I'm sorry, I didn't get the memo that hanging out on HN requires you to buy into the whole information anarchy movement.
It's incredibly frustrating to see people like you claim to speak for techies everywhere. I learned to program in C++ when I was 12 and have stared at more hex dumps than I care to remember. But guess what, I also believe in a world with fences and boundaries and rules. I think it's reckless to mess with the network of a $10 billion institution that does almost a billion dollars of defense contracts each year, just as it's reckless to jump the fence at a nuclear power plant. People get sensitive around sensitive things and I think they are right to do so.
I guarantee you I'm not the only one that feels this way, even within the techie community, so please don't act like you speak for me.
I'm trying to counter this notion that MIT is a place where information runs free and people are encouraged to explore to their heart's content. The fact that MIT is a billion-dollar defense contractor means that its culture of freedom and openness necessarily exists within well-defined boundaries. Judging from its reaction, MIT clearly felt that those boundaries had been crossed.
From the perspective of a prosecutor, what do you do in that situation? Can you not see how the nature of MIT as a major defense contractor would color an outsider's view of the situation? Do you honestly think the prosecutor would have acted similarly if Swartz had plugged into the network of a sports bar?
I shouldn't have to point this out, but again, I'm not saying that 50+ years or whatever would've been an appropriate punishment for what happened. I'm in fact quite sympathetic to the problem of overly aggressive laws re: network security. But I think it's willful blindness to paint this situation as someone doing something totally harmless and every day and being totally unable to comprehend why anyone would react differently.
It's odd that you're hilighting MIT's status as a defense contractor, when their primary role should be as a university. MIT is also able to draw remarkable talent in part because they have fostered a culture that challenges the concept of boundaries; if MIT now lacks the technical fortitude to deal with their network security in anything other than a litigious fashion, then they have fallen very far indeed from their reputation.
Further, if the cost of MIT's status as a defense contractor has indirectly been the death of one of the bright individuals in the very field that MIT holds the most prestige, then I think the cost is too great.
The U.S. is not a country that really believes in the idealistic rhetoric about academia that people sometimes indulge themselves in. Universities are, in the U.S. firmly entrenched in various massive complexes: defense, pharmaceuticals, agriculture. They are cogs in the engine of industry. Anyone who thinks these major research universities are anything other than the establishment are naively optimistic. Nobody gets a billion dollars of DOD money each year without being thoroughly part of the establishment.
Now, that does not mean that MIT does not or cannot foster a culture that encourages challenging boundaries. It just means that there are firmer boundaries further out from the playground in which the undergraduates play.
I think that explains MIT's reaction in this situation. Going into the closet to plug into the network came too close to breaching that hard outer boundary for the University's taste.
And to circle back to my other point: MIT's status as massive defense contractor colors how other people perceive what happens there. When the prosecutors in the DOJ think of MIT, they don't think of a place where students are encouraged to "challenge boundaries." They think of it as a place that does critical research often on very sensitive subjects--a vital part of the national infrastructure. Please tell me you understand why someone would be more sensitive to a network intrusion at MIT while operating under the latter premise than under the former.
I have no idea how you think you can get away with describing what "the U.S." believes as though it supports your point. Your entire argument here seems to depend on this absurdly shallow fiction of universities as being nothing more than aspects of corporate and military development. I already disputed this, and you doubled down on it without saying anything new.
What you're saying about MIT's network policies doesn't even help your point, it helps mine, unless you actually believe that e.g. running BitTorrent on MIT's network should justify really stiff penalties just because of some DoD involvement in other parts of MIT's network.
By the way, one of our clients has been on-and-off-again funded by the DoD, and we are directly responsible for their network, and we were audited by representatives of the army not too long ago. So, I do have some notion of the expectations for network security in such an environment, and I can tell you that everyone that matters there -- including the Army -- would think I was insane if I suggested that the unauthorized use of the network there to download paywall'd scientific journals should be a felony offense, or one that should result in any jail time at all.
Whether or not MIT's status as a defense contractor "colors" other people's decisions or not is irrelevant. What has been under discussion is whether or not those decisions were reasonable and proportionate to the crime committed, and you are doing absolutely nothing to argue that point.
Your profile claims that you are both a lawyer and an engineer, but bewilderingly, you don't seem to be accounting at all for what Swartz was actually doing. You seem to be making an argument that, because there were sensitive portions of MIT's network, even though it was established that Swartz was not accessing or attempting to access those portions, it's somehow justifiable to punish him as though he were. If that is your argument, I think you ought to reconsider that condescending tone on your last line.
If your point is that any unauthorized access, either of facilities or network closets, at MIT should be prosecuted more heavily merely because of MIT's DoD involvement, then let me again circle back to my point, which is that such policies are completely at odds with the ideals that made MIT an attractive talent pool for the DoD in the first place.
No, the difference is that you apparently believe that violating those fences, boundaries, or rules should cost one their life (for this is what a decade in prison is). You may be a techie, but if you think that digital misdemeanors are worthy of such stiff penalties, I guarantee that you are not a hacker.
I never said I believed what Swartz did merited decades in prison. I personally think it merited a misdemeanor conviction and a suspended sentence, and I think it's a problem that the law doesn't create clear distinctions between "felony network intrusion" and "misdemeanor network intrusion." That's my personal politics.
