Feds Charge Aaron Swartz With Felony Hacking… For Downloading A Ton Of Academic Research

from the how-dare-he! dept

Well, the big story making the rounds today has been the charges filed against Aaron Swartz by US prosecutors for violating the Computer Fraud and Abuse Act — a law that is all too often been abused by the feds to attack people they don’t like. Wired News has the most comprehensive coverage as far as I can tell.

If you’re unfamiliar with Aaron, while most of the reports refer to him as a co-founder of Reddit (which is a bit of a stretch as he was actually merged into Reddit as part of an early Ycombinator program) and as the founder of Demand Progress, I remember him from way before that — back when he was a teenager and helped author the RSS 1.0 spec.

As for the specifics of the case, it’s still a little hazy. The full indictment is embedded below, but the story being pushed by the feds is that Aaron maliciously hacked into JSTOR, a non-profit organization that hosts academic journal articles, via a computer room at MIT and then downloaded millions of records, bringing JSTOR’s servers to a screaming halt. Believe it or not, the indictment directly claims that he “stole” these articles, despite them being offered up for download via open access on various university campuses. He didn’t “steal” a damn thing.

Demand Progress paints a very different portrait of what happened, pointing out that he was downloading works that appeared to be authorized and that the complaint seems to really just be that he downloaded too much:

?This makes no sense,? said Demand Progress Executive Director David Segal; ?it?s like trying to put someone in jail for allegedly checking too many books out of the library.?

?It?s even more strange because JSTOR has settled any claims against Aaron, explained they?ve suffered no loss or damage, and asked the government not to prosecute,? Segal added.

James Jacobs, the Government Documents Librarian at Stanford University, also denounced the arrest: ?Aaron?s prosecution undermines academic inquiry and democratic principles,? Jacobs said. ?It?s incredible that the government would try to lock someone up for allegedly looking up articles at a library.?

JSTOR, itself, put out a statement that, at the very least, suggests that after they talked to Aaron and confirmed he wasn’t going to release the data he downloaded, that that was all they cared about:

We stopped this downloading activity, and the individual responsible, Mr. Swartz, was identified. We secured from Mr. Swartz the content that was taken, and received confirmation that the content was not and would not be used, copied, transferred, or distributed.

The criminal investigation and today?s indictment of Mr. Swartz has been directed by the United States Attorney?s Office.

It’s not clear, then, how the Feds became involved in the first place. It’s entirely possible JSTOR alerted them originally, and then the investigation went from there. From the details, it seems more likely that MIT may have reported the situation to the feds.

As far as I can tell, the crux of the argument against Swartz is that he violated the JSTOR terms of service, specifically the part about automated downloading, which in the minds of the feds, makes you a felon who can face up to 35 years in jail and $1 million fines. There’s a lot of fluff around that violation of terms of service, about how he “broke into” an MIT computer writing room and covered his face with a bicycle helmet. But, really, that’s all to set up the claim that he knowingly was getting around the terms of service and certain technological measures that JSTOR had put on its system to avoid such mass downloads.

It doesn’t looked like Swartz actually “hacked” into anything. He went onto MIT’s campus and logged in as a guest, as MIT allows. Now, it does appear that JSTOR and MIT took somewhat weak efforts to block him from mass downloading JSTOR works, and Aaron took rather trivial measures to get around that (change the IP, change the MAC address). The government is using that to suggest malicious intent.

But what was Aaron actually doing this for? I imagine that will come out soon enough. The government claims that he “intended to distribute a significant portion of JSTOR’s archive of digitized journal articles through one or more file-sharing sites.” That may be possible, though JSTOR says that Aaron had already promised the works would not be distributed. It’s important to note that Aaron has a long history of being involved in open access and open records movements, and was investigated by the feds once before for doing something similar. In that case, he set up a program to download legal documents from PACER, which are public documents, to post them on a free internet service. That case went nowhere, of course, because those documents are public. Separately, in the past, Aaron has gone through academic research to help with research papers on potential conflicts of interest in research funding. I have no idea what he was trying to do here, but it seems likely that it had to do with more open records research. Perhaps he was trying to open up works that were funded by federal dollars?

