United States v. Aaron Swartz | |
Court: | United States District Court for the District of Massachusetts |
Full Name: | United States of America v. Aaron Swartz |
Citations: | 1:11-cr-10260 |
Judge: | Nathaniel M. Gorton |
Prosecutor: | Carmen Ortiz Stephen Heymann |
Defendant: | Aaron Swartz |
In United States of America v. Aaron Swartz, Aaron Swartz, an American computer programmer, writer, political organizer and Internet activist, was prosecuted for multiple violations of the Computer Fraud and Abuse Act of 1986 (CFAA), after downloading academic journal articles through the MIT computer network from a source (JSTOR) for which he had an account as a Harvard research fellow. Federal prosecutors eventually charged him with two counts of wire fraud and eleven violations of the Computer Fraud and Abuse Act, charges carrying a cumulative maximum penalty of $1 million in fines plus 35 years in prison, asset forfeiture, restitution and supervised release. Facing trial and the possibility of imprisonment, Swartz committed suicide, and the case was consequently dismissed.[1]
JSTOR is a digital repository that archives − and disseminates online − manuscripts, GIS systems, scanned plant specimens and content from academic journal articles.[2] Swartz was a research fellow at Harvard University, which provided him with a JSTOR account. Visitors to MIT's "open campus" were authorized to access JSTOR through its network.[3]
According to state and federal authorities, Swartz downloaded a large number of academic journal articles from JSTOR through MIT's computer network, over the course of a few weeks in late 2010 and early 2011. They said Swartz downloaded the documents to a laptop computer connected to a networking switch in a controlled-access wiring closet.[4] According to press reports, the door to the closet was kept unlocked.[5] [6] [7]
On January 6, 2011, Swartz was arrested near the Harvard campus by two MIT Police officers and a U.S. Secret Service agent.[8] He was arraigned in Cambridge District Court on two state charges of breaking and entering with intent to commit a felony.[9] [10] [11] However, the door Swartz had used was never locked, making it impossible for him to break and enter.[5] [6] [7]
On July 11, 2011, Swartz was indicted in federal District Court on four felony counts: wire fraud, computer fraud, unlawfully obtaining information from a protected computer, and recklessly damaging a protected computer.[1] [12]
On November 17, 2011, Swartz was indicted by a Middlesex County Superior Court grand jury on state charges of breaking and entering with intent, grand larceny, and unauthorized access to a computer network.[13] [14]
On December 16, 2011, the district attorney's office filed a nolle prosequi declaration in the case generated by Swartz's initial January 6, 2011, arrest. The state charges against Swartz stemming from the November 17, 2011, indictment were dropped on March 8, 2012.[15] The state charges were dropped due to a deal being reached in which the data was returned by Swartz.[15] A report later submitted to the president of MIT about the Swartz case suggests, however, that Massachusetts state law required the Middlesex district attorney to dismiss the charges after the Boston U.S. Attorneys' Office and the Secret Service failed to promptly hand over evidence requested by Swartz's attorney during the Massachusetts case's discovery process.[16]
Writing in Massachusetts Lawyers' Weekly, Harvey Silverglate reported that lawyers familiar with the original case told him they had expected it to be dismissed after a "'continuance without a finding' ... The charge [would be] held in abeyance ... without any verdict ... for a period of a few months up to maybe a couple of years."[17] After the publication of his Massachusetts Lawyers' Weekly piece, Silverglate explained to CNET's Declan McCullagh that if the defendant manages to stay out of further legal trouble after such a continuance, the case is typically dismissed.[18] "Tragedy intervened," Silverglate had written, "when [U.S. Attorney Carmen] Ortiz's office took over the case to 'send a message.'"
According to Verge reporter Jeff Blagdon[19] and the Huffington Post,[20] federal rather than local prosecutors had been "calling the shots" on the prosecution of the case since Swartz's arrest. Both cited a letter from Swartz's attorneys to the Department of Justice.[21]
The lead prosecutor in Mr. Swartz's [federal] case, AUSA Stephen Heymann ... and [Secret Service] Agent Pickett directed and controlled the investigation of Mr. Swartz from the time of [his] arrest on January 6 ... Heymann's involvement in the case had commenced very early in the investigation.
On April 13, 2011, as part of their investigation, federal authorities interviewed Swartz's former partner, Wired journalist Quinn Norton; she penned an article, "Life Inside the Aaron Swartz Investigation," detailing her experiences in the case.[22] [23]
I mentioned ... a two-year-old public post on ... Aaron's blog. It had been fairly widely picked up by other blogs. I couldn't imagine that these people who had just claimed to have read everything I'd ever written had never looked at their target's blog, which appeared in his FBI file, or searched for what he thought about "open access." They hadn't.
