New Charges Against Aaron Swartz

So… everyone violates the terms and conditions, but they only get invoked when someone downloads millions of documents. Am I the only one who looks at this and thinks ‘these institutions work better than I expected’?

I’m with #2. Mr. Swartz seems to have noble motivations, to be a genuine idealist and a very interesting person. As you note, he has made significant contributions to society. I have no legal knowledge, nor can I weigh in on the precise prosecutorial tactics used to pursue him. But it is just completely beyond clear that he misused MIT resources in order to violate JSTOR’s terms of service and obtain vast quantities of copyrighted material, whose copyrights he had unilaterally decided should be nullified. As someone who appreciates the ability to use JSTOR, I do not appreciate the threat to JSTOR posed by people who would deliberately misuse it.

I don’t know what punishment he faces, nor do I have any real idea what punishment is appropriate. It is quite possible that when I hear more about this question I will be shocked and be more sympathetic to Mr. Swartz. But until that day, I find these special pleadings on his behalf, which ignore what he actually did, to be obnoxious.

I would happily donate to a legal mitigation fund for Mr. Swartz, seeking to minimize his punishment. But so long as he refuses to portray his actions as being consciously illegal acts of civil disobedience and continues to pretend to actual innocence, I don’t understand how people can take his side and back a legal defense fund.

I resent law that proceeds with no criminal intent. I cannot figure out what Aaron Swartz was doing (any details on that part?), but my bet is on scraping for academic research, in which case he is not undermining JSTOR’s mission but bringing it to life.

Do US prosecutors not have to determine that a prosecution meets a public interest test, as British ones do?

“Do US prosecutors not have to determine that a prosecution meets a public interest test, as British ones do?”

Not really. Prosecutors have an ethical duty:

(1) As all attorneys, to zealously advocate their client’s position (in this case, the United States; generally, the People in general), while at the same time

(2) Maintaining their duty to “do justice” by appropriately exercising prosecutorial discretion, as attorneys representing not just the “prosecution” but “the People/the United States.”

Good prosecutors can run into some difficulties balancing these duties, and there’s a lot of interesting scholarly articles ethical debates (and probably a scholarly article) over what we should do in different and interesting situations. Bad prosecutors just go for the win.

If I’m correctly understanding Navin Kumar, rea, Warren Terra, etc., they like the idea of making anyone who uses a computer formally a felon, and trusting the prosecutors to decide who should actually go to jail. Judge Dredd, in other words. Now, me, I kind of prefer the rule of law. No accounting for taste, I guess.

@#12 JW Mason
You ask yourself whether you have understood correctly. I think that you have answered your own question. In general, if your theory is predicted on the premise that your interlocutors are cartoonishly evil and incomprehensibly stupid, you might want to rethink your premise. Or, heck, call people names instead.

But Warren, I know something about prosecutors. I’ve spoken with a couple, and I see how they talk in public. From their point of view, they never have enough discretion. A lot of them really do want to be Judge Dredd. So in general, I’m quite sure the attitude I’m describing is held by real people. On rereading your comment, though, I probably should not have lumped you in with them. Sorry.

Maybe the WIRED article is not factually accurate for the case at hand, but if a hypothetical individual engaged in the conduct described in the article I’d have a hard time seeing that as a mere violation of JSTOR’s terms of service. Not many people inadvertently spoof MAC addresses dynamically and accidentally access networks from which they got booted previously.

“However, giving false information on such a form is a crime regardless of intentionality and regardless of whether any harm was caused or not.”

Generally, forms are signed under penalty of perjury and so the only criminal liability results from knowingly providing a false statement. If the declarant doesn’t know that the statement is false, then the statement isn’t perjured – it’s just wrong.

There is also a materiality requirement. If the statement wasn’t material, it’s not perjured. For example, if in a police report I ask you a bunch of stuff and one of them is where did you go to elementary school, and you knowingly say “Yale,” but it doesn’t matter, and you then sign that your statement is given under penalty of perjury, it’s probably not a criminal issue.

However, some forms can be infracted based on no knowledge of their falsity. I don’t know for sure for immigration, but I’d be shocked if they were. I think they’re signed under penalty of perjury. AFAIK, the usual “punishment” is that a false statement will prohibit immigration status.

