Here is where we need a better sense of justice, and shame. For the outrageousness in this story is not just Aaron. It is also the absurdity of the prosecutor’s behavior. From the beginning, the government worked as hard as it could to characterize what Aaron did in the most extreme and absurd way. The “property” Aaron had “stolen,” we were told, was worth “millions of dollars” — with the hint, and then the suggestion, that his aim must have been to profit from his crime. But anyone who says that there is money to be made in a stash of ACADEMIC ARTICLES is either an idiot or a liar. It was clear what this was not, yet our government continued to push as if it had caught the 9/11 terrorists red-handed.

Aaron had literally done nothing in his life “to make money.” He was fortunate Reddit turned out as it did, but from his work building the RSS standard, to his work architecting Creative Commons, to his work liberating public records, to his work building a free public library, to his work supporting Change Congress/FixCongressFirst/Rootstrikers, and then Demand Progress, Aaron was always and only working for (at least his conception of) the public good. He was brilliant, and funny. A kid genius. A soul, a conscience, the source of a question I have asked myself a million times: What would Aaron think? That person is gone today, driven to the edge by what a decent society would only call bullying. I get wrong. But I also get proportionality. And if you don’t get both, you don’t deserve to have the power of the United States government behind you.

In that world, the question this government needs to answer is why it was so necessary that Aaron Swartz be labeled a “felon.” For in the 18 months of negotiations, that was what he was not willing to accept, and so that was the reason he was facing a million dollar trial in April — his wealth bled dry, yet unable to appeal openly to us for the financial help he needed to fund his defense, at least without risking the ire of a district court judge. And so as wrong and misguided and fucking sad as this is, I get how the prospect of this fight, defenseless, made it make sense to this brilliant but troubled boy to end it.

Mr. Swartz's lawyer, Elliot Peters, first discussed a possible plea bargain with Assistant U.S. Attorney Stephen Heymann last fall. In an interview Sunday, he said he was told at the time that Mr. Swartz would need to plead guilty to every count, and the government would insist on prison time.

Mr. Peters said he spoke to Mr. Heymann again last Wednesday in another attempt to find a compromise. The prosecutor, he said, didn't budge

The government indicated it might only seek seven years at trial, and was willing to bargain that down to six to eight months in exchange for a guilty plea, a person familiar with the matter said. But Mr. Swartz didn't want to do jail time.

"I think Aaron was frightened and bewildered that they'd taken this incredibly hard line against him," said Mr. Peters, his lawyer. "He didn't want to go to jail. He didn't want to be a felon."

I know a criminal hack when I see it, and Aaron’s downloading of journal articles from an unlocked closet is not an offense worth 35 years in jail.

The facts:

• MIT operates an extraordinarily open network. Very few campus networks offer you a routable public IP address via unauthenticated DHCP and then lack even basic controls to prevent abuse. Very few captured portals on wired networks allow registration by any vistor, nor can they be easily bypassed by just assigning yourself an IP address. In fact, in my 12 years of professional security work I have never seen a network this open.
• In the spirit of the MIT ethos, the Institute runs this open, unmonitored and unrestricted network on purpose. Their head of network security admitted as much in an interview Aaron’s attorneys and I conducted in December. MIT is aware of the controls they could put in place to prevent what they consider abuse, such as downloading too many PDFs from one website or utilizing too much bandwidth, but they choose not to.
• MIT also chooses not to prompt users of their wireless network with terms of use or a definition of abusive practices.
• At the time of Aaron’s actions, the JSTOR website allowed an unlimited number of downloads by anybody on MIT’s 18.x Class-A network. The JSTOR application lacked even the most basic controls to prevent what they might consider abusive behavior, such as CAPTCHAs triggered on multiple downloads, requiring accounts for bulk downloads, or even the ability to pop a box and warn a repeat downloader.
• Aaron did not “hack” the JSTOR website for all reasonable definitions of “hack”. Aaron wrote a handful of basic python scripts that first discovered the URLs of journal articles and then used curl to request them. Aaron did not use parameter tampering, break a CAPTCHA, or do anything more complicated than call a basic command line tool that downloads a file in the same manner as right-clicking and choosing “Save As” from your favorite browser.
• Aaron did nothing to cover his tracks or hide his activity, as evidenced by his very verbose .bash_history, his uncleared browser history and lack of any encryption of the laptop he used to download these files. Changing one’s MAC address (which the government inaccurately identified as equivalent to a car’s VIN number) or putting a mailinator email address into a captured portal are not crimes. If they were, you could arrest half of the people who have ever used airport wifi.
• The government provided no evidence that these downloads caused a negative effect on JSTOR or MIT, except due to silly overreactions such as turning off all of MIT’s JSTOR access due to downloads from a pretty easily identified user agent.
• I cannot speak as to the criminal implications of accessing an unlocked closet on an open campus, one which was also used to store personal effects by a homeless man. I would note that trespassing charges were dropped against Aaron and were not part of the Federal case.

In short, Aaron Swartz was not the super hacker breathlessly described in the Government’s indictment and forensic reports, and his actions did not pose a real danger to JSTOR, MIT or the public. He was an intelligent young man who found a loophole that would allow him to download a lot of documents quickly. This loophole was created intentionally by MIT and JSTOR, and was codified contractually in the piles of paperwork turned over during discovery.

Given the disclosures by Swartz's expert, Alex Stamos, which are linked at the beginning of this post, it seems that Swartz had a strong argument that he did indeed have "authorization." As Stamos says, at the time of Swartz's downloads, "the JSTOR website allowed an unlimited number of downloads by anybody on MIT’s 18.x Class-A network" and "Aaron did not use parameter tampering, break a CAPTCHA, or do anything more complicated than call a basic command line tool that downloads a file in the same manner as right-clicking and choosing 'Save As' from your favorite browser."

