MIT clears itself of responsibility for Aaron Swartz's prosecution
Father says the university failed its 'moral obligation' to his son
Six months after the suicide of internet activist Aaron Swartz, MIT has released a 182-page report into the university's involvement in his arrest and prosecution, and has determined that it did nothing wrong.
Swartz, who at 14 coauthored the RSS standard, subsequently cofounded Creative Commons and the Reddit online community, and is a recent inductee to the Internet Hall of Fame, was found hanging in his New York apartment in January, weeks before he was due for court hearings on 13 felony charges relating to his use of MIT's network to download 4.8 million papers from the JSTOR academic database.
"MIT did not 'target' Aaron Swartz, we did not seek federal prosecution, punishment or jail time, and we did not oppose a plea bargain," said MIT president Rafael Reif in a statement, although he did add the university would be reviewing its policies.
The report, prepared by MIT computer science professor Hal Abelson, economics professor and Institute professor emeritus Peter Diamond, and Washington attorney Andrew Grosso, has taken so long because it's based on the detailed examination of over 10,000 documents and many personal interviews, the authors said.
They found that the university had maintained a policy of strict neutrality, and did not attempt to influence the prosecution of Swartz by federal authorities. It also notes that "Swartz was neither a member of the MIT staff, nor an enrolled student nor alumnus, nor a member of the faculty."
But the report has angered Swartz's father, himself a member of MIT's Media Lab. In a statement to The Register, he said the report showed that MIT handed over information to the prosecution without subpoena warrant (a courtesy not extended to Swartz's defense team), and withheld information and witness lists that were handed to government investigators.
"Having now read Abelson's report, it is clear that MIT in fact played a central role in Aaron's suicide," Robert Swartz said. "MIT made numerous mistakes that warrant further examination and significant changes. MIT was not neutral in the legal case against Aaron. Whether MIT was neutral or not is a red herring: the university had a moral obligation to advocate on Aaron's behalf."
Who called whom?
The report details how MIT was initially contacted by research archive JSTOR because of a server-crashing number of downloads being requested by MIT's network. The requests appeared to stop after a while, but JSOTR got back in touch when it became apparent that the request frequency had been slowed and 4.8 million articles had been copied.
Trying to trace the source, the university's IT staff found a laptop in a cardboard box in one of their network rooms and called MIT police, who determined they didn't have the skills to handle it. They called the local Cambridge police, and a local detective arrived with a Secret Service and an officer from the Boston Police Department in tow.
The Secret Service agent tried and failed to copy the hard drive, so the laptop was fingerprinted and a camera was installed to monitor it. Just half an hour later someone did come in and swap out the laptop hard drive, but then left before MIT police could arrive.
A second visit was noted two days later, and this time an off-duty MIT police officer was in an unmarked police car that just happened to be near the building. He had a still image of the laptop's visitor, saw a cyclist matching the picture, and stopped him for questioning.
The report says the cyclist was Swartz, who ran away when questioned but was later apprehended by the policeman and a colleague. He refused to answer questions, so the local police were called and he was taken away to be charged. MIT did not ask for charges to be brought, the report states, and JSTOR didn't wish to either. But the US Department of Justice had other ideas.
US attorney Carmen Ortiz and her assistant Stephen Heymann used the provisions of the Computer Fraud and Abuse Act to rack up 13 felony charges against Swartz that would have seen him behind bars for a maximum of 35 years and facing $1m in fines. Swartz, 26, committed suicide shortly before hearings began.
Two charges of misconduct have since been filed against Heymann, but Ortiz has defended her handling of the case, saying that her "office's conduct was appropriate in bringing and handling this case." She said that the prosecution was only planning to ask for six months in prison, and had no intention of asking for a maximum sentence, particularly as it was clear Swartz wasn't harvesting the JSTOR archives for personal gain.
You can't be neutral on a moving train
Harvard law professor Lawrence Lessig, who was a close friend of Swartz, said that MIT's report showed the "emptiness in the concept of 'neutrality'," and in fact shows the extent to which the university's lack of action doomed Swartz to prosecution.
"'Neutrality' is one of those empty words that somehow has achieved sacred and context-free acceptance – like 'transparency', but don't get me started on that again," he writes. "But there are obviously plenty of contexts in which to be 'neutral' is simply to be wrong."
The lynchpin of the government's case against Swartz was that he had unauthorized access to MIT's network. But, he says, the report states that MIT never told police of federal prosecutors if Swartz wasn't authorized to use the network, and apparently didn't even bother to decide this itself.
The report does note that had Swartz asked for access in the usual way he would have been granted it under the terms of MIT's open guest policy for network use and, "it might be argued that Aaron Swartz accessed the MIT network with authorization." The university neglected to mention this to the either prosecution or defense teams, however.
"If indeed MIT recognized this, and didn't explicitly say either privately or publicly that Aaron was likely not guilty of the crime charged, then that failure to speak can't be defended by the concept of 'neutrality'," Lessig concludes. ®
Sponsored: Customer Identity and Access Management