@Salient, I think what various commenters here saying is that absent an idea of what actually happened it is impossible to determine whether the only misbehavior is a violation of the TOS, or if there is more to it. If I buy a ticket to the Louvre and walk out with the Mona Lisa under my arm I’m “violating the TOS” of the Louvre, but I understand if there is also a public interest to prosecute me.

From what I was able to piece together, it SEEMS that Jstor has a bundle of articles which lapsed into the PD, but which, as of 2011, it kept behind their paywall. Swartz, while at Harvard, used his courtesy account at MIT to “liberate” those. Jstor got wind of this and complained to MIT, which in turn kicked Swartz of its network. So far we’re still roughly within the realm of National Portrait Gallery v Coetzee, minus the international component. Now it seems as if Swartz did not let it rest but used a variety of subterfuges (vulgo: “hacking”) to get back onto the MIT network. This got the prosecutors on the plan, even if MIT and Jstor don’t seem to have an interest in pursuing the matter in civil court.

So there seem to be two issues at stake here, and neither in my book look very favorable for Swartz, but they give different answers regarding the prosecutor’s actions.

One is Jstor vs Swartz. It might be assholey of Jstor to charge for PD material, but it is perfectly legitimate. They put effort into scanning those articles using their special software and they want to be compensated for it. If you don’t like this, climb down into the stacks and make your own copy. But they cannot rely on copyright law to enforce this, so they create a contractual arrangement to prevent their documents from leaking, and Swartz (as we all) agreed to that contract when he started downloading articles from Jstor. Now this arrangement goes quite a bit beyond the website TOS the NPG invoked against Coetzee, but I can follow arguments which say this should be handled in civil court.

The other one is MIT vs Swartz. I’m sure there is a stipulation that makes violating Jstor’s TOS also a violation of MIT’s TOS, and I’m also very sure that MIT has all kinds of provisions against hacking into their network, but what exactly Swartz’s contractual relationship with MIT is isn’t quite clear here.

So there might be all kinds of circumstances that speak in Swartz’s favor (his actions were of “activist” nature, Jstor followed suit in making some of their PD material freely available, MIT and Jstor don’t seem to be interested in pursuing this, etc.), but what I don’t see here is how the prosecutors use an overly broad CFAA to hassle Swartz for something entirely different, or even that all Swartz did was simply ignore a website TOS. But then again finding a factual account that isn’t clouded by advocacy isn’t easy, so the actual story might be very different.

True, rea, you argued for a “properly drafted statute” to criminalise Swartz’ behaviour rather than leave it to entrepreneurial prosecutors under a catchall statute. JW pinged Navar correctly though.

But I really don’t agree with you anyway – this seems to me a classic civil tort. Let JSTOR get some recompense for the damage done to them. Hell, even add some exemplary damages if you must. But the People, as distinct from JSTOR, has not much of a dog in this fight.

“But I really don’t agree with you anyway – this seems to me a classic civil tort. Let JSTOR get some recompense for the damage done to them. Hell, even add some exemplary damages if you must. But the People, as distinct from JSTOR, has not much of a dog in this fight.”

“Aren’t badly written laws that over–criminalise behaviour a feature not a bug for the politically well connected, because only certain people/crimes get prosecuted?”

I can’t follow the chain of thought in these two comments are in the context of criminal justice theory. The reason we want The People, and not individuals, in charge of enforcing this behavior is that regardless of your beliefs about the corruption of the criminal justice system by the politically and monetarily powerful and the other evils inherent in the system, at least it’s a “system.”

A rich entity can ALWAYS enforce a law through civil enforcement; it’s the poors that need The People to help them out. Absent some criminal enforcement, it’s you and me that can’t protect our computers, not Bank of America. Patent enforcement is a good example; there’s criminal laws, but the RIAA would rather just drop $500,000 judgments on teenagers. Because they can – they’ve got tons of money, and then they don’t have to listen to prosecutor to say, “Really? You want me to file a 1,000 count indictment against a cheerleader?”

