Tag Archive: Computer Fraud and Abuse Act

Aug 01 2013

Their Silence Killed

There is no justice in following unjust laws.

~Aaron Swartz~

Aaron Swartz photo imagesqtbnANd9GcSri_QsacSc5jhQFcunN_zps1a2d5300.jpgThe long awaited internal report (pdf) of its roll of the Massachusetts Institute of Technology in the federal prosecution of Aaron Swartz for hacking into its computer system has been finally been released. Aaron was being charges by federal prosecutors with 13 counts of violating the Computer Frauds Act. He was facing a $1 million fine and up to 35 years in prison when he committed suicide in his Brooklyn apartment in January of this year. Aaron also suffered from severe depression.

The report found that MIT did not press for prosecution of Aaron for downloading several million academic articles from the JSTOR database through the MIT computer network, which were returned. However, the school did nothing to stop the over zealous prosecution.

In a Guardian article written by Amanda Holpuch, the report stated that the school viewed that US v Swartz was “simply a lawsuit to which it was not a party.” Yet, they told the prosecutors that that it was not seeking punishment for Swartz but never actually said that they were opposed to jail time. How these people thought that that they were “not party” to Aaron’s prosecution is simply beyond belief.

According to the report, prior to his death, “the MIT community paid scant attention” to Swartz’s prosecution and few people expressed concerns to the administration about the case. However, Swartz’s father, a consultant to the MIT lab and former student there, asked MIT to aid efforts to have the charges dropped or to get a plea deal that would not have jail time. Two faculty members advocated a similar appeal.

In choosing the position of neutrality, the report says the school did not consider Swartz’s contributions to internet technology and was not critical enough of the US government’s “overtly aggressive prosecution.” MIT also did not account for Swartz’s prosecution under the Computer Fraud and Abuse Act, which the report called ” a poorly drafted and questionable criminal law.” That law has been widely criticised since Swartz’s death. [..]

Friends and family have been harshly critical of the report with Aaron’s partner, Taren Stinebrickner-Kauffman, calling the report a “whitewash” on her blog.

She also criticized the school for objecting to a Freedom of Information Act request for the secret service files on Swartz’s case. The school took the unusual step of intervening in the request for government documents after a judge ordered the documents to be released in July.

The Wired reported that while MIT claimed it was “neutral,” it is very clear from the report that they willingly cooperated with the prosecution’s investigation:

MIT police called the Cambridge police, who showed up with a Secret Service agent from the New England Electronic Crimes Task Force – sparking the federal investigation.

The report says that MIT officially adopted a neutral posture with respect to the federal criminal case, treating it as an outside matter. But it also details extensive cooperation between MIT officials and federal agents and prosecutors.

MIT sniffed network traffic from Swartz’s computer and provided logs voluntarily to the government, without demanding a subpoena. And MIT did not offer to give Swartz’s defense team access to the employees interviewed by prosecutors. “The choice not to do this was based on a judgment that the criminal process was sufficiently fair, without the need for it to provide equality of outcome,” the report notes.

“The report makes clear that MIT was not neutral,” says Robert Swartz, who’d met with MIT repeatedly during the prosecution to plead for his son. “But they should not have been neutral. They should have advocated of Aaron’s behalf, because the law under which he was charged was wrong.”

“They cooperated with prosecutors in endless ways, and they were fundamentally opaque to us.”

My fervent hope that the people at MIT who decided to cooperate with the aggressive prosecution of Aaron sleep at night haunted by his face.

Feb 22 2013

Justice and the Law for Aaron Swartz

Law professor Lawrence Lessig marked his appointed as Roy L. Furman Professor of Law and Leadership at Harvard Law School with a lecture dedicated to the memory of internet activist Aaron Swartz and his work. Prof. Lessig was a close friend and mentor to Aaron and his death was a great loss to him. He had planned to lecture on corruption but after Aaron’s death decided to discuss Aaron’s Law and his work:

At the center of [Aaron’s] struggle is and was copyright.  In the debate between people who are pro and anti copyright, Aaron was on neither side.”  Rather, he opposed “dumb copyright.”  A perfect example was Swartz’s efforts to liberate data from PACER the database of public court records, which charged 8 cents a page.  He was not violating copyright, technical restraints, terms of service or any other prohibitions.  He had found a loophole.  “A loophole for public good” as opposed to the loopholes used for private gain by lobbyists and tax lawyers.  Swartz did the same thing with the government’s database of issued copyrights.  The PACER project got Aaron FBI surveillance; the copyright project, on the other hand, was met with approval by the Copyright Office.  Using all this as proof Lessig continued to emphasize that Aaron was a hacker.  He defines “hacker” as one who uses technical knowledge to make a better world.

