Should setting information free get you locked up? Aaron Swartz, JSTOR, and the theft of information

No readers like this yet.
Two government buildings
Image by:

Opensource.com

Aaron Swartz is 25 years old. He’s smart, tenacious, talented. And, in the view of the US Attorney General, a dangerous man currently charged with wire and computer fraud, obtaining information from a protected computer, and criminal forfeiture. He was released pending a September trial on a $100,000 bond.

His crime? Downloading more than four million documents from the JSTOR digital library.

What he did and whom he did it to

JSTOR, which stands for Journal Storage, is a not-for-profit organization that offers a collection of academic journals and publications for license to libraries, educational institutions, publishing companies, and individuals--for a fee. These organizations then turn around and offer JSTOR access to their members, students, or employees, usually through library services.

The Massachusetts Institute of Technology (MIT)--the network through which Swartz did his dastardly downloading--offers free access to its students and faculty. However, Swartz was not a student at MIT. He broke into a network closet to gain direct access and used a faux student account (Gary Host or, cleverly, ghost) to log in.  

In September 2010, Swartz began accessing and downloading the JSTOR files. Eventually, his rate of download prompted JSTOR to deny all MIT-identified computers access and raised the suspicions of JSTOR and MIT admins. Swartz was found out, and convinced to turn over the hard drives that stored the data he’d copied. MIT decided not to press charges once the material was returned and Swartz agreed to make no further efforts to distribute it. The US Attorney General’s office chose to continue the prosecution.

Show me the money

A $100,000 bond is pretty high. There are lots of crimes for which the average bond is far less. Assault. Battery. Rape. Manslaughter. (Murder typically is unbondable, or at least a cool million .) Theft bonds out between $5,000-$50,000, depending on the value of the items stolen.

So what was the value of the documents that were taken? According to the indictment, JSTOR's annual subscription fee for a large research university would cost more than $50,000. "Portions of the subscription feeds are shared with the journal publishers who hold the original copyrights," it continues. The publishers set the fees for their articles and choose which ones can be purchased individually.

Value is also dependent upon rarity. In this case, JSTOR’s files remained unchanged and (mostly, save for the outage at MIT) available. What Swartz was attempting to take from JSTOR was the ability to enforce rarity by charging a premium for access.

Who is Aaron Swartz?

Swartz co-authored the RSS 1.0 specification before he was old enough to drive. He got into Harvard and left after a year to start Infogami--a tech company later bought and integrated into Reddit, which was then bought by an arm of Condé Nast. He started another company, Jotit. He is an activist and co-founded Demand Progress, a largely digital, progressive political organization.

And why is he doing this?

Swartz has been under this kind of suspicion before. The FBI got involved in 2009 when he--with the encouragement of Carl Malamud and others--began downloading and openly redistributing documents from PACER (Public Access to Court Electronic Records), which was in the midst of a trial run of openness.

PACER documents had been made available to a small number of libraries (17), and Swartz had managed to download 20% of the available info before the service was shut down. Though Swartz was investigated, no charges were filed.

Swartz, Malamud, and others felt the PACER documents and other government-generated records--many of which are legally required to be available to the public--should be made easily accessible, on the public web, where they could be freely copied and indexed by search engines like Google.

JSTOR is an archive of largely academic articles, many of which are based on research funded by public grant or written by people working for state-sponsored universities. Some people, like Swartz, believe that this puts them on the same level as any other public record and that they should also be freely available online.

But even if the information should be public, the process of moving records online encounters roadblocks. The fees that are generated through requests for information help pay for maintenance. Converting large volumes of traditionally stored information to digital form is arduous, especially since some must be redacted or otherwise altered to protect the personal, private information of involved parties. And some types of information are controlled by knowing who has access to them.

Repercussions of the JSTOR case

The revolution in information technology affects everyone. Despite objections, the way we do things involving data has and will continue to change. For instance, who bothers to look up something in an encyclopedia anymore? How many people still visit the bank teller to find out their balance or deposit a check? We trust PayPal and Amazon with our financial information, and it is clear that even public agencies take advantage of the ability to record, store, secure, and distribute private information over the Internet. 

