The arrest shocked friends of Mr. Swartz, as well as
M.I.T. alumni. Brewster Kahle, an M.I.T. graduate and
founder of the digital library Internet Archive, where
Mr. Swartz gave programming assistance, wrote: “When I
was at M.I.T., if someone went to hack the system, say
by downloading databases to play with them, might be
called a hero, get a degree, and start a company. But
they called the cops on him. Cops.”
As an alum, I don't see a change in ethos. During my time there ('91 to '95) things were open, but if you were doing something that the institute considered improper they asked you to stop. If you persisted in the behavior, they escalated the response. In my four years there, I witnessed this philosophy applied to drinking, trespassing in forbidden places (roofs for example), harassing behavior and yes, behavior on the network.
Students often "explored" the network (myself included) but it was possible to go too far.
(no, I don't think Swartz's transgressions warranted multiple years in prison and the whole situation is a tragedy)
None of these things are true any longer. As things mature, they take on a new importance and are treated as such.
When the first aeroplanes were around, did one need to get a pilot's license (no), could you buzz buildings (yes)? When the first autos came about, where there any traffic regulations? Nope. They were both freewheeling till they took on importance.
I did find an article from 2007 about a case that raised questions about how the university handled hacking (http://tech.mit.edu/V127/N4/hackers.html), and a follow-up from 2008 titled, "Hacking tradition under fire?" (http://tech.mit.edu/V127/N66/hacking.html)
So clearly there's been some discussion a sea change in the culture at MIT. If true -- if it is even perceived to be true -- that will really be a problem for the school, as its status among technical universities owes a lot to its cultural respect for all forms of hacking.
And as the internet became important to business interests, it's not that surprising that these crimes became more harshly punished. (Though there's the argument that these punishments should be relaxed in some cases because elite CEOs and technologists have been guilty of them as part of their educations. Like Steve Jobs, Tufte, etc. Not unlike presidents getting away with drug use. And there's a conflict between businesses about intellectual property; Google probably would be happy if they could open up books.)
Less than 1.5 hours from campus cops to Secret Service on scene.
My guess is it wasn't so much the Secret Service getting involved, but this DHS agency mandated by the USA PATRIOT act [3] made themselves available to major local organizations. Wouldn't be surprised if ECTF spent its first couple of years just meeting individual orgs one at a time for meets/greets.
"Have a computer crime that isn't just your usual Craigslist scam? Give Mike over at the Boston ECTF a call, and he can help you out."
[1] http://www.linkedin.com/pub/michael-pickett/15/722/660 [2] http://www.secretservice.gov/ectf_newengland.shtml [3] http://www.secretservice.gov/ectf.shtml
Or they could have just tried talking to him and giving him a verbal warning.
Besides, what's there to warn him about, he's 100% right in what he was doing, wasn't he? To hear it from the hacktivists, he did nothing wrong (and so there's nothing to warn him about). If he did do something to warrant a warning then he was already past the point of needing one.
Second, they might have learned his motives and either found another way for him to achieve his objective (perhaps through some sort of compromise) or persuaded him to stop.
Third, they could have made clear to him what the penalties the government was ready to use against him in this case were, and that they had enough evidence to take him to court if he persisted.
Any of these might have been enough to lead to a less tragic outcome than what wound up happening when they immediately threw the book at him.
This has been known for a while. It was reported (and discussed on HN) when he was first arrested.
The answer must lie with certain Charles M. Vest who, in 1990, became president of MIT and served in that position until December 2004. He is now MIT professor and president emeritus.
He also happens to be a key member of the board of trustees of Ithaka, the owners of JSTOR.
I would not hold out my breath for MIT investigation criticising its own President Emeritus.
Also, looks like this went all the way up to the Chancellor, so it's not as if it was just the libraries or someone pushing for this.
("Attempted" means his laptop probably had a public ip address assigned through dhcp and someone was knocking on ports from China. This "attempt" happens constantly 24/7 and is nothing to write home about.)
"7. Exculpatory Evidence. In paragraph H of the government's letter, the government described but refused to provide almost all of certain exculpatory evidence, including evidence that, during the period covered by the indictment, persons other than Mr. Swartz at Harvard, MIT and China accessed the Acer laptop that was seized by the government, and persons other than Mr. Swartz at MIT and elsewhere were engaging in "journal spidering" of JSTOR data using a "virtual computer" that can be hosted by anyone at MIT. The government has no basis for withholding the electronic evidence described as exculpatory in its letter."
http://diyhpl.us/~bryan/irc/aaronsw-lost-pirate-treasure.txt
"At the meeting, Chancellor Phillip L. Clay PhD ’75 told the faculty that administrators were working with the district attorney’s office to move the felony trials out of the Cambridge court system to an internal Committee on Discipline process. The charges against the students were dropped on Feb. 28, when the prosecution filed nolle prosequi orders for the three students, indicating that they would not move forward on the charges."
My personal opinion is that following identification by MIT and clarification of his intent, this should have been dealt with internally. While it was totally within the power of the prosecution to persist and press charges, the article shows an example where top MIT management did the right thing and insisted upon dealing with this internally (again: my opinion).
As an MIT student, it worries me that a measured response was not achieved by MIT management in this case. Whether that means MIT should not have called the police and allow uncontrollable escalation or should have done a better job in convincing the prosecution to not press on, I cannot be sure. It is of course also possible that what happened is just a reflection of the prosecution's resolve to treat this with the full force of the law and whatever MIT management may have said fell into deaf ears.
I am unsure what weight each of those has in this sad case and I deeply appreciate President Reif's initiative to carry an internal investigation into MIT's response.
However, two other things bother me with regard to this case. First, it strikes me that the Computer Fraud and Abuse Act is inadequately broad and allows for dangerous interpretations. Second, it is very scary to think that individuals in the prosecution are insentivized to press for the maximum amount of charges, with little to no regard for proportionality. I can only hope for a system in which sentences are not used as a metric for a prosecutor's competence.
It seems to me that the concept of proportionality -as it is applied in armed conflict- is an essential one when talking about this whole issue. I fear that it is the root failing in this affair both in MIT's inability to treat this internally and later, in the prosecution's attitude towards the case.