Either way, a felony indictment and threats of 35 years in jail and $1 million in fines seems ridiculously excessive and vindictive when you consider what he actually did here: which was download 4.8 million academic articles via a network that allowed such downloads. Yes, he used automated means barred by the terms of service, and yes, after being barred a few times, he worked out how to get around that. But it’s hard to see how any of that really deserves felony prosecution for computer hacking, with totally bogus claims from the feds about how “stealing is stealing.” He wasn’t “stealing” anything or you would have charged him with theft. Actually, the stealing is stealing comment from US Attorney Carmen M. Ortiz is so chock full of wrong, it deserves special mention:

Stealing is stealing whether you use a computer command or a crowbar and whether you take documents, data or dollars. It is equally harmful to the victim whether you sell what you have stolen or give it away.

Downloading data made available on a network is not “stealing.” And he made copies of documents. He did not “take” them. JSTOR still had the documents. And, JSTOR doesn’t seem to be acting like a victim of “theft” here. It certainly looks like Aaron did some things that were questionable in how he accessed this data. But does it raise to the level of a federal indictment for criminal hacking? That seems like a huge, huge stretch.

Filed Under: , , ,
Companies: jstor, mit

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Feds Charge Aaron Swartz With Felony Hacking… For Downloading A Ton Of Academic Research”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Re: I use JSTOR

“I’ve been using JSTOR to research my thesis. I downloaded documents. Does this mean I too have “stolen” them? What’s the difference?”

This the fallacy that lies behind the whole of this article.

A charity has a soup kitchen in a deprived area. It allows any individual to have a bowl of soup without payment. That does not entitle anyone to take the whole urn.

JSTOR allows individuals to obtain for free limited numbers of academic documents from the archive in the individual’s area of research without payment. That does not allow some to take the whole archive.

The first is clearly more egregious than the second, but it does not make what happened right nor this article sensible.

btr1701 says:

Re: Re: Nope

> The US Attorney brings criminal charges,
> not the victim.

Wow, thanks, Captain Obvious.

Unless someone in law enforcement personally witnessed the crime, it’s necessary for the victim to cooperate or there’s no case.

This is why so many domestic batterers never get convicted. The cops and the DA can bring all the charges they want, but unless the victim agrees to cooperate in the prosecution, there’s never enough to convict.

Anonymous Coward says:

You didn’t actually say this did you?

It doesn’t looked like Swartz actually “hacked” into anything. He went onto MIT’s campus and logged in as a guest, as MIT allows.

“….he entered an MIT network closet, “hard-wired into the network and assigned himself two IP addresses. He hid the Acer laptop and a succession of external storage drives under a box in the closet, so that they would not be obvious to anyone who might enter the closet.”

So you believe a lot of MIT guests sneak into a closet to log in?

Sometime later…

“As Swartz entered the wiring closet, he held his bicycle helmet like a mask to shield his face, looking through ventilation holes in the helmet. Swartz then removed his computer equipment from the closet, put it in his backpack, and left, again masking his face with the bicycle helmet before peering through a crack in the double doors and cautiously stepping out.”

I can hardly wait for the jury to see the security footage. At least now there is no question of the underlying reason of his and Demand Progress’s opposition to Protect IP. This punk doesn’t respect anyone’s intellectual property.

Anonymous Coward says:

Re: Re: Re: Re:


From Ars Technica:

“He is accused of downloading 4.8 million documents from the academic archive JSTOR, in violation of its terms of use, and of evading MIT’s efforts to stop him from doing so.

“There’s an important difference between PACER [an earlier hack] and JSTOR. As works of the federal government, PACER documents are in the public domain. In contrast, many JSTOR documents are protected by copyright.”