Swartz's goal in his actions was to accelerate this process. When it came to JSTOR, in his view, the roadblocks have already been overcome. He believes the documents should be publically available because their contents were in part publically funded. The work of digitizing them has been done, and they do not contain private information.

“It’s like trying to put someone in jail for allegedly checking too many books out of the library," said David Segal, executive director of Demand Progress, a political action group Swartz helped found.

But then, most library patrons don't check out a pile of books after first getting a fake library card and stealing the key to the library. Swartz has been indicted on multiple charges, including computer fraud and unlawfully obtaining information from a protected computer. The charges could result in up to 35 years in prison and a $1 million fine.

Despite his methods, the case poses several questions about the cost of access and value of information. The amount of Swartz's bail suggests a far more serious crime--theft of valuable property--than the charges brought against him. The verdict may tell tell us something about how much information is worth.

Read more

Tags
Law
bascha
User profile image.
Editor, writer, and developer. I wear many hats, including the red one. Graduate of UNC-Chapel Hill School of Journalism; long-time interest in all things geeky. Editor of Red Hat Magazine and grizzled industry veteran, including time as an archivist for SunSITE UNC (now ibiblio.org) and ten-plus years at my current gig. I love:
More about me

24 Comments

Avatar
David Spalding | August 31, 2011
No readers like this yet.

IMHO The ends don't justify the means. (Dons fire resistant mackintosh.)

I think we're confusing what he did and his motivation. You asserted that his bail seems unreasonably high for "theft," but you already divulged that he's not being charged with simple theft, but <em>wire and computer fraud</em>. I'm guessing, without even following links, that he's being charged with some permutation of the 1986 Computer Fraud and Abuse Act. As you say, the charges allege that he willfully broke into MIT's systems, used a falsified account ("ghost"), in order to access JSTOR and download information that he was not otherwise entitled to access legitimately (without "going through channels," i.e. getting the library card, paying the fee, registering a valid account).

I appreciate that what he may be trying to illustrate is that the documents JSTOR is charged with keeping safe result from partially publicly funded research, but it's not for Mr. Swartz to decide that this information "wants to be free." There are legal means to crack open this nut. Breaking into computer systems and falsifying records shouldn't be necessary. Has he tried the legal means already?

Just as we saw in London recently, smashing shop windows, torching police cars, and stealing TVs and other goods, don't directly address issues of social inequity and injustice. They directly address a desire to cause mayhem or upgrade one's own property. Protesting injustice is a poor justification of committing larceny, assault, vandalism, or even terrorism.

Let's illustrate this with a more personal example. If you and I worked for a public agency, would the details of our salary and compensation be public record? Would it be okay for John Q. Hacker to break into our agency's HR systems, steal all the information and then make it available, all because we're civil servants and our salaries are made possible by tax revenues?

I personally hope that engineering and information technology schools still teach about the laws that govern these realms. Ignorance of the law is not a justification for breaking it. I suspect that young Mr. Swartz will not appear in court to answer to his personal convictions about how information should be free, but to defend himself against The People's charges that he broke into protected computer systems and stole data from a discretionary access system. I don't care what the data was, I just want techies to learn that there are real-world consequences from this kind of mischief. If Swartz does jail time, it's not because he valiantly tried to crusade in the cause of public access to digital information, but because he ignored the law and broke into multiple computer systems.

Avatar
bascha | September 1, 2011
No readers like this yet.

Fraud, much like theft, carries a bond of around $25K, or the value of the information, whichever is greater. So, regardless of which crime I chose to compare it to, his bond is quite a bit higher than what might be expected, unless the value of JSTOR's material is much more than I (personally) would have expected.

The question, really, is not so much if what he did was illegal--breaking and entering and computer fraud are, for sure, illegal acts. Creating a fake account--also bad. He does deserve whatever punishment is fit for those transgressions he is accused of (if he is found guilty of them). Agreed on that point.

My question revolves around the value of what JSTOR is doing--and whether the extreme value being applied to JSTOR materials (which will in some ways determine the severity of his crime) is accurate. Like with music filesharing, where a single song could cost you between $20,000 and $80,000, depending on the whim of the court's ruling (and the RIAA's claims). It's at that point that I start to wonder if this is less about actual value and more about either (a) making money off litigation or (b) setting an example /so high/ as to discourage any future challenges.