Also, I’m not sure where all the angst about section 1030 is coming from. Prof. Kerr knows that the law doesn’t apply the way he claims it does – he LITIGATED the Drew case, after all. The Court specifically held that a “conscious violation of a website’s terms of service” [b]is not a crime[/b] under section 1030. You literally are not liable for going to Match.com and saying you’re 30 instead of 45 – that’s literally the holding of the court; that isn’t “intentional unauthorized access.” It’s all in the case. And in Nosal. Clarity Systems too. It’s not like ANY cases disagree here, because they don’t; I can’t think of a single case where there’s been liability until after a provider has sent specific notice of termination of use. I can understand being against 1030, but not because of people being scooped into criminal liability for errors in accessing websites.

Swartz is potentially liable because he did MORE than that. He accessed the computers, was booted, accessed it again, was booted again, accessed it [b]again[/b] was booted again, then broke into a closet to access the computers [b]again.[/b] This potentially shows “intentional unauthorized access.” The Government has a case; this law is not a tragic misapplication of justice.

I’m sympathetic to anyone who has a friend accused of a crime, and of course the facts need to be litigated and the scope of the law is in dispute. But to argue that We Are All Swartz seems like hyperbole. It’s simply not true that “every reader of Crooked Timber” is a felon because we might have misstated something in a website application. That’s literally not the law.

#22: If I buy a ticket to the Louvre and walk out with the Mona Lisa under my arm I’m “violating the TOS” of the Louvre, but I understand if there is also a public interest to prosecute me.

Theft is a crime, so punishing you for violating the TOS instead of using the actual exist laws that covers the crime you committed would seem bizarre. The same should be the case here – if he has committed actual crimes, charge him with them as appropriate, if not JSTOR can sue him for using too much bandwidth or messing with their system or whatever.

Computers are tools, like say a car – if someone deliberately drives into a pedestrian we charge them with murder, not improper use of a steering wheel. Equally there should basically be no computer crimes, instead already existing crimes should be prosecuted as normal whether the way they were committed happened to involve a computer or not.

Computers are tools, like say a car – if someone deliberately drives into a pedestrian we charge them with murder, not improper use of a steering wheel. Equally there should basically be no computer crimes, instead already existing crimes should be prosecuted as normal whether the way they were committed happened to involve a computer or not.

There are actually a whole bunch of laws specifically concerning driving.

Okay, I’m not even clear what Schwarz was trying to protest here. The law criminalising extreme actions vis a vis terms of service (and from what I can read above, the case law is applying the statute that way, and in a common law system, case law is law just as much as the statute is)? JSTOR? MIT? Why JSTOR particularly? A combination of JSTOR and the law?

If sympathy and support is being asked for, then a break down of what one is supposed to be supporting and sympathising with would be useful.

This kind of case is exactly why so many people thought that Chris’s anti-rule-of-law-fetishists “https://crookedtimber.org/2012/08/02/badminton-taxes-regulation-and-the-peoples-justice/”>post was so troubling. Overcharging to apply inappropriate pressure for plea bargaining is routine. Overcharging to make an example is common. Overcharging just because the prosecutor can is normal. Stretching laws that seem balanced in one area into a crazy quilt of scary patchwork in another area just so you can ‘get’ somebody happens all the time, and then gets used as precedent to slap down normal people.

Something is wrong with the criminal system if we elevate ‘violation of terms of service’ to a federal felony crime. Trusting the discretion of prosecutors to use it in only appropriate cases, where they are really getting a bad guy, is uncharmingly naive.

In this particular case I suspect 3 factors:
1) legislators have no idea that violating terms of service means ANYTHING in that wall of text everyone clicks when installing or using any computer program or service.
2) prosecutors will seek more personal power at every turn
3) Swartz acted in a shady manner, doing something that lots of people will feel intuitively is not right, so of course some prosecutor is going to think he should pervert whatever tool necessary to punish him.

The weird thing about this case is NOT that it shows an odd level of prosecutorial overreach. The weird thing is that it is being used to punish an affluent white male.

JWMason, you have manged to read my comment exctly contrary to what it actually means.

On rereading, I see you are correct. I blame the bourbon.