From the indictment:

“Swartz intended to distribute a significant portion of JSTOR’s archive of digitized journal articles through one or more file-sharing sites.”

DCX2 says:

Re: Re: Re:2 Re:

“Swartz intended to distribute a significant portion of JSTOR’s archive of digitized journal articles through one or more file-sharing sites.”

You forgot the next sentence of the article. Here, let me add it for you.

But it offers no evidence for this claim.

My, my, what a difference some context makes. Oh, what’s this? There’s more?

It’s not clear, then, whether this was an attempt to liberate the documents from behind the JSTOR paywall or whether he was intending to use the documents for a personal research project.

Josh in CharlotteNC (profile) says:

Re: Re: Re:6 Re:

You realize how weak that sounds, right?

Read the indictment. On every single section in the “Means of Committing Offenses” the indictment is very clear on what was happening. On (specific) date at (specific) time using (specific brand) laptop Swartz did (specific) act.

Then it gets down to the last one, and it reads like: “Oh, by-the-way, he was gonna upload these to some filesharing site.”

Still waiting.

G Thompson (profile) says:

Re: Re: Re:2 Re:

Actually the indictment would state “it is alleged Swartz intended to distribute”

Notice the alleged. it means it has NOT been proven beyond doubt by a qualified authority (judge or jury) that he had the mens rae of the ALLEGED intent that might of occured by his, again and let me hold your hand whilst we sound out this word, ALLEGED action.

As for the charges, if the victim in a criminal proceedings , in this case JSTOR, are stating publicly that they do not reasonably (oops there is on of those defining words again) believe that Swartz intended to distribute, the government has a major problem in the form of a hostile witness and you can believe the defense will use this fully.

My personal opinion is that the US Governemnt got its panties in a twist over the PACER debarcle since their are alleged comercial/contractual issues with PACER that the governemnt was using, so they are now fishing for anything to stop people bringing to the publics attention in a Free and Open way documents that though publicly accessible, were behind corporate paywalls.

Hephaestus (profile) says:

Re: Re:

I understand you are all, warm and fuzzy happy, about another IP thief being arrested.

You have to look at the bigger picture here. Science journals rarely if ever press charges for IP theft. The reason is simple the first line of the copyright clause, “To promote the Progress of Science and useful Arts”. This will be a case before SCOTUS.

Also, think about who they indicted today, the guy that started demand progress, the way he acted in court, and the groups he can bring to bear. Then tell me if ou are still smiling. This is going to be fun to watch.

Yes, you and your fellow trolls, have this whole disrupting blog discussions dead to rights. But how do you stop the spread of news on social media sites?

Anonymous Coward says:

Re: Re: Re:

Yes, you and your fellow trolls, have this whole disrupting blog discussions dead to rights. But how do you stop the spread of news on social media sites?

I doubt the judge tweets or has a Facebook page. As for the jury, well, that’s why they have voir dire. Apparently there’s a video of him trying to disguise himself and acting like a cat burglar. That and the facts of the case should be enough.

Anonymous Coward says:

Re: Re: Re:2 Re:


That’s actually a pretty good question. I think it is likely he’s guilty of one or more felonies. I’m far more sympathetic to a character whose motivation and intent is not for his own personal financial gain. Further, it appears that when caught, he returned the goods (hopefully didn’t retain a copy) and pledged not to release the purloined material. I also do not believe he should receive jail time. His problem is that he has a history of this kind of behavior (though probably inadmissible at trial, may be considered at sentence) and his cat-and-mouse behavior with those trying to prevent his access, along with his attempted stealth and concealment look really bad.

Marcel de Jong (profile) says:

Re: Re: Re:3 Re:

Return what exactly?
The digital copies he made of those documents that were still in JSTOR’s actual possession? And how did he do that?

And why should he need to pledge not to release the purloined material if he had to “hand it over”?

Also care to elaborate on his ‘history of this kind of behaviour’, preferably with links to the sources instead of just hear-say and anecdotes.