And I do see this as an area to challenge--or at least to question and look thoughtfully at. Should people be able to bundle up a bunch of data (journals, magazines--things that could be considered by some to be public resources, intended for the public library), drop a pay wall around them, and charge for access? Well, ok, there's some questionable intent there (if the materials are truly public) but let's say for the sake of argument that there's clear copyright, clear rarity--the work has never been released before to the public, only to subscribers.

Is rarity worth $100,000?

Moreover, what happens to libraries and public resources when every niche journal and publisher walls off their content for a stiff fee? When reproducing something you used in your study (for yourself or for other students to follow) could carry a massive fine?

I understand that what Swartz did was criminal. I also loathe the phrase "information wants to be free"--it doesn't, it's information. It's not got wants. But I think /we/ want a great amount of critical information to be free. Free as in freedom. Not as in beer.

I'm just not sure it was $100,000 worth of criminal beer, if you get my drift.

(Edited to add: On the question of public disclosure of salary? I'm one of those weirdos who thinks that everyone's salary should be public. Keeping salaries private isn't of benefit to workers at all!)

Avatar
David Spalding | September 2, 2011
No readers like this yet.

Don't even get me started on what the RIAA did, suing citizens (including little girls and grandmothers) for huge amounts for alleged file-sharing. But that wasn't in criminal court, those were civil matters. I personally think the RIAA was coming on way too strong by demanding huge amounts (IIRC, settlements usually were far less) in order to over-dramatize their case. I'd like to think that it backfired on them, illustrating instead just how greedy and antagonistic the music publishers (RIAA being their industry representation) were towards consumers.

I agree with you that otherwise freely available publications should not be sequestered behind a paywall just because the publishers can do so. I wonder how many, if any, of the JSTOR documents were published under public domain copyrights that were bent or violated by charging for access. Still ... content owners, publishers, and their appropriately licensed distributors are entitled to charge fees that cover their expenses, aren't they? Isn't LEXUS/NEXUS all about a subscription-based search engine and database made up of public records of a legal nature, that would otherwise (through great effort and expenditure of time) be available for free? LEXUS provides a system to access the information quickly, easily. Their system includes the storage and distribution facilities that couldn't be supported without subscriber revenue. I doubt that the clients that pay those fees are irate, because the service saves them time and money. (Granted, if subscription fees balloon out of proportion of the value returned, subscribers would revolt, and the service could be in danger of collapsing in on itself.)

Likewise, back in the day, CompuServe charged significant hourly fees for accessing their network which contained, in part, news and other information that were available elsewhere (e.g. AP news reports, NOAA information), but the convenience of accessing the information all in one channel was a value-add that customers demonstrated was worth the money.

Since Melanie's clarified that the bail isn't directly tied to the "value" of JSTOR's sequestered content, I wonder what the true value of that content is. How much does JSTOR charge? Is it a seat license, or a blanket site license? From what I read, MIT pays a fee, and all MIT students and professors have access to JSTOR's library -- sounds like a good deal to me. Those fees help pay for development and maintenance of the software used to store and distribute the articles, so it seems like a fair tradeoff. Perhaps Swartz knows something I don't....

This isn't the only business model out there. Those publications could all sell their material to readers through a distributor whose operating expenses are subsidized by per-transaction fees (say for argument 5%) when any subscriber "buys" a document from the service.

I realize I'm playing devil's advocate here. I'm disappointed anytime a smart cookie like Swartz resorts to alleged illegal acts to prove a point or publicize an inequity. Why? Because unless we pervert our legal system, the case will be about the computer crimes he is charged with (which, I checked, are indeed derived from Ye Olde Computer Fraud and Abuse act), not the greater sociopolitical issues he'd like his actions to be about.

Avatar
Melanie Chernoff | September 1, 2011
No readers like this yet.

It is a common misconception that bail is determined by the severity of the crime, when, in fact, it is based on a variety of factors. The primary purpose of bail is to ensure that the accused appears in court. A person who is considered a flight risk, especially a person of means who does not have strong ties to the community (eg dependent family living in the area and a job that requires physical presence) will likely have a higher bail than someone entrenched in the community who is accused of the same (or even more serious) crime. The chart referenced in the article shows average "assumptive bail" which is a recommended starting point for the judge when there are no extenuating circumstances in place.

