone that matters there -- including the Army -- would think I was insane if I suggested that the unauthorized use of the network there to download paywall'd scientific journals should be a felony offense, or one that should result in any jail time at all.
Whether or not MIT's status as a defense contractor "colors" other people's decisions or not is irrelevant. What has been under discussion is whether or not those decisions were reasonable and proportionate to the crime committed, and you are doing absolutely nothing to argue that point.
Your profile claims that you are both a lawyer and an engineer, but bewilderingly, you don't seem to be accounting at all for what Swartz was actually doing. You seem to be making an argument that, because there were sensitive portions of MIT's network, even though it was established that Swartz was not accessing or attempting to access those portions, it's somehow justifiable to punish him as though he were. If that is your argument, I think you ought to reconsider that condescending tone on your last line.
If your point is that any unauthorized access, either of facilities or network closets, at MIT should be prosecuted more heavily merely because of MIT's DoD involvement, then let me again circle back to my point, which is that such policies are completely at odds with the ideals that made MIT an attractive talent pool for the DoD in the first place.
No, the difference is that you apparently believe that violating those fences, boundaries, or rules should cost one their life (for this is what a decade in prison is). You may be a techie, but if you think that digital misdemeanors are worthy of such stiff penalties, I guarantee that you are not a hacker.
I never said I believed what Swartz did merited decades in prison. I personally think it merited a misdemeanor conviction and a suspended sentence, and I think it's a problem that the law doesn't create clear distinctions between "felony network intrusion" and "misdemeanor network intrusion." That's my personal politics.
However, it's one thing to think this intrusion is a "digital misdemeanor" and another thing to act like you can't fathom why anyone would see it otherwise. You have your perspective, but the police and the prosecutor and evidently at least some people at MIT: 1) had no idea who Swartz was or what his agenda was; 2) didn't share his politics; 3) weren't familiar with the "hacker culture"; and 4) were rattled by the target being an institution like MIT. You seem to completely ignore that aspects of Swartz's activities seem similar, to an outsider, to someone with much more nefarious intentions, and you seem completely unwilling to explore how outsiders to the situation might have, in good faith, a different perception of it than yourself.
Also, I presume the "hacker" in Hacker News is used in the same sense as in Paul Graham's essays--hacking on code. I fail to see what that has to do with one's politics re: information security.
Hacking, in general, is breaking abstractions and assumptions that most people take for granted. PG uses it in terms of startup methodology. Coders use it in terms of chopping through existing software. Crackers use it in terms of computer security models. Aaron did it in terms of "Intellectual Property", proclaiming that PACER and copyright-expired articles are really public domain.
I actually do fully understand why what happened to Aaron did, on both fundamental and systemic levels. All hacking unnerves the people who were unquestioningly taking those abstractions for granted. It shakes their faith in their own reasoning process, making them wonder what else they could possibly be missing. The hacker appears to have special powers, and sets off a deep-rooted fear of the unknown.
Which is why we presently have life changing criminal sentences for any kind of computer hacking. The kind of people that desire to punish others for pointing out their non-clothedness inherently don't understand the varying ways their abstractions can be broken. So we get a vague open-ended law applicable to basically every situation (legitimate or not), but it's only enforced when someone who feels they've been wronged manages to get the ear of someone powerful.
But all of this certainly does not imply that this state of affairs is morally right. And it certainly doesn't help to repeat the nonsense scare tactics and justifications of the machinery that punished him as if they're fact, because the whole goddamn point is that these completely open-ended laws are not true laws at all, but avenues for exercising arbitrary punishment justified by appeals to not-illegal but bad-feeling "context". No doubt had this prosecutor's son done the exact same thing, the "context" would be different and they'd have ended up with a continuance or probation in the worst case.
Your personal politics seem reasonable. However, I think you're underestimating the amount of consideration the case has received here. Law enforcement, the prosecutor, and the individuals involved at MIT certainly should have learned about Swartz' character during the legal fight, and indeed they had the opportunity to do so if Swartz' attorneys are to be believed; sharing his politics is not necessary for a just outcome; they really ought to be familiar with the "hacker culture", given this occurred at MIT, an institution whose primary notable achievement is the celebration of hacker culture; and the target was not MIT, it was JSTOR. MIT was merely the vessel.
It's not that some people here are "unwilling to explore the situation in good faith", it's that we have done so, and still cannot justify the actions of the prosecution in a reasonable way.