I sometimes skulk in the hallways here at work too, and act a little bit weird, it’s because otherwise the day would be dull.
I also keep my eyes on security cameras, because I wanna know where they are, not to be a criminal, but I’d like to know when I’m being watched.
I also sometimes try to figure out if I can hide from them, does that make me a criminal immediately? No.

Sure, hiding your laptop in a closet is weird, but nothing illegal per se.
And yes, downloading that many documents might be against the terms of service of JSTOR, but all that combined still does not warrant a 35 year prison sentence. Especially after JSTOR made it clear that it didn’t want the state to prosecute this matter any further.

Hephaestus (profile) says:

Re: Re: Re: Re:

“I doubt the judge tweets or has a Facebook page.”

It doesn’t matter, 2 billion other people do.

“Apparently there’s a video of him trying to disguise himself and acting like a cat burglar.”

So acting like a cat burglar is enough to get you put in jail. Oh wait, I forgot, being accused of a crime now forces you to prove you are innocent. I keep forgeting the rules have changed. So I am accusing you of being a witch!!!!

oh wait, wrong era … Troll!!

Anonymous Coward says:

Re: Re: Re:2 Re:

“I doubt the judge tweets or has a Facebook page.”

It doesn’t matter, 2 billion other people do.

Sadly for young Aaron, they won’t be sitting on the bench

“Apparently there’s a video of him trying to disguise himself and acting like a cat burglar.”

So acting like a cat burglar is enough to get you put in jail. Oh wait, I forgot, being accused of a crime now forces you to prove you are innocent. I keep forgeting the rules have changed.

An element of any crime is intent. Figure out for yourself how a jury will interpret the security video.

So I am accusing you of being a witch!!!! oh wait, wrong era … Troll!!

Troll? Is that the only response you can think of when you get owned in a debate? Sad.

Nicedoggy says:

Re: Re: Re:3 Re:

You don’t need to cover your face to access a network, you cover your face to get access to some place.

So it is not that clear that he was covering his face to evade inexistent network security that would take a picture of him accessing that network.

He was caught trying to evade campus security for some unknown reason.

Maybe he was worried that downloading 4 million documents although legal could get him in trouble for not having secured an authorization from the sys admin, and he didn’t wanted to listen to a lecture.

I doubt anybody in their right minds would send a kid to prison for being stupid and naive, but hey this is the USA we are talking about where common sense has gone out the window a long time ago.

Hephaestus (profile) says:

Re: Re: Re:3 Re:

Since this administration took office. We keep seeing these politically motivated trials, seizures, and arrests. Slamming whistleblowers, taking domain names, arresting website owners, and now this. It all makes the DOJ, ICE, and USAG look petty, and corrupt.

You mentioned intent, the intent of the laws he is being charged with was never this. Using overly broad open ended laws to make an example of someone, again it goes back to looking petty, corrupt, and having an agenda.

In the end this is going to create more negative publicity for DOJ, and USAG. Publicity they do not need after the guns fiasco, and the prior restraint 84k web site domain seizure.

G Thompson (profile) says:

Re: Re: Re:2 Re:

The problem with hacking in dark places is that bugs are guaranteed.

Though you could crack em over the head with the nearest VMS manual I guess.

?Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the universe trying to produce bigger and better idiots. So far, the universe is winning.?

Anonymous Coward says:

Re: Re: Re:

The ‘hiding box’ was already in the wiring closet for a reason… the note on the box in black marker saying, “Hide laptop here to avoid maintenance disconnecting by mistake.” may have been a clue….

If he had set the laptop outside the building and connected using wireless access, would it have made any difference (assuming he had the authorization to connect to the wireless network)?

Anonymous Coward says:

Let it be proclaimed that, on Tuesday 7/19/2011...