Bail is not 'punishment' for the crime, since the accused has not been found guilty.

Avatar
bascha | September 2, 2011
No readers like this yet.

I understand. The severity of the crime (and the danger John Q Public will be in if the accused is indeed guilty and allowed to remain free) is reflected--though not a single determinant--in the amount of bail. The chart is indeed a guide, not an absolute and certainly there are many factors that go into it.

But it is a starting point, and since we have no final ruling in this case (as yet), I can't compare the actual amount of fines/'punishment' levied, I can only look at the factors that exist today. And IANAL, but it seems a little strange. Was he that much of a flight risk? Was the risk to others (and other library collections) that great? Or was it a calculation of value of the property stolen, like with theft/fraud?

All questions, and somewhat unsolved ones!

Avatar
Gary Scarborough | September 3, 2011
No readers like this yet.

I would say that what he did was obviously a bad idea. But there are a lot of possible mitigating factors that people don't seem to grasp.

First, what account was he using? I read that the account was a guest account. Being a university IT staff person, I can tell you that these are fairly common. We often have guests on campus that need access for the day/week or longer. If he used a guest account, he may not have been illegally accessing the system.

Second, did he actually use force to enter the network closet? It would seem that if he forced his way in, the IT staff would have noticed that the door had been tampered with. This would have caused him to get noticed right away. If the door was unlocked and there were no signs stating restricted access, you can't blame people for going in. Our IT closets are locked, but there is no indication what is actually behind the door or that its an IT closet.

What material did he actually get? Much of the material JSTOR has is actually public domain. You can't really steal public domain material can you?

At the end of the day, both JSTOR and MIT settled the matter without legal intervention. What I don't understand is how the DA has the right to charge him with anything. Out of the crimes he was charged with, they are only crimes if the owners of the systems deem it so. If you entered my house but I told the police it was ok, they really have no case to charge you with breaking and entering do they? This whole mess smells like an election effort by a DA wanting to be a judge, IMHO.

Avatar
Unidentified | September 7, 2011
No readers like this yet.

"... if the door was unlocked and there were no signs stating restricted access, you can't blame people for going in..."

OH NONSENSE.

You cannot walk into an unlocked supermarket and eat your lunch and walk out without paying. Its theft.

When the wunderkind that invented RSS opened the closet to access the network he knew he was stealing.

Avatar
David Spalding | September 7, 2011
No readers like this yet.

I'd have to spend some time (that, sorry, I don't have at the moment) confirming, but I seem to recall that at least early provisions of the Computer Fraud and Abuse Act didn't stipulate that "unauthorized intrusion" required breaking through physical or technical barriers to get in. And that used to make me very, very uncomfortable. I've seen home lighting systems that were running on Windows CE, with an open web interface, connected directly to the Internet without a firewall or proxy (why, I can't imagine), with a default configuration of NO password protection (again, I can't imagine why). If someone on the Internet finds the device, and turns all the lights off, is it an intrusion? Is it a criminal offense, or rather, should it be?

I'm sure details will surface, e.g. was the network closet marked, was it left completely vulnerable to entry, were there any safeguards or practices to determine if intruders were plugging things in willy nilly? In this post-Napster, BitTorrent world, I'd be really, really, really surprised if this equipment truly was left exposed and unmonitored (unless it was a "honey pot"). I mean, c'mon ... at MIT?

I think that the point Bascha is making is that the defendant will, like any of us would, endure a sort of pre-punishment in having to incur legal expenses to mount a defense. Even unfair laws that no jury will enforce can cause damage to our society through prejudiced enforcement making citizens expend personal funds to defend properly (unless a reasonable prosecutor's office declines to prosecute). Setting high bail is just the beginning of the defendant's financial burden.

Avatar
Unidentified | September 8, 2011
No readers like this yet.

@ David : Are you saying when he entered the closet and plugged something into a switch, (or whatever he did in the closet) that the guy who invented RSS was so naive he didn’t know it was wrong?

Are you saying he did not think he was stealing when he accessed the MIT network with a false name?

Are you saying that stealing is OK if force is not used?

I guess if you are saying those things, then maybe it’s unfair that he is prosecuted. I do not think those things.