But in my defense, I do think the thought it seems to me that downloading a few million articles from a subscription-only database is something that could properly be criminalized in a sensibly-drafted statute can plausibly be understood to continue “… so it’s ok to go over him with whatever tools are at hand,” as opposed to what I realize now you intended, “… so there’s no need to rely on prosecutorial discretion.”

“In this particular case I suspect 3 factors:
1) legislators have no idea that violating terms of service means ANYTHING in that wall of text everyone clicks when installing or using any computer program or service.”

Well, maybe the legislators think that violating terms of service isn’t a crime because it’s not a crime?

The Courts have repeatedly – repeatedly – ruled that it takes more than simply violating the terms of service to be an intentional unauthorized access under 1030(a)(2). The Courts repeatedly – repeatedly ruled that was the intent of congress. It would be an abuse of prosecutorial discretion to go after somebody for saying they’re Joe when they’re name is Billy, or downloading a document against the rules. It’s not a crime under 1030 – it doesn’t show intentional misconduct under the statute.

What does it take?

It takes something like violating terms of service to download unauthorized documents, getting kicked off a system for violating those terms of service, then accessing the system AGAIN for downloading unauthorized documents, then getting kicked of the system AGAIN for violating the terms of service, then accessing the system AGAIN to download unauthorized documents, then BREAKING INTO A CLOSET to ACCESS THE SYSTEM AGAIN to download unauthorized documents- ALSO IN VIOLATION OF THE TERMS OF SERVICE.

Now, here, you have something that looks a lot like unauthorized access.

So are you planning on doing something like that? My guess is no. But if you do, why do you think Congress didn’t have somebody like you squarely in their sights when they criminalized “unauthorized access?”

“Did our comments cross paths, or are you arguing that “unauthorized access” to a place should be prosecuted in cases even if the place that was unauthoritarily accessed does not wish to press charges?”

Yes.

“Would it make sense for a law to criminalize my (mis)conduct, so that I could face jail time for what I did?”

I’d think you’d probably agree it wouldn’t be cool for your neighbors to break the code to your wifi and steal your bandwidth (let’s say the boost all of it, because we’re making stuff up). I’m thinking you’d put up with it once or twice, but after Three Solid Months of lost service, you’d probably be annoyed. I bet you’d probably also feel like you don’t think you should be forced handle that by repeatedly kicking them off your server and threatening them with academic penalties.

I figure you probably think that, if that happened enough, you might. Just maybe. Perhaps. Call the police. And maybe it’d be nice if instead of them saying, “What? Bandwidth? Nobody’s hitting you or anything? OK, we’ll be out there in . . . 2015,” let’s say there actually are specific criminal statutes that somebody is violating, so they actually, specifically care.

But maybe not. Maybe you’d just go downtown, pick up a summons and complaint, and file a nuisance action against your neighbor, and six months later get to use the internet again.

Reasonably minds can differ.

L2P, I honestly cannot figure out how to read your comment. I will mention that you’re not describing anything like what Aaron did when you say “break the code to your wifi” in the hypothetical. What do you mean by this? I haven’t argued against a statute outlawing hacking, and Aaron has not been accused of hacking anything. Now, if you’re saying my hypothetical wifi router is an open public unsecured network, or that I did voluntarily give those neighbors my WEP2 password and permission to use it, then we’re in a comparable case, but you’re describing it weirdly.

Also. Is the police call part of the “we’re making stuff up” hypothesis that I am supposed to accept? Is the idea some kind of ad hominem, like, declaring that I’m the kind of person who would actually make that call? I feel like whatever it’s supposed to mean, you’re not acknowledging how absurd and incoherent that would be. Am I misreading? Not picking up on sarcasm?

I suppose next we’ll have to write a statute that assigns a year of jail to those dastardly kids who go and sit in my gazebo without my permission! They should just stay off my lawn!! It’s criminal trespass! C’mon, police, c’mon hurry up, drive here quick and arrest them before they run off! This is the fourth time they’ve sat in the gazebo in my backyard this month! What’s wrong with kids these days!!

…huh?

