FBI Investigation Into Programmer For Freeing The Public Domain

from the an-exploit? dept

A bunch of folks have sent over the incredible story of how the FBI investigated well-known programmer Aaron Swartz, after discovering that he had installed a perl script on a computer at the 7th U.S. Circuit Court of Appeals library in Chicago, to cycle through PACER documents and upload them to an Amazon S3 account. Basically (as we've discussed in the past), court documents -- which are in the public domain -- are mostly locked up in the gov't's PACER system, which costs $0.08/page. However, since the documents are public domain, once you get them, you're free to do what you want with them. The Government Printing Office started an experiment last year, offering free access to PACER in certain libraries. Swartz just went to one and then installed his script to cycle through and upload those documents. The library's IT staff eventually noticed the issue (it took a few weeks) and alerted the FBI who began an investigation of Aaron, after Amazon handed over his info. While you can sorta understand why the FBI might look into why someone had installed a program on a court library computer, once it became clear that it was only accessing public domain documents, it seems pretty silly to have continued onward -- including driving by his home and considering a stakeout.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    icon
    rwahrens (profile), Oct 7th, 2009 @ 4:30am

    When you're a hammer

    ...everything soon starts looking like a nail.

    Standard FBI "procedure", just to dot the "i's" and cross the "t's". It's what they do, and are trained to do.

    Honestly, he probably broke at least two Federal laws in placing an unauthorized piece of software on the computer. I'd bet that the only reason he isn't up on charges is they couldn't prove he had an intent to steal confidential content.

     

    reply to this | link to this | view in thread ]

  2.  
    icon
    res2 (profile), Oct 7th, 2009 @ 5:23am

    I have a complete lack of outrage at this story.

     

    reply to this | link to this | view in thread ]

  3.  
    icon
    Chargone (profile), Oct 7th, 2009 @ 5:34am

    gets a solid 'meh' out of me...

    silly situation, dubious response, ridiculous counter response, no apparent significant harm done [yet?]

    business as usual in the world of humanity, really... especially government.

    though i do see the point.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    keven sutton, Oct 7th, 2009 @ 5:36am

    Re: When you're a hammer

    which begs the question, is a script software? I could right a script on that library computer, it's not compiled and uses no code that the computer wouldn't perform during it's normal daily function (Calls for HTTP traffic up and down mostly).

    So is this considered software? I could be sitting there doing the same thing either from the command line or using even less sophisticated methods. The script doesn't compile into a Binary, It's just flat text.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Anonymous Coward, Oct 7th, 2009 @ 5:44am

    Aaron Schwartz is to be praised and rewarded not investigated and demonized. I can understand charging for court documents if they must be photocopied - hard copies are scarce resources (including the time it takes a gov't worker to research and photocopy the documents), but electronic documents have zero marginal costs. There's no reason to charge.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    ///M, Oct 7th, 2009 @ 5:51am

    Whats the Issue Here?

    "it seems pretty silly to have continued onward -- including driving by his home and considering a stakeout".

    Actually I hope he should have to pay fines for illegal use of government equipment and the FBI should take all his computer equipment away from him.

    The issue is not with the data he was accessing, but that he modified a system that he had no right to modify.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Anonymous Coward, Oct 7th, 2009 @ 6:05am

    Standard Operating Procedure(s)

    This is really a non-story. Guy installs software on government equipment, FBI investigates to make sure no crime is being committed, finds no crime being committed, and then closes the investigation.

    People are really WANTING to blow this out of proportion but this time folks, I'm sorry. The FBI did its mandate. They did not abuse any of their powers and nothing they did seems unusual in the slightest way.

    Hindsight is a wonderful thing. Just be sure you look at the full picture and not just the parts you like...

     

    reply to this | link to this | view in thread ]

  8.  
    icon
    Chronno S. Trigger (profile), Oct 7th, 2009 @ 6:08am

    Re: Whats the Issue Here?

    I agree with the fine part, he did basically hack a government computer. Confiscating his equipment is extreme. All he did was automate something that would be perfectly legal if he sat in front of the computer and did it himself.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    NullOp, Oct 7th, 2009 @ 6:16am

    Whoa! Dude....

    Installing scripts on govt machines is way uncool.

    Now, the fact that Pacer is/was charging for PUBLIC DOMAIN documents is outrageous/illegal/immoral/just-plain-wrong.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Dom, Oct 7th, 2009 @ 6:19am

    Re: Whats the Issue Here?