> Law enforcement, the prosecutor, and the individuals involved at MIT certainly should have learned about Swartz' character during the legal fight, and indeed they had the opportunity to do so if Swartz' attorneys are to be believed
Sure, but first impressions can never be erased. Remember, at first the investigators had no idea who was accessing the network. They had to place a camera to find out. Moreover, as a general rule, prosecutors don't go to lengths to really explore the character of defendants, because people are punished or not for their actions, not their character.
> sharing his politics is not necessary for a just outcome
No, but it totally shapes your perception of justice. Entertain the notion of someone who believes that copyrighted articles are really property, and that network boundaries are like real life fences. To such a person, what Swartz did seems like hopping a fence at a public art gallery to steal the paintings. But, most people on HN seem to subscribe to the politics that say a network boundary is like a "keep off the grass" sign at a public park, and that research articles aren't anyone's property at all. They are outraged that anyone would get in serious trouble for merely trampling on the grass and taking the fallen leaves on the ground.
> given this occurred at MIT, an institution whose primary notable achievement is the celebration of hacker culture
I think very few people would consider MIT's primary notable achievement to be the celebration of hacker culture. That's not what ordinary people think about MIT. They think it's like the show Fringe. Even within technologically-minded people, I think celebration of MIT's hacker culture is limited mostly to the CS set. I went to nerd high school, and what we knew about MIT was robotics, aerospace, etc, not hackers.
> and the target was not MIT, it was JSTOR. MIT was merely the vessel.
If you're familiar with Swartz's agenda, you know that. If you're the prosecutor presented with evidence of someone video taped accessing a restricted closet at MIT, you don't know that.
> But, most people on HN seem to subscribe to the politics that say a network boundary is like a "keep off the grass" sign at a public park, and that research articles aren't anyone's property at all. They are outraged that anyone would get in serious trouble for merely trampling on the grass and taking the fallen leaves on the ground.
OK, now I think I understand you, and unfortunately that means we're at an impasse, because you've imagined that we're making the most ridiculous argument possible despite all of the ample and articulate statements to the contrary. There is simply no way to have a sensible conversation with you if you're going to ignore all discussion of concepts like "reasonable" and "proportional" and instead conjure up some absurd caricature of the people you're talking to.
> I went to nerd high school, and what we knew about MIT was robotics, aerospace, etc, not hackers.
That's what hackers are -- robotics and aerospace and technology and knowledge and other "really cool shit!" enthusiasts.
> If you're the prosecutor presented with evidence of someone video taped accessing a restricted closet at MIT, you don't know that.
I'm not sure what I can say about a prosecutor that litigates a case without bothering to investigate the facts of the case, without sounding like a complete jerk. I will say that although Ortiz and Heymann might be described in many unflattering ways, I doubt either one of them could be said to be that incompetent.
You mean copyrighted files produced with public funding which should have never been put in private lockers in first place? How's this not context?
And plugging a pc in an ethernet port doesn't seem to me to be a crime worth neither 6 months or 35 years. In fact, doesn't seem to be more than something worth a small fine, depending on circumstances.
Perhaps not an everyday thing, but far from being something programmers don't do often, i.e. automate something.
First, you are comparing IP with a service that has a totally different ongoing costs.
Second, I'd imagine you are already paying less for your ticket thanks to partial public funding. Some places have free transport altogether and more often than not it incentives tourism too!
Any work produced with public funding should be available free of charge, there's no way around it really.
Yes it has ongoing cost. No we shouldn't pay to access public research. Not JSTOR, not anyone. Have you checked how much for say a research paper from just 10 years ago ? how's 30 dollars for you ? So you are suggesting it would be even more expensive if it wasn't for partial public funding ?
Then perhaps they are doing a shit job and don't belong, don't deserve to make any money or to function.
Mega upload did a better job hosting data that they are doing. Ditto for wikipedia. For categorizing it there's the community which should be more than enough given that it's the same with or without JSTOR.
Yeah with some peer review and either ad supported, state supported or community supported. Simple fee is too much for something I already paid for. I think paying 5 cents for the bandwidth is perhaps all it could and should ever cost.
> they ran through the scenarios of whether the downloading was a cover for accessing classified information, etc.
Classified information? Do you know anyone that can get physical access to a computer network with classified information on it? If it is easy to get access to it, it better only have access to sensitive but unclassified data (SBU).