And maybe it’d be nice if instead of them saying, “What? Bandwidth? Nobody’s hitting you or anything? OK, we’ll be out there in . . . 2015,” let’s say there actually are specific criminal statutes that somebody is violating, so they actually, specifically care

I can’t figure out what you mean. It would be nice? That hypothetical sounds terrifying and awful. Am I actually supposed to like it? Are you saying that, given the comments I’ve made so far, I must be the kind of person who would support that kind of statute? Or is this some kind of sarcasm that’s going over my head? Or is the idea that I should like it, because sending my neighbors to jail for years is actually a coherent, rational, and proportional response to boosted wifi?

It sounds like the nonsense I hear from anti-abortion activists who don’t have a clue in their head what the criminal penalty for aborting one’s own pregnancy should be, and who aren’t willing to commit to a statement that concretely associates the act with a consequence they deem proportional.

Are you willing to commit to the following sentence? “Arrest, criminal prosecution, and years of incarceration is a proportional social response to someone who repeatedly boosts wifi off their neighbor’s public unsecured network, changing their computer’s name to dodge a blacklist.” And, given that you’re not willing to commit to that, why the fuck are we wasting time discussing weird hypotheticals in which I would?

Salient: I’m very much in the “let JSTOR and/or MIT sue” school of thought on this one, and if it’s true that neither of them is particularly bothered (I can’t find a statement to that effect, but your google fu may be better) then a criminal indictment really is outrageous.

But I still don’t agree with the OP:

even those who don’t know Aaron should recognize that this is an outrageous assault on basic civil liberties, and the ability to use the Internet as you want to, not as corporate entities dictate

I’ll let ‘basic civil liberties’ go – I think it is fairly fundamental to the rule of law that a civil cause of action that’s been dropped shouldn’t get recycled as a criminal charge. But I can’t see any political case for doing what Aaron allegedly did, or for defending it – other than the (real and important) principle of defending one’s comrades, whatever crazy stunt they’ve got busted for.

I agree that any damage to JSTOR should be a civil matter. I understand the argument, “But look how the civil courts have screwed up filesharing cases!” but it doesn’t really apply. The law on copyrights specifies super-excessive penalties and/or some doctrine is giving absurdly high estimates of harm caused. That just means we should fix that law and doctrine, not switch over to criminal law. Criminal law is capable of handing out excessive sentences as well, and there are plenty of prosecutors who would go after filesharers.

As for MIT, if MIT had formally told him he was no longer allowed to access their network (not just booted his computer by a technical means–I mean actually talked to him or sent him a letter; I don’t know if they did or not) and he wouldn’t stop, then they would be entitled to ask for police assistance. If MIT didn’t order him to stop or they did but they worked it out with him afterward then there’s no reason for police involvement.

I would say that some crimes should be prosecuted whether the victim wants to press charges, but only in certain cases: such as where there’s substantial danger of intimidation or if the crime harms the public generally. Misuse of a network is exactly the opposite–let the parties work it out unless one asks for help.

Someone above said that after Swartz’s action, JSTOR changed their policy and made many of the articles in question public. And of course even if they hadn’t, a humungous quantity of articles is now available through BitTorrent because Swartz put it there. So his action accomplished his goal both directly and through persuasion.

I don’t understand your distinction between a political argument and a political action. What Swartz did is very similar to an illegal protest march or a sit in. What would you call those?

What Swartz did is very similar to an illegal protest march or a sit in. What would you call those?

If it was carried out by one person, I’d call it an ill-thought-out, voluntaristic stunt.

What is happening to him is obviously tragic, obviously disproportionate and obviously absurd. The sadist aspect is that this trinity is happening with increasing frequency to new victims so one cannot assert, obviously unusual.

On the issue there seems confusion. Protectors of property like to talk of theft. But there is no theft. There is simply the evading of revenue raising. This is not the same thing.

If someone, for example, deprives me of my wifi broadband by using it up that clearly is a theft. If someone steals my car, that is a theft. If someone makes a replica of my car, that might be a wrongful evading of a legitimate payment to whoever owns the design rights to the car but the only deprivation is of revenue or of the right to raise revenue from use of the design. (Revenue may not even have been deprived, because at the price asked, the copier may have simply gone without.) Hence, the two (theft and copying) ought not be conflated. Although the design owners do want the act to be considered, hysterically, as theft, theft it is not.