    Surely thats a bit extreme. yeah he modified a system he shouldnt have but at the end of the day he was accessing public domain data in an efficient way (this data, according to the above article is FREE FOR ACCESS in some public libraries).

    surely a telling off, maybe a ban from public computers (ie libraries etc) would be more appropriate than wasting even more govmnt resources on meaningless punishments. it has probably cost the FBI silly money already just investigating this. to then go on and prosecute him and/or sieze equipment would cost even more.

    or maybe im wrong. maybe the FBI and US government should continue to waste money chasing ridiculous issues rather than focusing on the IMPORTANT things like... um... i dont know the US crime rate... terrorism... the pointless, fruitless war their currently involved in... to name but a few.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Joel Coehorn, Oct 7th, 2009 @ 6:22am

    Nothing to see here

    As someone who's done both programming and systems administration, I have to see this is a non-story. Writing a script to find public domain PACER articles? No big deal. Installing that script to run on a computer that's not yours? That's a no-no, and the programmer should have known that.

    Joel Coehoorn - ASP.Net MVP

     

    reply to this | link to this | view in thread ]

  12.  
    icon
    R. Miles (profile), Oct 7th, 2009 @ 6:41am

    Re: Whats the Issue Here?

    The issue is not with the data he was accessing, but that he modified a system that he had no right to modify.
    The problem is, though, he didn't modify the system.

    By definition, he never touched the original source, altered its performance, or prevented others from accessing the same.

    If anything, he enhanced the system by introducing additional scripting to benefit the results which would be no different than running the current version. It just did it faster.

    In addition, there's absolutely no reason why Aaron should be a target to a system that allowed the introduction of the script to begin with.

    It was, by my additional reading, pretty evident such code addition wasn't frowned upon to which expert skills were needed to add the script in the first place (re: hacking).

    Hell, even Techdirt's comment posting scrubbing removes possible injection code. To think this system wouldn't is the fault of the code owner, not its users.

    I'd agree with you if actions were taken to which Aaron hacked to modify, but this is not the case here.

    In other words: Taxpayer dollars were wasted over the stupidity of the software developer as not to block such things in the first place.

    The scapegoat being Aaron, and unjust at that.

    So, by your logic, the FBI should have its computers removed for arbitrarily using its software to find Aaron's home address, given there were misuses by the FBI because of inaccurate "hacking" allegations.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Kilroy, Oct 7th, 2009 @ 6:43am

    Re: Re: When you're a hammer

    I'd have to disagree with you on that. Once the script is initiated, it is compiled or interpreted into binary by the system that is executing it. Just a technicality but at some point before the script can be of any use to anyone (except maybe the guy doing the desk-checking of the pseudocode) it needs to be binary & therefore it is software - of some sort

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    ady, Oct 7th, 2009 @ 6:45am

    Re: Nothing to see here

    spelt your name wrong

     

    reply to this | link to this | view in thread ]

  15.  
    icon
    mike42 (profile), Oct 7th, 2009 @ 6:46am

    1.5 million imaginary dollars!

    You guys missed the important part. The FBI was investigating him because he "leaked" 1.5 million dollars worth of data!

    "The two accounts were responsible for downloading more than eighteen million pages with an approximate value of $1.5 million."

    1.5 million dollars of public domain information! And we had to pay for the investigation!

    Now that they have investigated him, they should hand all of the PACER data over to him and shut the system down. I guarantee the PACER system is losing money, and Aaron did it all for free.

     

    reply to this | link to this | view in thread ]

  16.  
    icon
    iamtheky (profile), Oct 7th, 2009 @ 6:59am

    Re: Re: Whats the Issue Here?

    "never altered its performance?"

    a script that constantly searches for certain documents and uploads them, that does not affect performance?

    My understanding is that PACER documents are requests, 18 million pages over a few weeks probably leaves some footprints.

     

    reply to this | link to this | view in thread ]

  17.  
    icon
    Sean T Henry (profile), Oct 7th, 2009 @ 6:59am

    Re: When you're a hammer

    If they did not want anything placed on the computer then IT should have taken care of that before placing the PC in a public area.

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Anonymous Coward, Oct 7th, 2009 @ 7:09am

    Re: Whoa! Dude....

    Have to agree here, no one should be loading scripts onto library/government computers. It was right for the FBI to investigate. What they found was harmless and any prosecution/punishment should be equally harmless.

