SaaS data loss: The problem you didn’t know you had

Comment Aaron Swartz's death has sent shockwaves through the internet community, but among the mourning and tributes there's a growing undercurrent of anger that an enormously gifted young man may have been hounded to his death.

Swartz speaking against SOPA/PIPA last year

Swartz, who helped write the RSS standard at the age of 14 and co-founded Creative Commons, the Reddit online community and set up the Demand Progress group that did so much to stop SOPA/PIPA, was found hanging in his New York apartment by a friend on Friday. He was 26 and had been suffering from depression.

"Aaron's death is not simply a personal tragedy," his family said in a statement. "It is the product of a criminal justice system rife with intimidation and prosecutorial overreach. Decisions made by officials in the Massachusetts US Attorney's office and at MIT contributed to his death."

Swartz was under indictment for claimed crimes that could have got him half a century behind bars and at least a million dollars in fines. He was being aggressively pursued by the US Department of Justice and was paying lawyer's fees even before the case was due to come to court in April.

Swartz was charged after he allegedly set up a custom Python script to download 4.8 million articles from JSTOR, an online archive of more than 1,000 academic journals via an MIT account. When his MAC address was blocked for slowing down the system he spoofed a new one and carried on downloading with a laptop stashed in a wiring closet, his indictment claims.

At the prices JSTOR was charging for the research papers, technically Swartz stole millions of dollars-worth of goods, although had he downloaded each one individually no laws would have been broken. JSTOR itself declined to press charges, indeed it opened its archives up for free on Wednesday in an unrelated move.

"The case is one that we ourselves had regretted being drawn into from the outset, since JSTOR's mission is to foster widespread access to the world's body of scholarly knowledge," said the academic publisher in a statement on Saturday. "Aaron returned the data he had in his possession and JSTOR settled any civil claims we might have had against him in June 2011."

But MIT and the US government weren't so forgiving. Swartz was initially charged with five cases of computer and wire fraud, but US federal attorneys Carmen Ortiz and Steve Heymann increased the number of charges to 13. With bail set at $100,000 and a court sentence due, the pressure on Swartz must have been intense.

Swartz wasn't exactly on the federal government Christmas card list anyway. The FBI investigated him in 2008 after he downloaded 20 per cent of the PACER US court document database and made it available online. No charges were pressed, but the case did him no favors in the eyes of the law and times are tough for those the government has deemed a "hacking threat."

Ever since WikiLeaks' release of State Department cables the government has been less tolerant of technology community shenanigans. Last year's Black Hat was full of stories of researchers getting hassled on their way to the show. International travellers with online "form" found attending the show hard: one guest shipped a laptop to the show because every time he flies he's pulled over for questioning and his computer is taken away for examination. Since he can’t tell what's been put on there by investigators the laptop is essentially useless until a full system wipe can be done, and even that's not 100 per cent certain to get rid of spyware.

One theory regarding Swartz suggests that authorities racked up the charges against him as a bargaining tactic, but also with the intention of converting him to become a mole for the authorities. As we saw in the case of Anon-turned-mole Sabu this can be highly effective.

Swartz isn't known to have participated in Anonymous-style activity. He did believe passionately in the need for open information. When he scraped the JSTOR system he wasn't looking for make a fast buck or damaging systems or denying access. JSTOR contained academic papers, for goodness' sake, hardly an area with a thriving black market. If he hadn't handed the papers back they would simply have appeared online for free, as the PACER documents did.

Swartz (15) and his friend Lawrence Lessig

Swartz wowed the online world with his perspicacity as a teenager, co-authoring the RSS 1.0 standard at an age when most teenagers are still trying to shave and was part of a group that helped set up the Creative Commons licensing scheme. His role in setting up Reddit was all about opening information up in an egalitarian way and his active campaigning against the idiocies of SOPA/PIPA sprang from the same intellectual source.

Those who knew him say the JSTOR case wasn't about theft but about fair use of information. The academics who wrote the papers on JSTOR weren't paid, nor were the editors and peer-reviewers. Yet researchers trying to use this data had to pay a publisher for the rights to it, and none of the funds made it to the information's creators.

"Aaron's act was undoubtedly political activism, and taking such an act in the physical world would, at most, have a meant he faced light penalties akin to trespassing as part of a political protest," said the EFF. "Because he used a computer, he instead faced long-term incarceration. This is a disparity that EFF has fought against for years."

Yet this argument only works with people who understand this way of thinking, which doesn’t include the federal authorities. They approached the case with little understanding and tried to steamroller Swartz into submission. As his family has pointed out, the consequences have been fatal.

"We live in a world where the architects of the financial crisis regularly dine at the White House — and where even those brought to 'justice' never even have to admit any wrongdoing, let alone be labeled 'felons,"' said friend and colleague Lawrence Lessig in his blog.

"In that world, the question this government needs to answer is why it was so necessary that Aaron Swartz be labeled a 'felon.' Fifty years in jail, charges our government. Somehow, we need to get beyond the 'I’m right so I’m right to nuke you' ethics that dominates our time. That begins with one word: Shame. One word, and endless tears."

Lessig is not the only one who's fuming. The Twittersphere first recorded the shock and sadness of the internet community, but in the last day more and more angry voices are coming through and vowing: never again, this has to stop.

The US government is actively trying to get the computer industry onside to counter the hacking threat from other states and rogue actors and manage the online world. It appeals for help, yet treats those that could help it like this. It's a disconnect which will have to be resolved.

We've seen this before. Alan Turing, in many ways the father of the computing age and a man who had contributed more than most to the Allied victory in the Second World War, was to commit suicide less than a decade later after undergoing horrific "treatments" for his homosexuality.

Swartz had a once-in-a-generation mind, a rapacious intellect and was doing great things in trying to secure an open internet for us all. That he ended up hanging from the ceiling in a Brooklyn apartment at the age of 26 is a damning indictment of the system as it stands, and proof of the need for change. ®

Agentless Backup is Not a Myth