However, it's one thing to think this intrusion is a "digital misdemeanor" and another thing to act like you can't fathom why anyone would see it otherwise. You have your perspective, but the police and the prosecutor and evidently at least some people at MIT: 1) had no idea who Swartz was or what his agenda was; 2) didn't share his politics; 3) weren't familiar with the "hacker culture"; and 4) were rattled by the target being an institution like MIT. You seem to completely ignore that aspects of Swartz's activities seem similar, to an outsider, to someone with much more nefarious intentions, and you seem completely unwilling to explore how outsiders to the situation might have, in good faith, a different perception of it than yourself.
Also, I presume the "hacker" in Hacker News is used in the same sense as in Paul Graham's essays--hacking on code. I fail to see what that has to do with one's politics re: information security.
Hacking, in general, is breaking abstractions and assumptions that most people take for granted. PG uses it in terms of startup methodology. Coders use it in terms of chopping through existing software. Crackers use it in terms of computer security models. Aaron did it in terms of "Intellectual Property", proclaiming that PACER and copyright-expired articles are really public domain.
I actually do fully understand why what happened to Aaron did, on both fundamental and systemic levels. All hacking unnerves the people who were unquestioningly taking those abstractions for granted. It shakes their faith in their own reasoning process, making them wonder what else they could possibly be missing. The hacker appears to have special powers, and sets off a deep-rooted fear of the unknown.
Which is why we presently have life changing criminal sentences for any kind of computer hacking. The kind of people that desire to punish others for pointing out their non-clothedness inherently don't understand the varying ways their abstractions can be broken. So we get a vague open-ended law applicable to basically every situation (legitimate or not), but it's only enforced when someone who feels they've been wronged manages to get the ear of someone powerful.
But all of this certainly does not imply that this state of affairs is morally right. And it certainly doesn't help to repeat the nonsense scare tactics and justifications of the machinery that punished him as if they're fact, because the whole goddamn point is that these completely open-ended laws are not true laws at all, but avenues for exercising arbitrary punishment justified by appeals to not-illegal but bad-feeling "context". No doubt had this prosecutor's son done the exact same thing, the "context" would be different and they'd have ended up with a continuance or probation in the worst case.
Your personal politics seem reasonable. However, I think you're underestimating the amount of consideration the case has received here. Law enforcement, the prosecutor, and the individuals involved at MIT certainly should have learned about Swartz' character during the legal fight, and indeed they had the opportunity to do so if Swartz' attorneys are to be believed; sharing his politics is not necessary for a just outcome; they really ought to be familiar with the "hacker culture", given this occurred at MIT, an institution whose primary notable achievement is the celebration of hacker culture; and the target was not MIT, it was JSTOR. MIT was merely the vessel.
It's not that some people here are "unwilling to explore the situation in good faith", it's that we have done so, and still cannot justify the actions of the prosecution in a reasonable way.
> Law enforcement, the prosecutor, and the individuals involved at MIT certainly should have learned about Swartz' character during the legal fight, and indeed they had the opportunity to do so if Swartz' attorneys are to be believed
Sure, but first impressions can never be erased. Remember, at first the investigators had no idea who was accessing the network. They had to place a camera to find out. Moreover, as a general rule, prosecutors don't go to lengths to really explore the character of defendants, because people are punished or not for their actions, not their character.
> sharing his politics is not necessary for a just outcome
No, but it totally shapes your perception of justice. Entertain the notion of someone who believes that copyrighted articles are really property, and that network boundaries are like real life fences. To such a person, what Swartz did seems like hopping a fence at a public art gallery to steal the paintings. But, most people on HN seem to subscribe to the politics that say a network boundary is like a "keep off the grass" sign at a public park, and that research articles aren't anyone's property at all. They are outraged that anyone would get in serious trouble for merely trampling on the grass and taking the fallen leaves on the ground.
> given this occurred at MIT, an institution whose primary notable achievement is the celebration of hacker culture
I think very few people would consider MIT's primary notable achievement to be the celebration of hacker culture. That's not what ordinary people think about MIT. They think it's like the show Fringe. Even within technologically-minded people, I think celebration of MIT's hacker culture is limited mostly to the CS set. I went to nerd high school, and what we knew about MIT was robotics, aerospace, etc, not hackers.
> and the target was not MIT, it was JSTOR. MIT was merely the vessel.
If you're familiar with Swartz's agenda, you know that. If you're the prosecutor presented with evidence of someone video taped accessing a restricted closet at MIT, you don't know that.
> But, most people on HN seem to subscribe to the politics that say a network boundary is like a "keep off the grass" sign at a public park, and that research articles aren't anyone's property at all. They are outraged that anyone would get in serious trouble for merely trampling on the grass and taking the fallen leaves on the ground.
OK, now I think I understand you, and unfortunately that means we're at an impasse, because you've imagined that we're making the most ridiculous argument possible despite all of the ample and articulate statements to the contrary. There is simply no way to have a sensible conversation with you if you're going to ignore all discussion of concepts like "reasonable" and "proportional" and instead conjure up some absurd caricature of the people you're talking to.
> I went to nerd high school, and what we knew about MIT was robotics, aerospace, etc, not hackers.
That's what hackers are -- robotics and aerospace and technology and knowledge and other "really cool shit!" enthusiasts.
> If you're the prosecutor presented with evidence of someone video taped accessing a restricted closet at MIT, you don't know that.
I'm not sure what I can say about a prosecutor that litigates a case without bothering to investigate the facts of the case, without sounding like a complete jerk. I will say that although Ortiz and Heymann might be described in many unflattering ways, I doubt either one of them could be said to be that incompetent.