I think stealing is wrong. From the facts presented by the OP, it seems fairly clear to me that this is not even in question. “… most library patrons don't check out a pile of books after first getting a fake library card and stealing the key to the library.”

So perhaps you think 100K was too high a bail? Apparently not, the post states he is out on bail. If he shows up for trial, I think he gets it back.

I do agree with the OP when he says that there are questions society needs to address about access to data and information. What is public? What is private? Who owns private information? What is the responsibility of government with regard to data and information it holds?

If Aaron sought to bring these issues out by his actions, then he was successful. (It doesn’t make stealing right; and he shouldn’t be surprised to be prosecuted.)

Avatar
David Spalding | September 8, 2011
No readers like this yet.

<em>Are you saying when he entered the closet and plugged something into a switch,... [Swartz] was so naive he didn’t know it was wrong?</em>

No, I'm not saying that. ... And I think he is capable of understanding exactly what he was doing. Whether he was conscious of the legal risks, I have no idea.

<em>Are you saying he did not think he was stealing when he accessed the MIT network with a false name?</em>

No, I'm not saying that. ... I have no knowledge of his frame of mind or thoughts while allegedly performing the acts cited in the charges.

<em>Are you saying that stealing is OK if force is not used?</em>

Wait for it ... no, I am absolutely not saying that either. ;) I think if you reread my comments, you'll understand that I was questioning if it's an illegal intrusion even if no "forced entry" techniques (e.g. cracking passwords, bypassing proxies or firewalls, using SQL injection techniques to insert code into a server, etc.) are utilized.

<em>I guess if you are saying those things, then maybe it’s unfair that he is prosecuted.</em>

I'm not asserting any of the points you asked about.

<em>So perhaps you think 100K was too high a bail? </em>

I don't think I meant to imply or state that. My understanding is that bail is set based on a variety of factors, including the flight risk of the defendant, the financial ability of the defendant to skip bail (think OJ Simpson, Dominique Strauss-Kahn, et), etc. I am not a lawyer, so there is more that I don't know about the bail setting process than I do.

Avatar
Gary Scarborough | September 7, 2011
No readers like this yet.

Your analogy isn't quite correct. The right analogy would be that you invite someone into your home, and then they go into a part of the house that you don't want them in. Its not really breaking and entering because you invited them in. Most universities invite the public in all the time, it goes with being an open learning space. I can also tell you that the number of non university technicians coming and going from network closets is substantial. We ALWAYS have contractors working on campus, and I quite often see normally locked doors propped open.

Its also not theft. At least not of materials. He didn't take anything physical. At most he fraudulently used a service he wasn't suppose to. Also remember that JSTOR and MIT didn't press charges, which is probably why the only things he was charged with are crimes not requiring a victim's complaint.

Avatar
David Spalding | September 7, 2011
No readers like this yet.

I think my analogy is more accurate. I'm not drawing comparisons with grocery stores, or sneaking off to the master bedroom at my boss' dinner party, and such -- comparing private computer networks and servers to an Safeway store is going to eventually tie you up in knots. I'm comparing oranges to oranges ... intrusion to a computer system that one would not ordinarily have access to.

Depending upon the legal interpretation of the charges, Count 3 indicates clear theft. Oh, no not material goods like Wonder Bread and Oscar Mayer bologna, or my boss' Rolex Datejust, but theft on data. I'll save you the click (Bascha provided the link above):

"Count 3
Unlawfully Obtaining information from a protected computer 18 USC 1030(a)(2), (c)(2)(B)(iii) & 2

... and thereby obtained from a protected computer information whose value exceeded $5000 -- namely, digitized journal articles from JSTOR's archive -- and aided and abetted the same.

All in violation of 18 USC 1030(a)(2), (c)(2)(B)(iii) and 2."

Or if you insist ... 'and thereby obtained slices of bread, sliced meat, and sundry condiments,' or 'and thereby obtained my boss' watch worth in excess of $5000.' Again, I think the question we're chewing on is, is Mr. Swartz' alleged theft of data the same kind of grand larceny as David Niven stealing the Pink Panther?

[Edited because I keep hitting [ENTER] by accident.]

Avatar
Gary Scarborough | September 8, 2011
No readers like this yet.