It isn’t plagiarism either. If it was, those plagiarists who paid a toll would cease being plagarists. Anyway, plagiarism is a crime against the original creator by passing off the creation as your own work. The original creator need not and may never have owned the rights anyway, and clearly attempting to pass the work off as ones own doesn’t come into it.

The criticism that some network privately created law was violated (even if that law us backed up by some friendly overarching law) or that the ‘culprit’s is a member if some elite seems a wee bit contrived and not greatly relevant.

Not clear that anyone ought to be necessarily bound by terms of service, or that they ought to be backed by force of law. Don’t believe in even reading them, personally.

As one of the assembled women said when Moses came down from the Mont and explained that God said that they were to do all the house work, and otherwise pamper and toil for the benefit of their menfolk… “He’s just making it up.”  So with terms of service.

And like other commands from on high, if not resisted they become set in stone.

Not clear that anyone ought to be necessarily bound by terms of service, or that they ought to be backed by force of law. Don’t believe in even reading them, personally.

I agree completely. But this whole discussion about the ToS and what Swartz was doing with JSTOR is a red herring. It’s just not relevant. Here’s the important part from the Wired article, which Henry quoted in this post:

…the superseding indictment (.pdf) unveiled Thursday accuses Swartz of evading MIT’s attempts to kick his laptop off the network…

In actively connecting to the network (or that particular network resource) after having been told that he was no longer authorized to do so (not implicitly merely because he violated the ToC, but explicitly was his authorization revoked and yet he reconnected and pursued evasive strategies to his actively being prohibited) he was violating a law specifically written to criminalize people who connect to computer networks and access resources who are not authorized to do so. Such violations can be trivial, and almost always unenforced, or they can be more serious, and strongly enforced. Either way, it’s a perfectly sensible law.

The ToS stuff is, at this point, a red herring intended to confuse the issue by people with a vested interest in defending Swartz. And, well, I am absolutely 100% in agreement with regard to the stupidity of ToSs and criminalization that relies upon them, as well as in agreement about the wrongness of JSTOR locking up public domain papers. Not to mention that Swartz seems like a great guy who has done many, many things which have been good for lots of people. But none of that is a defense against what he’s been charged with.

As soon as Swartz reconnected and continued his downloading after having been caught and told to desist, instead of walking away, he made it something very different. He was being stupid, took a stupid risk, and I’m pretty much exactly as sympathetic to him as someone who made an error in judgment that got him into serious legal trouble as I am with anyone who makes an error in judgment and gets into serious legal trouble. Which is to say, quite sympathetic, really.

What he said. I think three discussions are getting mixed up in a lot of this thread (including the OP): “should Aaron be prosecuted?”, “should we endorse Aaron’s [supposed] actions on political grounds?” and “did Aaron [supposedly] do anything he knew he was legally prohibited from doing?” The OP answers No, Yes and No Comment; I’d say No to the second (mainly on tactical grounds) and a reluctant Yes to the third. He shouldn’t be prosecuted, though.

As I understand it, different laws in different jurisdictions are written differently such that some are of the “victim pressing charges” variety, and others are effectively the state pressing charges — it’s not just, per discussion above, that sometimes victims might be pressured against pressing charges, or fearful, but that the primary interest being protected is perceived as being the state’s, not the victim’s.

That’s a clumsy way to put it. But, for example, back twenty years ago when I was working in rape crisis, it was explained to me by a prosecutor that in that jurisdiction, rape was understood as an offense against the general peace, against the state, and therefore not legally dependent upon the victim “pressing charges”. However, the prosecutor generally wouldn’t prosecute with an uncooperative victim, so it was still effectively a choice of the victim’s. But not necessarily.

IANAL, and when I looked some of this up later, I saw that it’s more complicated. Even so, I think that it’s sort of a ubiquitous misunderstanding that all criminal prosecutions rely upon the victim “pressing charges”. They don’t, it’s not unusual for a prosecutor to pursue a case against the wishes of a victim, and you can’t assume that when a case is prosecuted it’s at the impetus of the victim. Given that JSTOR and MIT have both said that they’d rather drop the matter, it seems that this is the case here.

