Feeds

MIT clears itself of responsibility for Aaron Swartz's prosecution

Father says the university failed its 'moral obligation' to his son

SANS - Survey on application security programs

Six months after the suicide of internet activist Aaron Swartz, MIT has released a 182-page report into the university's involvement in his arrest and prosecution, and has determined that it did nothing wrong.

Swartz, who at 14 coauthored the RSS standard, subsequently cofounded Creative Commons and the Reddit online community, and is a recent inductee to the Internet Hall of Fame, was found hanging in his New York apartment in January, weeks before he was due for court hearings on 13 felony charges relating to his use of MIT's network to download 4.8 million papers from the JSTOR academic database.

"MIT did not 'target' Aaron Swartz, we did not seek federal prosecution, punishment or jail time, and we did not oppose a plea bargain," said MIT president Rafael Reif in a statement, although he did add the university would be reviewing its policies.

The report, prepared by MIT computer science professor Hal Abelson, economics professor and Institute professor emeritus Peter Diamond, and Washington attorney Andrew Grosso, has taken so long because it's based on the detailed examination of over 10,000 documents and many personal interviews, the authors said.

They found that the university had maintained a policy of strict neutrality, and did not attempt to influence the prosecution of Swartz by federal authorities. It also notes that "Swartz was neither a member of the MIT staff, nor an enrolled student nor alumnus, nor a member of the faculty."

But the report has angered Swartz's father, himself a member of MIT's Media Lab. In a statement to The Register, he said the report showed that MIT handed over information to the prosecution without subpoena warrant (a courtesy not extended to Swartz's defense team), and withheld information and witness lists that were handed to government investigators.

"Having now read Abelson's report, it is clear that MIT in fact played a central role in Aaron's suicide," Robert Swartz said. "MIT made numerous mistakes that warrant further examination and significant changes. MIT was not neutral in the legal case against Aaron. Whether MIT was neutral or not is a red herring: the university had a moral obligation to advocate on Aaron's behalf."

Who called whom?

The report details how MIT was initially contacted by research archive JSTOR because of a server-crashing number of downloads being requested by MIT's network. The requests appeared to stop after a while, but JSOTR got back in touch when it became apparent that the request frequency had been slowed and 4.8 million articles had been copied.

Trying to trace the source, the university's IT staff found a laptop in a cardboard box in one of their network rooms and called MIT police, who determined they didn't have the skills to handle it. They called the local Cambridge police, and a local detective arrived with a Secret Service and an officer from the Boston Police Department in tow.

The Secret Service agent tried and failed to copy the hard drive, so the laptop was fingerprinted and a camera was installed to monitor it. Just half an hour later someone did come in and swap out the laptop hard drive, but then left before MIT police could arrive.

A second visit was noted two days later, and this time an off-duty MIT police officer was in an unmarked police car that just happened to be near the building. He had a still image of the laptop's visitor, saw a cyclist matching the picture, and stopped him for questioning.

The report says the cyclist was Swartz, who ran away when questioned but was later apprehended by the policeman and a colleague. He refused to answer questions, so the local police were called and he was taken away to be charged. MIT did not ask for charges to be brought, the report states, and JSTOR didn't wish to either. But the US Department of Justice had other ideas.

US attorney Carmen Ortiz and her assistant Stephen Heymann used the provisions of the Computer Fraud and Abuse Act to rack up 13 felony charges against Swartz that would have seen him behind bars for a maximum of 35 years and facing $1m in fines. Swartz, 26, committed suicide shortly before hearings began.

Two charges of misconduct have since been filed against Heymann, but Ortiz has defended her handling of the case, saying that her "office's conduct was appropriate in bringing and handling this case." She said that the prosecution was only planning to ask for six months in prison, and had no intention of asking for a maximum sentence, particularly as it was clear Swartz wasn't harvesting the JSTOR archives for personal gain.

You can't be neutral on a moving train

Harvard law professor Lawrence Lessig, who was a close friend of Swartz, said that MIT's report showed the "emptiness in the concept of 'neutrality'," and in fact shows the extent to which the university's lack of action doomed Swartz to prosecution.

"'Neutrality' is one of those empty words that somehow has achieved sacred and context-free acceptance – like 'transparency', but don't get me started on that again," he writes. "But there are obviously plenty of contexts in which to be 'neutral' is simply to be wrong."

The lynchpin of the government's case against Swartz was that he had unauthorized access to MIT's network. But, he says, the report states that MIT never told police of federal prosecutors if Swartz wasn't authorized to use the network, and apparently didn't even bother to decide this itself.

The report does note that had Swartz asked for access in the usual way he would have been granted it under the terms of MIT's open guest policy for network use and, "it might be argued that Aaron Swartz accessed the MIT network with authorization." The university neglected to mention this to the either prosecution or defense teams, however.

"If indeed MIT recognized this, and didn't explicitly say either privately or publicly that Aaron was likely not guilty of the crime charged, then that failure to speak can't be defended by the concept of 'neutrality'," Lessig concludes. ®

High performance access to file storage

More from The Register

next story
Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
Veep testifies for Samsung during Apple patent trial
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Big Content goes after Kim Dotcom
Six studios sling sueballs at dead download destination
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Alphadex fires back at British Gas with overcharging allegation
Brit colo outfit says it paid for 347KVA, has been charged for 1940KVA
Jack the RIPA: Blighty cops ignore law, retain innocents' comms data
Prime minister: Nothing to see here, go about your business
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.