Its not exactly clear that he used a protected computer system. Some accounts of the incident indicate he was using a guest account. He was downloading the info to a laptop. The system may be set to allow all local accesses as its authentication. When you create a guest account for people to use, you are giving permission. If he actually hacked his way into the system, then he should be found guilty of that. But its not clear that is what happened. From my own experience:

Many computer systems used to have banners welcoming the user to the system. Our ISO banned such banners and strictly requires a certain banner now. Why? Because if someone sits down at a terminal, and the screen says welcome, you can't really make a case that they accessed the system without permission. Saying "Welcome" is actually giving permission. Our banner now reads basically: "If you are not a university student or employee, disconnect immediately!"

Avatar
Unidentified | September 8, 2011
No readers like this yet.

@Gary: Ok, the analogy could have been stronger.

Are universities different than business? (I haven’t been near a university in 30 years, and then it was only a college.) In business, I do not expect my invited guests to enter my wiring closet, and I would consider it a breach of security if I found them there.

With regard to your quibble about theft… would you mind if I wire my house into your home’s electrical system? Electricity is not material. Ask yourself, are you going to call me a “perpetrator of fraud” or a thief when you have to pay your electric bill? MIT pays for infrastructure, maintenance, access to the data that was taken, bandwidth to the internet and electricity to run the network.

Without regard for your question of actual theft, there is an interesting point raised here in questioning the interest of the state in prosecuting when the “victims” are not interested in pursuing the matter. If you do not report me to the authorities for perpetrating fraud on your electricity, what interest does the state have in this?

Avatar
Gary Scarborough | September 8, 2011
No readers like this yet.

A true story that happened recently in the building I work in, during the summer. Workman were in the building working on running data lines for a lab renovation. One of them stood outside a locked computer lab waiting to be given access. One of the faculty in the building, being very nice and helpful, let the worker into the lab. The faculty did not know who he was, there is no ID system for guests, no way to know why he was there. Physical access at most universities is fairly easy to get. And once some employee invites you in, its hard to prove that you illegally accessed the environment. Like I said before. Universities are very open environments. Its most likely why MIT just wants to drop the matter. Why would that want to damage that culture of openness they spent so long creating?

Avatar
Jim (JR) | September 8, 2011
No readers like this yet.

@Gary,

Ok, let's put this all the way out on the table.

You said:
"Its also not theft. At least not of materials. He didn't take anything physical. At most he fraudulently used a service he wasn't suppose to"

In every jurisdiction I have been aquainted with, there is a law regarding "Theft of Services"

Viz:
* If you have a dumpster, and I toss stuff into it, I'm not "stealing" anything material from you - in fact I'm <strong>GIVING</strong> you something - so, it's not a crime, right?
* If you tap into someone's cable connection, you are not "stealing" from them, and what you are taking is not "material", right?
* Sites like WESTLAW provide access to information which is - in large part - already publicly available. So, if I hack WESTLAW's site and, (for all intents and purposes), rsync their entire site, or make a copy of their entire database(s) file(s), that's not a crime, right?

I wold beg to disagree, so let me take this point-by-point.

First, the dumpster:
As you may already know, dumpsters are not cheap - just to get one - and when they haul the beast away - brim-full of stuff you never put there, <strong>YOU</strong> pay for all this stuff <strong>BY WEIGHT</strong>. So, it should be obvious that by adding stuff to your dumpster, I am "stealing" capacity that you could have used - or I am forcing you to pay, by weight, for stuff you never intended to pay for.

Second: The cable connection.
Even though I am personally of the opinion that most cable operators hideously overcharge for the services they render - that does not give me the right to take access to services that I have not rightly paid for. The cable companies pay huge bucks for access to many, if not all, of the channels they carry and they have the recurring costs of maintanance as well as equipment to send the signals along the line. So, you have a bunch of people illegally tapped into the cable line - and each connection drops the signal strength by - say - 3 db.

To paraphrase Warren Buffett - a few db here, a few db there, and pretty soon you're talking real signal loss. And pumping signal into a cable costs money. Real money. (And if you don't believe me, ask a ham radio operator.)

Third: WESTLAW, (or FindLaw, etc.)
This is probably the closest to the case in point, but it is still illustrative.

In the case of services like WESTLAW, (et. al.), the information they provide is - by and large - already publicly published information.