…all of the serial rapists were found, and arrested; the unvsolved murders resolved and their perpetrators indicted; the massive white-collar fraud perpetrated on Wall Street on a daily basis stopped and its actors (and their assets) seized, and the victims of all these made whole, restitution paid, justice found…because then there was enough spare time and money to persecute (note: word choice intentional) some bright kid for downloading research material.

And there was much rejoicing.

JMT says:

Re: Another abuser of "unlimited" and "free".

“While innocent of the charge, getting clear of it will teach him a lesson.”

Do you think that’s a wise use of your taxpayer dollars? Given that the “victim” asked for no action to be taken, don’t you think that the feds could instead go look for some actual criminals doing things that actually hurt people?

Hephaestus (profile) says:

Re: Could this be a setup? ... yeah someone doesn't like Eric Holder.

From his history, I would think that this is something like his Stanford Law Review piece. Where he downloaded a ton of stuff from PACER to determine who funded law review articles. If his goal here is to determine that the US government funded x percent of the research, and it should be in the public domain. Then the USAG will lose big time. It goes back to “promote the progress …” and the copyright clause.

You do not see many tests of copyright law from scientific journals. They can not afford to because of the copyright clause, and the inevitable backlash from academia if they push to hard. I mean universities self publishing and reviewing online, all the students learning about the public domain, carrying that out into the real world with them … what chance do copyright types have then?

This is such a fail on so many levels.

Anonymous Coward says:

“Believe it or not, the indictment directly claims that he “stole” these articles, despite them being offered up for download via open access on various university campuses.”

I don’t believe this is actually true of many articles on JSTOR. Universities pay JSTOR for database access, and then pass that expense to the students. But hacking JSTOR? Really!?! Such trumped up nonsense.

Shane Roach (profile) says:

Guilty, but Overkill

Trying to pretend he did not break the law seems a little bootless to me. Saying he never intended to break the law seems disingenuous at best. I understand and agree with the accusation that the government misuses the terms related to theft here, but the bottom line is that the government does not have to have the permission of a victim to prosecute, so what JSTOR decides to do about this is moot.

The real story here is that copyright laws are allowed to run as strictly as they do at all, and that so much time and effort is wasted trying to overcome progress through criminalization. The man, as far as I am concerned, can break the law and still be a hero. After all, Sampson slaughtered hundreds of his enemies single handedly, which in Biblical terms seems to look like murder, and behaved flippantly towards the authority of God Himself on occasion, yet still in the end is considered a great Bible hero because his faith endured and in the end he was able to bring his enemies, and God’s, to their knees.

I tell you the truth, those who lie and pretend that copying things is theft, or that copyright is anything other than a end run around freedom of speech, seem to me to be the bigger liars, and true enemies of God, if the phrase, “God is Truth”, has any literal meaning at all.

Dave (profile) says:

Diversionary Tactics

What we’re seeing here isn’t a crime being procecuted. We’re seeing the Gummint trying to divert your attention from all of the legal failures they represent, such as drug abuse, financial disasters in the making ($14 TRILLION debt), failures to apprehend or procecute real, dangerous, criminals harming the citizenry, etc. Nothing unexpected.

Sorpigal says:

We predicted this

The problem here is that federal computer crime law is ridiculously overbroad. Those of us paying attention when these laws were passed warned at the time that this would be a problem since they could be interpreted as making criminal all sorts of innocent behavior. You need only consult slashdot’s archives to see the fervor over this kind of thing repeated again and again.

Accessing a digital device, whether physically or over a network, in any manner which the owner of the device asserts was not authorized, or obtaining from that device any information the device owner later asserts was not authorized, no matter how easy the access or how public the information, is *criminal hacking* in the USA and subject to massive fines and massive jailtime.

This means that, yes, picking up someone’s phone and reading the date and time from the display is *criminal hacking* if the device owner wants to file a complaint. If you think “That’s ridiculous, it won’t happen”–well, you might have said that about Mr. Swartz’s case, as well. If the law permits it then sooner or later someone will sue based on it. You can depend on that.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...