    Even though this guy was trying to do something good that does not make his actions okay. Last I checked there is no exclusion for Robin Hood in the law.

    At the same time, its lame that Public Domain documents, which the people already paid for once in taxes, have a per page cost.

    This whole thing falls under the 'two wrongs do not make a right' category.

     

    reply to this | link to this | view in thread ]

  19.  
    icon
    Overcast (profile), Oct 7th, 2009 @ 7:12am

    If they did not want anything placed on the computer then IT should have taken care of that before placing the PC in a public area.

    Good point :)

     

    reply to this | link to this | view in thread ]

  20.  
    icon
    Sean T Henry (profile), Oct 7th, 2009 @ 7:16am

    Re: Re: Re: Whats the Issue Here?

    That shows the incompetence of IT there. They should have caught it in the first day or so when they would have seen a computer was making requests after closing and in the morning before it opened to the public.

     

    reply to this | link to this | view in thread ]

  21.  
    icon
    Overcast (profile), Oct 7th, 2009 @ 7:33am

    Re: Re: Re: Re: Whats the Issue Here?

    That shows the incompetence of IT there. They should have caught it in the first day or so when they would have seen a computer was making requests after closing and in the morning before it opened to the public.

    What surprises me is that it was open to installing software. Something like "Windows Steady State" would be a good option for them.

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    ///M, Oct 7th, 2009 @ 7:38am

    Re: Re: Whats the Issue Here?

    So, the end justifies the means? IF that is the case I can solve a lot of issues. Nuke Iraq, Iran, and Venezuela. Its a hell of a lot faster than using a diplomatic approach or waging a ground war. Kill the sick and poor. Its more efficient and cheaper then providing a health care system. No jails, just capital punishment. Hell, I am starting to like this efficiency idea as long as the end justifies the means.

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    Lion XL, Oct 7th, 2009 @ 7:43am

    OK...so you guys are asstards.....what if...some one else came after him noticed his script and was able to modify it to send out some thing more sensitive? exactly!

    and for the morons that think just because it wasn't protected properly, makes it not his fault. OK...next time you leave your door open to throw out the garbage, I hope some one walks in behind your back and steals your TV, Same bone head logic.

    just because the IT op was a bone head, doesnt make Arron any less of a bone head. Should he be shot? NO. Should he be penalized? yes.

     

    reply to this | link to this | view in thread ]

  24.  
    icon
    ChurchHatesTucker (profile), Oct 7th, 2009 @ 7:58am

    Re: Re: Re: Whats the Issue Here?

    "So, the end justifies the means? IF that is the case I can solve a lot of issues. Nuke Iraq, Iran, and Venezuela."

    Yes, automating a search of public domain documents is exactly like nuking a country or three.

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    Logo, Oct 7th, 2009 @ 8:02am

    It all depends on the technicalities surrounding the use of the computer.

    The computer was setup to be accessible by the public, it has an internet connection, and it didn't restrict the execution of scripts. Uploading 1 document wouldn't have even raised an eyebrow, it's quite legal.

    Unless there are other rules about the use of the computer (probable) then he did nothing wrong. It's unreasonable to expect him to 'guess' what the proper non-harmful use of a public computer is for each institution.

     

    reply to this | link to this | view in thread ]

  26.  
    identicon
    ///M, Oct 7th, 2009 @ 8:03am

    Re: Re: Whats the Issue Here?

    Last time I checked placing data on a hard drive is modifying the system. The drive lost some storage capacity since the script was introduced to the system thus reducing it original capabilities.

    "In addition, there's absolutely no reason why Aaron should be a target to a system that allowed the introduction of the script to begin with."

    Your kidding right? I hope you leave your car unlocked and someone makes enhancements to it so no keys are needed. Then they should take it on a joy ride. When the joy ride is over and he uses your logic to justify he actions I will be there laughing at you.

     

    reply to this | link to this | view in thread ]

  27.  
    identicon
    Anonymous Coward, Oct 7th, 2009 @ 8:07am

    Re: Re: Whats the Issue Here?

    Miles, you are still an idiot.

    he didn't enhance the system, he modified it without permission.

     

    reply to this | link to this | view in thread ]

  28.  
    identicon
    Anonymous Coward, Oct 7th, 2009 @ 8:10am

    They should take away his library card if he violated the library's computer use policy.

     

    reply to this | link to this | view in thread ]

  29.  
    identicon
    Logo, Oct 7th, 2009 @ 8:21am

    Re:

    That's a terrible analogy.