However, the service they provide - not unlike JSTOR - isn't just the information itrself, it's the collation, sorting, categorizing, filtering, access to similar citations in other jurisdictions/courts, etc. etc. etc. This service saves lawyers and judges countless hours searching every court's / jurisdiction's records - local, state, and federal - all over the country, just to find information about a particular ruling.

Summary, Accessing JSTOR's data isn't about just the data - it's about the services they provide in collating, sorting, giving access to particular articles without searching for a needle in a haystack, and so on.

Even if he had "hacked" a publicly available, free, web--site - the fact that he tried to do mass downloads is also a huge issue since bandwidth costs money and by consuming huge amounts of bandwidth he is stealing bandwidth that legitimate patrons could be using for their own purposes.

IMHO, this is an open-and-shut case. We're not talking civil rights here - we're talking about clear-and-simple theft of services.

Oh, and by the way. . . . Prosecuting a case where the "victims" don't complain? That's what government oversight is for - protecting those who may not have - or want to expend - precious dollars fighting something that may cost them more in legal fees than the potential return.

Case in point: Many years ago there was a huge scandal on Long Island. LILCO, the electric company at that time, was using old, outdated, uncalibrated/out of calibration electric meters that had not been changed and/or checked for decades. The NYS Public Service Comission - and the NYS Attorney General's office - took LILCO to court, both criminal and civil - and hammered them into the ground.

The result of this was that the ratepayers got whopping refunds of the overcharged electricity and LILCO had to go out and replace darn near every meter with a NYS Certified meter before they could begin charging for the electricity again.

The "victims" didn't prosecute - in many cases the victims were entirely unaware that they were being scammed. And if they did, who has the money to take a giant utility company - with legions of expensive lawyers - to court?

Were it not for the NYS PSC, these people would probably still be paying 3x, 4x or more than the rate they should be paying.

What say ye?

Jim

Avatar
Gary Scarborough | September 8, 2011
No readers like this yet.

You make some good points, but there is a big difference between your examples and what happened at MIT. One of those differences is harm. MIT pays a yearly fee to get these electronic databases for its library. Most universities will give the general public access to their library without question. That resource may be UserID authenticated or may be location authenticated. If its the latter, he would have been perfectly fine accessing it while on MIT's campus. JSTOR is located at MIT, so the university may just get blanket access. Unless you are at a university, it is hard to understand the level of openness that the school fosters as part of its existence. It is a far cry from a corporate setting where you would not have access to anything that you didn't actually need.

I also think its an error to equate MIT with the average family when it comes to the level of resources each has to mount an offensive. MIT has the money to fight this legally if they thought they needed to. So does JSTOR.

Another point to think about is that this case will do nothing good for JSTOR or MIT. At best they will get nothing out of it. At worst, this will give them a black eye in the academic community. This is the kind of thing faculty don't like to hear about when they are visiting other campuses. On the other had, the US Attorney General is a politician. This case will show he/she is tough on "computer criminals", no matter how it turns out.

Avatar
Gary Scarborough | September 8, 2011
No readers like this yet.

One other thing a forgot to mention. In your cases, one would assume that this all happened against the "victim"'s will. Both JSTOR and MIT have publicly said that the man should not be prosecuted. So not only do they not want to press charges themselves, they are actually standing up for the guy being charged.

Avatar
David Spalding | September 21, 2011
No readers like this yet.

[Oops. Error, removed by author.]

Avatar
Unidentified | September 7, 2011
No readers like this yet.

This will come down to a jury trial. Curiously, socialists who are all about rights mainly neglect the role of the jury in our justice system. The citizen jury is really a Fourth Branch of our government because under the Constitution, no citizen can be convicted of a serious crime unless the accusation is judged by two juries, the grand for indictment and the petit jury at trial.

This is a great opportunity for those who are concerned about this egregious prosecution to understand the role of the jury in dispensing justice. If no jury will convict, then government cannot impose unjust laws. The role of the jury is not to be a pawn of government, but as a check upon runaway government. To see that those who are guilty are convicted and those who are innocent go free as the jury decides, not as how government instructs them to decide.

I would suggest starting by browsing the web site of the Fully Informed Jury Association (www.fija.org) .

Avatar
Jim (JR) | September 7, 2011
No readers like this yet.

