Not much has been said about the Aaron Swartz case
over the past year as the wheels of "justice" slowly grind their way to an eventual court date. Swartz, the executive director of Demand Progress, was charged with violating the Computer Fraud and Abuse Act, a catch-all designation for "computer activity the US government doesn't like
Swartz had accessed MIT's computer network to download a large number of files from JSTOR, a non-profit that hosts academic journal articles. US prosecutors claimed he "stole" several thousand files, but considering MIT offered this access for free on campus (and the files being digital), it's pretty tough to square his massive downloading with any idea of "theft."
Not only that, but JSTOR was not the entity pressing charges
. It had stopped the downloading and secured the "stolen" content, along with receiving assurances from Swartz that the files would not be distributed. Despite this, the feds felt compelled to arrest Swartz and charge him with four felony counts (one each for Wire Fraud, Computer Fraud, Theft of Information from a Computer and Recklessly Damaging a Computer). At this point, Swartz was looking at a possible 35-year sentence and over $1,000,000 in fines.
Whoever's pushing this case must really dislike Swartz and/or his activities. A "Superseding Indictment"
(pdf) has been filed, raising the number of felony counts from four to thirteen
. Seth Finkelstein at Infothought has a brief rundown of the new charges
(h/t to Nate Hoffelder
for the link):
There are now 13 felony counts in the new indictment, derived from claims of multiple instances of breaking those four laws. In specific:
Wire Fraud - 2 counts
Computer Fraud - 5 counts
Unlawfully Obtaining Information from a Protected Computer - 5 counts
Recklessly Damaging a Protected Computer - 1 count
It's beyond my pay grade to figure out how many years in prison that all could be, when taking into account the complexities of sentencing law. Let's leave it at a large scary number. Enough to ruin someone's life.
The new filing basically realleges all the original charges but ups the felony count by providing specific dates for each action, turning each marked date into its own felony charge. The allegations refer to Swartz's "repeated" actions as spanning several months, but the feds have pulled some arbitrary dates into the mix to add years and dollars onto his possible sentence. And, again, we have to ask: for what
JSTOR only showed up because it was subpoenaed and if anyone's the "victim" here, it would be JSTOR. MIT has remained silent on the whole issue. So, either someone's got a deeper interest in this case than they're willing to admit publicly, or the feds found someone with enough "hacking" activity under their belt that they feel comfortable turning the defendant into an "example." Or perhaps this is a belated payback for his thorough gaming of the PACER system during a "free trial" period, something the feds briefly investigated him for back in 2009
. It went nowhere as the documents involved were public records, but it had to gall them a bit that he managed to download nearly 20 million pages of text, about 20% of the entire database, before being stopped. (The government likes to collect 8 cents a page for PACER documents, meaning Swartz's stunt "cost" it nearly $1.6 million, assuming you have no idea how to properly measure "costs.")
So, how do the new charges stack up in terms of a sentence? Tough to say. Each of the charges carries the possibility of a fine and imprisonment of up to 10-20 years per felony. Depending on how many of the counts Swartz is found guilty of, the sentence could conceivably total 50+ years and fine in the area of $4 million. All this over publicly accessed research documents that JSTOR doesn't even feel the need to pursue further than it did.