    You are invited to use the library's computer and uploading the documents is legal. The only quirk in the discussion is the method he used to upload the documents (a script vs manually).

    You are not invited to enter a private property just because the door is unlocked, your presence there is illegal (tresspassing) and stealing a TV is illegal.

     

    reply to this | link to this | view in thread ]

  30.  
    icon
    John Fenderson (profile), Oct 7th, 2009 @ 8:22am

    Re: Re: When you're a hammer

    "which begs the question, is a script software?"

    Yes.

    Software is instruction directing the behavior of the computer. Whether they are compiled or interpreted is irrelevant, as is how complex or simple they are.

     

    reply to this | link to this | view in thread ]

  31.  
    identicon
    ///M, Oct 7th, 2009 @ 8:34am

    Re: Re: Re: Re: Whats the Issue Here?

    Well yeah.

    If the end justifies the means and in the end you want to do something faster, better and cheaper then the folowing actions produce the same results...

    1)Automating the search of public database is faster, better and cheaper than doing it manually, especially if you need 18 million pages of results.

    2)Nuking three countries is faster, better, and cheaper then sending troops to kill 18 million people.

     

    reply to this | link to this | view in thread ]

  32.  
    identicon
    Anonymous Coward, Oct 7th, 2009 @ 8:43am

    Re: Re: Whats the Issue Here?

    No, because wasting resources on trying to find more ways to exploit the public is more important than using them wisely to prevent crime and terrorism.

     

    reply to this | link to this | view in thread ]

  33.  
    icon
    Rose M. Welch (profile), Oct 7th, 2009 @ 8:54am

    Re: Whats the Issue Here?

    Why should they take his computer equipment away from him?

     

    reply to this | link to this | view in thread ]

  34.  
    icon
    Rose M. Welch (profile), Oct 7th, 2009 @ 8:58am

    Re: Re: Re: Whats the Issue Here?

    Yes, but everything the script did, a human being could have legally done, albeit slower. In fact, the computer was INTENDED for that purpose, and the use of Recap had already been sanctioned.

     

    reply to this | link to this | view in thread ]

  35.  
    icon
    Rose M. Welch (profile), Oct 7th, 2009 @ 9:01am

    Re:

    what if...some one else came after him noticed his script and was able to modify it to send out some thing more sensitive? exactly!

    Someone who could do that is probably able to start from scratch and send out something more sensitive, if something more sensitive isn't locked down. The existence of the original script would be irrelevant.

     

    reply to this | link to this | view in thread ]

  36.  
    identicon
    ///M, Oct 7th, 2009 @ 9:02am

    Re: Re: Whats the Issue Here?

    For fun.

     

    reply to this | link to this | view in thread ]

  37.  
    identicon
    Anonymous Coward, Oct 7th, 2009 @ 9:09am

    Re:

    @ AC (5:44am): Just because there is negligible incremental cost doesn't mean there is no reason to charge. Is it not reasonable for the gov't to recoup some portion of the fixed costs of making information available digitally? Servers are (relatively) cheap, but they aren't free.

     

    reply to this | link to this | view in thread ]

  38.  
    identicon
    dan, Oct 7th, 2009 @ 9:21am

    Re:

    its NOT his server. he DID NOT receive premission before hand to place that software there.

    Now, what should be done.

    Fire the IT department in charge of that library system.
    1). he should NEVER have had access to place a scheduled job that machine.
    2). He should NEVER had access to place software of ANY KIND on that machine.

     

    reply to this | link to this | view in thread ]

  39.  
    icon
    ChurchHatesTucker (profile), Oct 7th, 2009 @ 9:21am

    Re: Re: Re: Whats the Issue Here?

    "he didn't enhance the system, he modified it without permission."

    Explain to me how you use a computer without modifying it. Think it through.

     

    reply to this | link to this | view in thread ]

  40.  
    icon
    R. Miles (profile), Oct 7th, 2009 @ 9:40am

    Re: Re: Re: Whats the Issue Here?

    Miles, you are still an idiot.
    This statement from you has as much value as toilet paper once it has served its purpose.

    Once again, he did not modify a damn thing. Modification means the original programming was tampered with.

    This did not occur. But given you're going around calling people idiots, I can see how understanding this is a challenge for you.

    [///M]The drive lost some storage capacity since the script was introduced to the system thus reducing it original capabilities.
    Tell me you're not serious. The script's impact to drive space was so negligible, it took weeks to discover.