IMHO, this whole argument conflates the issues of "public domain" and that of private security of personal property.

The example of someone going into a grocery store, eating lunch and then leaving without paying is a good one.

Likewise, though the works of Shakesphere may well be public domain, this does not give anyone the right to go to a bookstore, or library, and steal the books.

A third example:
Red Hat/Fedora, Ubuntu, Debian, SUSE, (etc.) are all open-source/GPL'd software - and it is perfectly legal to legitimately access these systems (or their mirrors) to download copies. However - if you hacked your way into the computers to grab this same software (rather than using the unlocked front-door), legally you would have (should have) a serious problem to answer for. Likewise, breaking and entering to steal prepared CD/DVD's that they sell to people who want physical media is not legal simply because the content is GPL'd.

Yes, perhaps much of the information was/is Public Domain, but - as I remember - the Constitution also guarantees us to be "Secure in our persons and possessions" - breaking into a houose, store, or computer is still a crime, regardles of what you pinch or how it was licensed.

What say ye?

Jim

Avatar
Jim (JR) | September 7, 2011
No readers like this yet.

p.s. . . . .

I strongly disagree with the tenor of the title of this article. It makes it sound more like a crusade than a crime.

What say ye?

Jim

Avatar
bascha | September 8, 2011
No readers like this yet.

That's part of the divide, as I see it. The people who see Swartz as a hero--doing something wrong to illustrate a bigger point--see it as a crusade.

Those who disagree, as some have here, tend to focus on the crime and ignore the questions of intent and value.

My main point of curiosity wasn't whether or not JSTOR was wronged (as a business), but how we codify this kind of wrong. Who does it hurt? What is the punishment? What is reasonable? What is our process for dealing with public and non-public (free and non-free) information as a currency?

Admittedly, the title could be better. I don't like that I used the same word twice! ;P

Avatar
Jim (JR) | September 21, 2011
No readers like this yet.

@everyone,

Here's an example that I believe should be very close to the point:

Assume:
* You have a hose spigot outside your house facing the front yard.
* Your water consumption is not metered. (yea right!)
* The spigot is close enough to the sidewalk that it can be reached by anyone who goes past.
* There is a hose attached to the spigot, hung on the side of the house, near the spigot's valve handle.

Viz.:
Obviously, if some kid on a bycycle, riding around in the hot summer sun, decides he wants a drink of water - I would not mind at all. Even if the water usage WAS metered, the consumption is <i>de-minimus</i>. However, if my neighbor across the street decides he wants to drag the end of my hose across the street to fill his swimming-pool, that's a horse of a different hue.

In this case, I probably would not mind him filling a (relatively) small above-ground pool, but I would expect him to walk up to my door, knock, and politely ask permission. Even if the water WAS metered. Of course, I would wonder why he wasn't using the water from his own spigot. . . . .

In this case, if a cop comes by and sees my neighbor sneaking across the street with my water-hose, I would expect the cop to have something to say about it. Especially if I were not home, able to monitor the situation.

In essence, simply because the hose was outside and "publically available" does not give someone the right to take my hose and consume huge volumes of water.

I believe this is also true of the JSTOR case in point. They do not have guards standing watch over their system - in essence it's like a public library. And, in a public library if you ask permission to remove books, (by getting a library card), you can take as many as you want - or are allowed to take.

In his case he did the equivelent of bringing a large satchel into the library, loading it up with copies of the library's books, and leaving.without checking them out - or even getting a library card.

Likewise, if the police see him sneaking out of the library caring a huge duffel-bag crammed full of books - I would expect there to be something said and done.

IMHO, the fact that a data-store is "publicly available" does not give someone the right to go to it and mass-download the data. Even if the data is (theoretically) Public Domain. Many of the books he dragged out of the library in his big duffel-bag may well have been public domain too.

I suspect, very strongly, that if he'd had the balls to stand up on his hind-legs and politely ask permission, there may not have been any problem at all. They might have even given him rsync access. Or, they might have said "no".

In any event, he did not even offer the courtesy of asking permission - and the cops caught him dragging the hose across the street.

What say ye?

Jim (JR)

Related Content

Creative Commons LicenseThis work is licensed under a Creative Commons Attribution-Share Alike 3.0 Unported License.