According to Lessig, Aaron was his mentor, not the other way around.  The two worked together, upon Aaron’s insistence, on anti-corruption campaign for a while before they split again: while Aaron wanted to turn Barrack Obama into Elizabeth Warren, Lessig wanted Obama to pick up the fight with corruption he had promised in 2008.  Without that fight, the defenders of the status quo would defeat real change.

Aaron’s Laws – Law and Justice in a Digital Age’

Jan 27 2013

The Legacy of Aaron Swartz

The White House announced a National Day of Civic Hacking, June 1 – 2, 2013, as the internet continues to mourn the hacker and activist, Aaron Swartz, who died of suicide at age 26. Aaron’s partner Taren Stinebrickner-Kauffman, executive director and founder of SumofUs.org joins host Chris Hayes; Lawrence Lessig, Roy L. Furman Professor of Law at Harvard Law School; Susan Crawford, professor for the Center on Intellectual Property & Information Law Program at Carodozo School of Law; and Ta-Nehisi Coates, senior editor for The Atlantic on the Up with Chris panel to discuss the legacy of Aaron Swartz.

Jan 15 2013

In Aaron’s Name, Change This Law

SOPA Reddit WarriorComputer programmer, writer, archivist, political organizer, and Internet activist, but most of all son, brother and friend, Aaron Swartz tragically took his own life last week. One of the many achievements of Aaron’s too short life was to win a battle in the war for Internet Freedom, he helped lead the fight to Stop SOPA. SOPA was the Stop Online Piracy Act bill that sought to monitor the Internet for copyright violations and would have made it easier for the U.S. government to shut down websites accused of violating copyright.

This was Aaron’s address at F2C:Freedom to Connect 2012, Washington DC on May 21 2012.

Now we have a battle to fight in Aaron’s name to reform the law that overzealous federal prosecutors used against him, the Computer Fraud and Abuse Act. Marcia Hoffman, senior staff attorney for Electronic Freedom Foundation, lays out the case for fixing this draconian law:

Problem 1: Hacking laws are too broad, and too vague

Among other things, the CFAA makes it illegal to gain access to protected computers “without authorization” or in a manner that “exceeds authorized access.”  Unfortunately, the law doesn’t clearly explain what a lack of “authorization” actually means. Creative prosecutors have taken advantage of this confusion to craft criminal charges that aren’t really about hacking a computer but instead target other behavior the prosecutors don’t like. [..]

Problem 2: Hacking laws have far too heavy-handed penalties

The penalty scheme for CFAA violations is harsh and disproportionate to the magnitude of offenses. Even first-time offenses for accessing a protected computer “without authorization” can be punishable by up to five years in prison each (ten years for repeat offenses) plus fines. It’s worth nothing that five years is a relatively light maximum penalty by CFAA standards; violations of other parts of that law are punishable by up to ten years, 20 years, and even life in prison. [..]

The Upshot

The CFAA’s vague language, broad reach, and harsh punishments combine to create a powerful weapon for overeager prosecutors to unleash on people they don’t like. Aaron was facing the possibility of decades in prison for accessing the MIT network and downloading academic papers as part of his activism work for open access to knowledge. No prosecutor should have tools to threaten to end someone’s freedom for such actions, but the CFAA helped to make that fate a realistic fear for Aaron.

In Aaron’s name please call on Congress and the White House to change this law.

Click here to send your message to your congressional representatives.

Please sign the Petition to President Barack Obama to Reform the Computer Fraud and Abuse Act to reflect the realities of computing and networks in 2013.

Do this not just in Aaron’s name but mine, yours and everyone who uses the internet.