Perhaps some are objecting to MIT’s initial involvement with the police. But I don’t see how we could draw any meaningful conclusions from this. I don’t know what exactly happened, but it’s entirely possible that a) Swartz crossed some line that explicitly called for informing the authorities, and b) it well may have been something like getting into that closet and accessing the network there.

People connecting to networks and computers they’ve explicitly been told they are not authorized to access is no small thing. It’s a violation that should be criminalized and it’s a violation that is central to a whole bunch of really bad things that are done all the time. Why Swartz was doing this, and what was doing when he did it, may be things we’re entirely sympathetic to, but he broke a non-trivial law to do so and he broke it in such a way that is as far from innocent or inadvertent as is imaginable.

Henry:

Okay, reading the new indictment, I find that in some respects it’s more ambiguous than I thought, and in other respects less ambiguous.

On your side of the argument, and contrary to my misunderstanding, MIT never directly communicated with Swartz and told him that he was no longer allowed to access the network.

However, that’s because they didn’t know who it was who was doing this. They couldn’t have contacted him directly because he had taken elaborate steps to disguise his identity. But, even so, they’d taken numerous and increasingly specific efforts to prevent his access, without knowing his specific identity. They could hardly have made it more clear that they didn’t want him doing what he was doing, or that because he was doing what he was doing they didn’t want him connecting to their network. And by his own actions he hardly could have made it more clear that he was entirely aware that they didn’t want him doing what he was doing, or that they didn’t want him connecting to the network. He went to great lengths to circumvent their efforts to prevent his access. In that context, and given that by the very nature of this kind of crime the specific identity of the intruder is unknown, that they didn’t explicitly contact him personally and revoke his access formally is not any sort of defense. He hid his identity specifically to prevent that, clearly.

Should poor old Seth Edenbaum be hauled away to prison then for repeatedly trying to post under bogus pseudonyms?

Yes, if he visited the facilities where this server is located and did as Swartz did:

Rather than let MIT assign his computer an IP address automatically, Swartz instead simply hard-wired into the network and assigned himself two IP addresses. He did so by entering a restricted network interface closet in the basement of MIT’s Building 16, plugging the computer directly into the network, and operating the computer to assign itself two IP addresses. To further cloak his activities, Swartz also hid the Acer laptop and a succession of external storage drives under a box in the closet, so that they would not arouse the suspicions of anyone who might enter the closet.

and

On January 6, 2011, Swartz returned to the wiring closet to remove his computer equipment. This time he attempted to evade identification at the entrance to the restricted area. Apparently aware of or suspicious of a video camera, as Swartz entered the wiring closet, he held his bicycle helmet like a mask to shield his face, looking through ventilation holes in the helmet. Swartz then removed his computer equipment from the closet, put it in his backpack, and left, again masking his face with the bicycle helmet before peering through a crack in the double
doors and cautiously stepping out.

It should also be made clear that when all this began, initially JSTOR tried to simply block the IP address that Swartz was using. He got another. JSTOR contacted MIT and together they became more aggressive, blocking a range of addresses and then his MAC address. Swartz circumvented all this. And so, reasonably, JSTOR suspended all of MIT’s access for several days, probably both as a solution they knew would be sufficient from their end, and also to put some pressure on MIT to resolve this themselves. The result, though, was that Swartz’s actions caused all of MIT to lose JSTOR access for several days. This isn’t trivial.

Are you denying that several of the charges rest, effectively, on the claim that defying ToS is a criminal activity?

Yes, actually. Read the indictment. The mention of JSTOR’s ToS and MIT’s policies for guest usage are all simply to help establish that Swartz was knowingly using the network in ways he knew he should not have been and which would, were he caught, result in an explicit, direct denial of his access. This is relevant in explaining why he made such obvious effort to disguise his identity and to access the network with such obvious covert and illicit means. It’s all part of establishing his intent to commit a crime; that is to say, access a computer network that he has strong reason to know he is not authorized to access. But the fundamental issue is that he accessed the network intentionally in a way that circumvented attempts to prevent his access. The MIT admins could have revoked his access for any reason and his subsequent behavior would be no less criminal.