    [iamtheky]a script that constantly searches for certain documents and uploads them, that does not affect performance?
    As opposed to many users hitting the same system at the same time? Sorry, but the math doesn't add up.

    If anything, the scripting would actually improve performance, not hinder it.

    In this instance, the PACER folks should be thanking Aaron by providing a faster way to give people what they want.

    Less time on the system provides better performance than 20 people looking up individual records.

    I get most people aren't in the IT field, but even common sense should be applied here.

    For those that don't get it: A debit card is faster at a checkout than is writing a check. Aaron just supplied the card reader.

     

    reply to this | link to this | view in thread ]

  41.  
    icon
    Dark Helmet (profile), Oct 7th, 2009 @ 10:01am

    Re: Re: Re: Re: Whats the Issue Here?

    "Yes, automating a search of public domain documents is exactly like nuking a country or three."

    Oh why even take it that far? Why not just pompously point out that his ends suck?

     

    reply to this | link to this | view in thread ]

  42.  
    identicon
    Michael, Oct 7th, 2009 @ 10:34am

    Re: 1.5 million imaginary dollars!

    Yet you yourself missed an important part as well.

    "The Government Printing Office started an experiment last year, offering free access to PACER in certain libraries. Swartz just went to one and then installed his script to cycle through and upload those documents."

    Even if he sat in front of the computer in question he would not have been charged per page as it was all free.

     

    reply to this | link to this | view in thread ]

  43.  
    icon
    rwahrens (profile), Oct 7th, 2009 @ 10:38am

    Re: Re: When you're a hammer

    I agree.

    I am in IT for a major Federal Agency, and I'd NEVER let something get placed in public that would allow software installation.

    That said, even if negligently allowed, Federal law still forbids placing unauthorized software on a Federal system. What has probably kept him from being charged is that the law still requires some form of intent, and since he was accessing what he would have had access to freely anyway, it was most likely felt not worth the effort.

     

    reply to this | link to this | view in thread ]

  44.  
    identicon
    Lance, Oct 7th, 2009 @ 10:50am

    Re: Re: Re: Re: Whats the Issue Here?

    "Explain to me how you use a computer without modifying it. Think it through."

    Using a computer with the methods and for the means it was intended to be used does not constitute "modification".

    If you change the behavior, even if it's only automating a task, you have now satisfied the definition of modification. He changed the method in which the computer was used via a script. Therefore, he "modified" it's behavior.

    Anyone who deals with legal when doing any type of forensics or pen testing will attest to these definitions.

     

    reply to this | link to this | view in thread ]

  45.  
    identicon
    Lucretious, Oct 7th, 2009 @ 3:25pm

    Meh, I can kinda see why the FBI would get antsy about this. I don't see this as any kind of overreaction.

     

    reply to this | link to this | view in thread ]

  46.  
    icon
    ChurchHatesTucker (profile), Oct 7th, 2009 @ 4:11pm

    Re: Re: Re: Re: Re: Whats the Issue Here?

    "He changed the method in which the computer was used via a script. Therefore, he "modified" it's behavior. "

    You're almost there. Keep thinking.

     

    reply to this | link to this | view in thread ]

  47.  
    icon
    ChurchHatesTucker (profile), Oct 7th, 2009 @ 4:44pm

    Re:

    "OK...so you guys are asstards.....what if...some one else came after him noticed his script and was able to modify it to send out some thing more sensitive? exactly!"

    What if someone came after him and threw the computer at a librarian's head? Huh? What then?!

     

    reply to this | link to this | view in thread ]

  48.  
    icon
    ChurchHatesTucker (profile), Oct 8th, 2009 @ 10:25am

    Re:

    "Meh, I can kinda see why the FBI would get antsy about this. I don't see this as any kind of overreaction."

    I can see why they might be *interested*, but I like to think of the FBI as having a frakin' clue about the shit they investigate, and that they would be the kind of people to be able to read a script and realize that downloading public documents is not a crime.

    But, I'm old-fashioned like that, and don't like to think of the Feds as a bunch of moronic trigger-happy gym bunnies.

     

    reply to this | link to this | view in thread ]

  49.  
    identicon
    Rakog Var, Oct 13th, 2009 @ 7:06am

    Re: When you're a hammer

    Until the FBI decides that corporations (such as Sony) can be criminally liable for installing software (such as rootkits), it's hard to take their "computer crime" unit seriously.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This