Thus, all Swartz did was write a script to find and download the files. As a factual matter, that may have been "authorization," rendering it lawful everywhere. Even if the script was "exceeding authorization," if the First Circuit had adopted the same rule as the Fourth Circuit and the Ninth Circuit, then Swartz would likely have been not guilty as a matter of law. All of which further shows why this prosecution should not have been brought in the first place; the prosecutor is supposed to exercise their judgment to do justice.

Elliot Peters, Swartz's California-based defense attorney and a former federal prosecutor in Manhattan, told The Associated Press on Sunday that the case "was horribly overblown" because Swartz had "the right" to download from JSTOR, a subscription service used by MIT that offers digitized copies of articles from more than 1,000 academic journals.

Peters said even the company took the stand that the computer crimes section of the U.S. Attorney's Office in Boston had overreached in seeking prison time for Swartz and insisting , two days before his suicide , that he plead guilty to all 13 felony counts. Peters said JSTOR's attorney, Mary Jo White , the former top federal prosecutor in Manhattan , had called Stephen Heymann, the lead Boston prosecutor in the case.

"She asked that they not pursue the case," Peters said.

Its removal is not the same as deferring to government censorship, and as much as I hate to give mob violence the satisfaction of an effective heckler’s veto, we cannot expect that online service providers will never remove material simply because it is deemed offensive by wide swaths of the population. Moreover, I can’t help but wondering if the violent response isn’t just what the film-makers were hoping for. So by leaving the image on its site so that we can understand the controversy, while taking it down where broad access to the material is likely to cause the greatest harm, Google has made a comprehensible judgment.

"There's no indication that the government is questioning the right of these idiots to make that repellent film. On the other hand, it does make us nervous when the government throws its weight behind any requests for censorship," the American Civil Liberties Union's Ben Wizner said in an interview Friday.

"I am actually kind of distressed by this," said Eva Galperin of the Electronic Frontier Foundation. "Even though there are all these great quotes from inside the White House saying they support free speech....by calling YouTube from the White House, they were sending a message no matter how much they say we don't want them to take it down, when the White House calls and asks you to review it, it sends a message and has a certain chilling effect."

With the implicit threat that tough legislation will be brought in if voluntary agreements aren't drawn up promptly enough, governments are using this technique to avoid even the minimal scrutiny that consultations on proposed new laws would permit. This allows all kinds of bad ideas to be forced through without any evidence that they will help and without the chance for those affected to present their viewpoints.

James Firth has a disturbing post about a proposed "voluntary" scheme involving search engines in the UK:

We know laws such as the UK's Digital Economy Act and America's SOPA/PIPA met incredible resistance from the tech industry and internet users, and readers of this blog and Open Rights Group supporters are already aware the UK government has switched tack from legislating to encouraging agreements directly between service providers and copyright owners.

What we didn't know until now is the extent that the UK government and in particular Ed Vaizey, Minister for Culture, Communications and the Creative Industries, is pressurising search engines to police search results in a way that goes well beyond notice and take-down.

I'm told a consortium of search engines at a meeting on Tuesday were accused of a "retrograde step" after failing to make progress on a proposal by music rights holders for a system to promote "good" music resellers and demote "bad" in the search rankings.

The good news is that the search engines seem to be resisting this move -- for the moment. As Firth writes:

I'm told that whilst search engine providers are both keen to strictly abide by all national laws and also willing to work with content owners to provide easy-to-use notice and take-down systems (under the EU E-Commerce Directive and US DMCA), they are "drawing the line" at doctoring search results to suit one relatively small group of economic interests.

That exposes one of the key problems with these "voluntary" agreements: those pushing for them have no interest in striking a balance, or in building in safeguards for those most affected -- it's all about getting a quick-and-dirty fix and to hell with the consequences. That's why legislation, with full consultation from all parties, is a far better way of proceeding. After all, it's why we have a legislative process with checks and balances in the first place -- to craft a solution that is both workable and fair. The new fashion for backroom agreements among a small group of unelected insiders is nothing less than an attack on that process, and hence on democracy itself.

Follow me @glynmoody on Twitter or identi.ca, and on Google+

However, as an excellent post on the Estonian Public Broadcasting site explains, the letter's underlying assumptions about lack of enforcement are simply wrong:

They claim, for instance, that there is poor intellectual property rights (IPR) enforcement in Estonia. However, Estonia’s IPR laws and enforcement, at least in the commercial space, are quite adequate. Operations, including websites, that exist for commercial exploitation of unlicensed rights, are already illegal and get shut down. The operators can be imprisoned for up to three years.

Follow me @glynmoody on Twitter or identi.ca, and on Google+

As a news organization, all we have connecting us to our audience is our credibility. When we make mistakes, when we miss the point, when we fail to publish in a timely manner--each of these creates a little crack in that credibility. Once enough cracks form over time, the credibility is eroded and ultimately broken apart. At that point it doesn't matter how many orange dots you have swirling around your TV commercial or how intelligent you claim your information is. Once that bond is broken you're screwed.

Because Reuters is my company, there's a big part of me that hopes this incident has been blown out of proportion; that the blogs don't have the whole story. I fear that's not the case, however. The way it looks now is positively scandalous. And as a journalist it makes me almost physically ill to think about it.

I hope someone above me addresses the situation publicly, because lord knows not addressing it ain't working. Right now this incident is relatively contained (although it was the most viewed post on ZeroHedge as of Tuesday). But by next week, this will be all over the place--Romanesko, Drudge. From there it could get real ugly real fast.

And herein, I hope, lies a lesson for whomever killed Matt Goldstein's Steve Cohen story: When you make a decision like that, under those circumstances, the back story will get out. And the fallout from that back story will always, always be worse than the fallout from the story itself.