Specifically, while arguably prior to JSTOR’s, and especially MITs, attempts to block him is his behavior only criminal insofar as he knew he was violating the ToS, subsequent to their attempts to prevent his access the ToS just doesn’t matter with regard to the criminality. I think your comparison to CT and a banned commenter is very badly flawed, but a similar distinction in your comparison would be between a user who posts a comment that violates your policy (knowing he’ll be banned or whatever) and a user who continues to try to post after he’s been banned. The case against him before you’ve banned him is nonexistent. Your case against him after you’ve banned him is much, much stronger. Especially if he breaks into your network closet to make a connection you can’t prohibit normally.

So, yeah, this argument that this is all about criminalizing activity on the basis of violating a ToS is not only a red herring, but in reading the indictment, it strikes me as being dishonest. I think very highly of you and I have enormous difficulty believing that you would make such an argument in bad faith. Nevertheless, there’s no way to analysis this that honestly and rationally makes it something that is essentially about a ToS violation. Rather, what it is, essentially, is someone who accessed a computer network (repeatedly, with numerous and increasingly aggressive methods of hiding his identity and circumventing attempts to prohibiting him) not only without authorization, but with unambiguous evidence that his access was specifically prohibited and he knew it to be so.

Contrary to yours and others’ possibly mistaken impressions, I’m not happy about this at all, about my judgment. I find that I am in complete sympathy with Swartz in every respect with the sole exception of his … hacking into a computer network where he wasn’t authorized. I am sympathetic to what he was doing, and why. I am sympathetic to the argument against criminalizing ToSs (and here I’m thinking in terms of past attempts to connect ToSs with DMCA such as in MDY v. Blizzard). I am sympathetic to the argument against the prosecutors throwing the book at Swartz. And I’m especially sympathetic to the point of view that Swartz is a good person who’s done a bunch of good things. I’m also sympathetic to the fact that a number of people I regularly read and admire are friends of his and actively defending him. But, even so, I think he did something he knew to be criminal and, given all those things I just mentioned, I’d be more sympathetic to his defense (at least in the public sphere) if it were built around the argument that he violated the law for good reasons, not that he didn’t violate the law and this is some absurd, twisted legal reasoning.

Okay, well, honestly, I would prefer to be proven mistaken about all this. And maybe I’m being more aggressive in countering the majority opinion here than I ought to be; but with regard to both this and the other (elsewhere) blog post I read, I was honestly shocked to later learn that Swartz didn’t merely, as both these posts strongly imply, download a bunch of JSTOR articles. ” Shocked”, because what he did actually do was entirely beyond the pale of merely violating ToS. Yes, I can see the argument that it all rests upon that violation — but eliding from the discussion everything beyond the ToS is, in my opinion, very misleading.

But with regard to your main argument, I’m not comfortable with defending him on the basis of a technical test of a certain behavior (“sought to root the system, login under a stolen administrator’s password”). If a reading of the statute sees those things as being dispositive, presumably because those things clearly signal intentional unauthorized access and, well, just a kind of general bad intent, then while reconnecting after being knocked off and spoofing a MAC address is pretty weak tea for establishing the same sort of unambiguity, getting into a network closet to connect to the network as a means of circumventing an effort to prohibit connection and hiding a laptop there with a couple of external drives seems to me to easily meet that test.

This seems like a good place to point out that, in cases without a clear victim whose interests we also have to defend, conjecturing and speculating about a person’s innocence is not nearly so dangerous and pernicious as conjecturing and speculating about a person’s guilt.

(In cases with a clear victim whose interests we have to defend, that’s usually reversed, so I hope it’s not completely trivial for me to point this out…)

deleted comment by banned commenter

A very good point is made by Henry about AS having engaged in something quite common but rarely punished. There has to be concern when government chooses to punish someone for doing something that many have and do do. The question needs to be asked is the government prosecuting this individual as some random offender because they have decided to tighten up enforcement in this unenforced area? If so,the penalty should not be draconian but should simply signal that an enforcement change is underway. Or,as might be in this case, are authorities just abusing their powers (delegated powers in a democracy) for personal, political, or some other low reason? Using the mighty power and authority of the state to victimized an individual is something every rational individual should be against, regardless of personal dislike of that individual, because protecting him or her is just protecting yourself. “Ask not for whom the bell tolls..”