Aaron Swartz is the new Lori Drew: The TOS misadventures

If the Federal government were on Twitter or Facebook (or even that shiny new toy Google+), they’d be the confused old grandfather who’s elated that he’s won the Australian lottery even though his clearly smarter – and younger – wife quizzically asks him if he’s every been to Australia.

The Feds continued their misadventures in Terms of Service land with an indictment handed down today against Aaron Swartz, disputed co-founder of Reddit, the less well known bastard child of Digg.

His crime – described by his acts, not the silly US Code that they’re charging him with (PDF) – is essentially downloading staggering amounts of documents from JSTOR, the online repository of the ivory tower’s pontifications and musings on the life of the bourgeoisie. Seriously. Have you ever tried download anything from JSTOR? Apart from being so damn counter-intuitive, that shit is expensive. So expensive that some universities are charged $50,000 a year for access to the hallowed writings scanned and uploaded to JSTOR.

Swartz, someone whom the Feds have had their eye on for a while, basically used spoofed MAC addresses, guest accounts and the like to get behind their paywall and just download all their files. What was he going to do with it? Who the hell knows. But he did it because he hates paywalls and believes in freedom of information and free dissemination of that information. Or something. Watch out, NYT, you’re next.

Imagine, if you will, the olden days. No computers, nothing. Then imagine the most pompous guy in your town. He builds a house, goes around the country collecting all these interesting books and papers. Then he locks them in that building and charges each person one dubloon to look at one paper. That’s JSTOR, sort of. Along comes Swartz, who says, screw this, breaks in and starts photocopying (in this alternate timeline, photocopying is invented a century early) everything. The pompous guy realizes what happened, so he changes the locks. Swartz, undaunted in his singular mission of liberating information, pretends to be the termite inspector, goes back in and start copying everything again. Finally collared, he gives it back. All of it. He doesn’t keep a single piece of paper, doesn’t make a single dime off it.

That’s essentially what happened here:

The grand jury indictment accuses Swartz of evading MIT’s attempts to kick his laptop off the network while downloading more than four million documents from JSTOR, a not-for-profit company that provides searchable, digitized copies of academic journals. The scraping, which took place from September 2010 to January 2011 via MIT’s network, was invasive enough to bring down JSTOR’s servers on several occasions.

The indictment alleges that Swartz, at the time a fellow at Harvard University, intended to distribute the documents on peer-to-peer networks. That did not happen, however, and all the documents have been returned to JSTOR.

JSTOR, the alleged victim in the case, did not refer the case to the feds, according to Heidi McGregor, the company’s vice president of Marketing & Communications, who said the company got the documents, a mixture of both copyrighted and public domain works, back from Swartz and was content with that.

As for whether JSTOR supports the prosecution, McGregor simply said that the company was not commenting on the matter. She noted, however, that JSTOR has a program for academics who want to do big research on the corpus, but usually faculty members ask permission or contact the company after being booted off the network for too much downloading.

“This makes no sense,” said Demand Progress Executive Director David Segalin a statement provided by Swartz to Wired.com before the arrest. “It’s like trying to put someone in jail for allegedly checking too many books out of the library.”

Well, not quite checking too many books out of the library. Because it seems that JSTOR and MIT made it clear to Swartz that he wasn’t supposed to be doing what he was doing and could he please knock it off already? But the Feds think otherwise. Since all the other crimes in the US have stopped occurring, the Feds have decided to turn their sights on that most insidious of the new-age felonies: violating terms of service. You know what? I think I’m violating 3 TOS right now: the aforementioned social media networks. Hang on, there’s a knock on the door. Is it the Feds:

But the feds clearly think they have a substantial hacking case on their hands, even though Swartz used guest accounts to access the network and is not accused of finding a security hole to slip through or using stolen credentials, as hacking is typically defined.

In essence, Swartz is accused of felony hacking for violating MIT and JSTOR’s terms of service. That legal theory has had mixed success — a federal court judge dismissed that argument in the Lori Drew cyberbullying case, but it was later reused with more success in a case brought against ticket scalpers who used automated means to buy tickets faster from Ticketmaster’s computer system.

Ah, Lori Drew. Remember her? She was charged with some trumpeted nonsense because she set up a fake account on My[____] (yes, that’s what it’s called now) and some girl tragically killed herself because of the bullying she was subjected to from that account. While the event was tragic, a crime it was not.

And here we have essentially the same dilemma. Just how do the Feds have jurisdiction? Swartz was in the JSTOR building while he was “hacking”. It’s like me stealing from your house and being indicted for wire fraud because I took this nice vase that your Aunt Maude sent you from her old person’s home in Peoria.

That – at least to me, for now – seems to be the tenuous connection that gives the Federal government the authority to indict Swartz. But I’m not expert and I’m often wrong, so don’t quote me on it.

So what’s really going on here? It seems that they may just have a thing for Swartz:

Swartz is no stranger to the feds being interested in his skills at prodigious downloads. In 2008, the federal court system decided to try out allowing free public access to its court record search system PACER at 17 libraries across the country. Swartz went to the 7th U.S. Circuit Court of Appeals library in Chicago and installed a small PERL script he had written. The code cycled sequentially through case numbers, requesting a new document from PACER every three seconds. In this manner, Swartz got nearly 20 million pages of court documents, which his script uploaded to Amazon’s EC2 cloud computing service.

While the documents are in the public record and free to share, PACER normally charges eight cents a page.

The courts reported him to the FBI, which investigated whether the public records were “exfiltrated.” After in-depth background searches, a luckless stakeout and futile attempts to get Swartz to talk, the FBI dropped the case.

Ohhh. He’s that guy! This should be a fun ride. Strap in…or should I say…log on!

Okay, video time:

4 thoughts on “Aaron Swartz is the new Lori Drew: The TOS misadventures

  1. Rick Horowitz

    On the one hand, I agree this is a supreme waste of government resources. And as a CDL, I am having some trouble understanding why they seem to be so rabid for the guy.

    On the other hand, it would appear that the TOS certainly did not allow for what he was doing — and he knew that. How else does one explain the need for breaking into closets and repeatedly reconfiguring the laptop to dodge attempts to block what he was doing? Even if, somehow, someway, someone could say he didn’t know that, it’s at least clear that the owners of the servers and holders of the computer files did not want him to do what he did — and probably would say it was a violation of the TOS — for him to do it, else they wouldn’t have been trying to block him.

    On the other hand — hey, Tevya! how many hands do we have here? — although he may be rightly charged with breaking and entering and possibly some other crimes, “hacking” seems extreme.

    Reply
    1. Gideon Post author

      Right. I think this is certainly more “criminal” than Lori Drew, but how in deity’s name is this a Federal offense? I mean, what’s the nexus?

      Reply
  2. Max Kennerly

    A single user’s violation of a single provider’s TOS to access lawfully-available non-private data is precisely why we have this totally separate court system to hear disputes among private parties.

    What’s next, prosecutions for unlocking your smartphone? You know, I once used my employer’s computer to read a blog. That “exceeded authorization,” of course. Let’s bring out the federal indictment.

    Reply
  3. Pingback: They have always been us | a public defender

Leave a Reply