Feeds

MIT clears itself of responsibility for Aaron Swartz's prosecution

Father says the university failed its 'moral obligation' to his son

Internet Security Threat Report 2014

Six months after the suicide of internet activist Aaron Swartz, MIT has released a 182-page report into the university's involvement in his arrest and prosecution, and has determined that it did nothing wrong.

Swartz, who at 14 coauthored the RSS standard, subsequently cofounded Creative Commons and the Reddit online community, and is a recent inductee to the Internet Hall of Fame, was found hanging in his New York apartment in January, weeks before he was due for court hearings on 13 felony charges relating to his use of MIT's network to download 4.8 million papers from the JSTOR academic database.

"MIT did not 'target' Aaron Swartz, we did not seek federal prosecution, punishment or jail time, and we did not oppose a plea bargain," said MIT president Rafael Reif in a statement, although he did add the university would be reviewing its policies.

The report, prepared by MIT computer science professor Hal Abelson, economics professor and Institute professor emeritus Peter Diamond, and Washington attorney Andrew Grosso, has taken so long because it's based on the detailed examination of over 10,000 documents and many personal interviews, the authors said.

They found that the university had maintained a policy of strict neutrality, and did not attempt to influence the prosecution of Swartz by federal authorities. It also notes that "Swartz was neither a member of the MIT staff, nor an enrolled student nor alumnus, nor a member of the faculty."

But the report has angered Swartz's father, himself a member of MIT's Media Lab. In a statement to The Register, he said the report showed that MIT handed over information to the prosecution without subpoena warrant (a courtesy not extended to Swartz's defense team), and withheld information and witness lists that were handed to government investigators.

"Having now read Abelson's report, it is clear that MIT in fact played a central role in Aaron's suicide," Robert Swartz said. "MIT made numerous mistakes that warrant further examination and significant changes. MIT was not neutral in the legal case against Aaron. Whether MIT was neutral or not is a red herring: the university had a moral obligation to advocate on Aaron's behalf."

Who called whom?

The report details how MIT was initially contacted by research archive JSTOR because of a server-crashing number of downloads being requested by MIT's network. The requests appeared to stop after a while, but JSOTR got back in touch when it became apparent that the request frequency had been slowed and 4.8 million articles had been copied.

Trying to trace the source, the university's IT staff found a laptop in a cardboard box in one of their network rooms and called MIT police, who determined they didn't have the skills to handle it. They called the local Cambridge police, and a local detective arrived with a Secret Service and an officer from the Boston Police Department in tow.

The Secret Service agent tried and failed to copy the hard drive, so the laptop was fingerprinted and a camera was installed to monitor it. Just half an hour later someone did come in and swap out the laptop hard drive, but then left before MIT police could arrive.

A second visit was noted two days later, and this time an off-duty MIT police officer was in an unmarked police car that just happened to be near the building. He had a still image of the laptop's visitor, saw a cyclist matching the picture, and stopped him for questioning.

The report says the cyclist was Swartz, who ran away when questioned but was later apprehended by the policeman and a colleague. He refused to answer questions, so the local police were called and he was taken away to be charged. MIT did not ask for charges to be brought, the report states, and JSTOR didn't wish to either. But the US Department of Justice had other ideas.

US attorney Carmen Ortiz and her assistant Stephen Heymann used the provisions of the Computer Fraud and Abuse Act to rack up 13 felony charges against Swartz that would have seen him behind bars for a maximum of 35 years and facing $1m in fines. Swartz, 26, committed suicide shortly before hearings began.

Two charges of misconduct have since been filed against Heymann, but Ortiz has defended her handling of the case, saying that her "office's conduct was appropriate in bringing and handling this case." She said that the prosecution was only planning to ask for six months in prison, and had no intention of asking for a maximum sentence, particularly as it was clear Swartz wasn't harvesting the JSTOR archives for personal gain.

You can't be neutral on a moving train

Harvard law professor Lawrence Lessig, who was a close friend of Swartz, said that MIT's report showed the "emptiness in the concept of 'neutrality'," and in fact shows the extent to which the university's lack of action doomed Swartz to prosecution.

"'Neutrality' is one of those empty words that somehow has achieved sacred and context-free acceptance – like 'transparency', but don't get me started on that again," he writes. "But there are obviously plenty of contexts in which to be 'neutral' is simply to be wrong."

The lynchpin of the government's case against Swartz was that he had unauthorized access to MIT's network. But, he says, the report states that MIT never told police of federal prosecutors if Swartz wasn't authorized to use the network, and apparently didn't even bother to decide this itself.

The report does note that had Swartz asked for access in the usual way he would have been granted it under the terms of MIT's open guest policy for network use and, "it might be argued that Aaron Swartz accessed the MIT network with authorization." The university neglected to mention this to the either prosecution or defense teams, however.

"If indeed MIT recognized this, and didn't explicitly say either privately or publicly that Aaron was likely not guilty of the crime charged, then that failure to speak can't be defended by the concept of 'neutrality'," Lessig concludes. ®

Providing a secure and efficient Helpdesk

More from The Register

next story
WHY did Sunday Mirror stoop to slurping selfies for smut sting?
Tabloid splashes, MP resigns - but there's a BIG copyright issue here
Spies, avert eyes! Tim Berners-Lee demands a UK digital bill of rights
Lobbies tetchy MPs 'to end indiscriminate online surveillance'
How the FLAC do I tell MP3s from lossless audio?
Can you hear the difference? Can anyone?
Google hits back at 'Dear Rupert' over search dominance claims
Choc Factory sniffs: 'We're not pirate-lovers - also, you publish The Sun'
Inequality increasing? BOLLOCKS! You heard me: 'Screw the 1%'
There's morality and then there's economics ...
While you queued for an iPhone 6, Apple's Cook sold shares worth $35m
Right before the stock took a 3.8% dive amid bent and broken mobe drama
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.