So this is where I was profoundly foolish. I told them about the Guerilla Open Access Manifesto. And in doing so, Aaron would explain to me later (and reporters would confirm), I made everything worse.[22]
On July 19, 2011, the July 11th federal indictment[1] [12] was unsealed, charging Swartz with two counts of fraud and two counts related to accessing and damaging a protected computer.[1] According to the indictment, Swartz surreptitiously attached a laptop to MIT's computer network, which ran a script named "keepgrabbing.py",[1] allowing him to "rapidly download an extraordinary volume of articles from JSTOR."[1] Prosecutors in the case said Swartz acted with the intention of making the papers available on P2P file-sharing sites.[1]
Swartz surrendered to authorities, pleading not guilty on all counts, and was released on $100,000 unsecured bail. After his arrest, JSTOR released a statement saying that though it considered Swartz's access to be a "significant misuse" committed in an "unauthorized fashion," it would not pursue civil litigation against him; MIT did not comment on the proceedings.
The New York Times wrote of the case: "a respected Harvard researcher who also is an Internet folk hero has been arrested in Boston on charges related to computer hacking, which are based on allegations that he downloaded articles that he was entitled to get free."[24] The Awl similarly commented that "Swartz is being charged with hacker crimes, not copyright-infringement crimes, because he didn't actually distribute any documents, plus JSTOR didn't even want him prosecuted."
Assistant U.S. Attorneys Stephen Heymann and Scott Garland were the lead prosecutors, working under the supervision of U.S. Attorney Carmen Ortiz.[1] [25] [26] The case was brought under the Computer Fraud and Abuse Act, which was passed in 1986 to enhance the government's ability to prosecute hackers who accessed computers to steal information or to disrupt or destroy computer functionality.[27] "If convicted on these charges," said Ortiz, "Swartz faces up to 35 years in prison, to be followed by three years of supervised release, restitution, forfeiture and a fine of up to $1 million."
On September 12, 2012, the prosecution filed a superseding indictment adding nine more felony counts.[28] George Washington University Law School Professor Orin Kerr, writing on the legal blog Volokh Conspiracy, opined that the risk of a maximum sentence in Swartz's case was not high.[29] In an interview with Boston's WBUR, retired federal judge Nancy Gertner said a sentence of 35 years for a case like Swartz's "never occurs." She questioned the propriety of pressing these charges at all. Referring to decision-making by Ortiz's office, she said "this is the example of bad judgment I saw too often," suggesting that a two-year diversion program leading to expunged charges would have been more fitting.[30]
Swartz's attorney, Elliot Peters, stated that prosecutors at one point offered a plea deal of four months in prison and pleading guilty to 13 charges, and warned that if Swartz rejected the deal, future deals would be less attractive;[31] and that two days before Swartz's death, that "Swartz would have to spend six months in prison and plead guilty to 13 charges if he wanted to avoid going to trial."[32] Under the six-month deal, after Swartz pled guilty to the 13 charges, the government would have argued for a six-month sentence, and Swartz would have argued for a lesser sentence; the judge would then be free to assign whatever sentence the judge thought appropriate, up to six months.[33] Peters later filed a complaint with the DOJ's Office of Professional Responsibility, stating that if Swartz didn't plead guilty, Heymann "threatened that he would seek for Mr. Swartz to serve seven years in prison," a difference in duration Peters asserts went "far beyond" the disparity encouraged by the plea-bargain portion of the Federal Sentencing Guidelines.
Andy Good, Swartz's initial lawyer, told The Boston Globe: "I told Heymann the kid was a suicide risk. His reaction was a standard reaction in that office, not unique to Steve. He said, 'Fine, we'll lock him up.' I'm not saying they made Aaron kill himself. Aaron might have done this anyway. I'm saying they were aware of the risk, and they were heedless."[34]
Marty Weinberg, who took the case over from Good, said he nearly negotiated a plea bargain in which Swartz would not serve any time. "JSTOR signed off on it," he said, "but MIT would not."
Two days before his death, JSTOR announced on January 9, 2013, that it would make "more than 4.5 million articles" available to the public free of charge. The "Register & Read" service, in beta for the previous 10 months, was capped at three articles every two weeks (78 per year), readable online only, with some downloadable for a fee.[35] [36]
After his death, Ortiz's office dismissed the charges against Swartz.[37] [38] She said, "This office's conduct was appropriate in bringing and handling this case ... This office sought an appropriate sentence that matched the alleged conduct—a sentence that we would recommend to the judge of six months in a low security setting ... At no time did this office ever seek—or ever tell Mr. Swartz's attorneys that it intended to seek—maximum penalties under the law."[39] [40]
On January 12, 2013, Alex Stamos, a computer forensics investigator employed by the Swartz legal defense team, posted an online summary of the expert testimony he had been prepared to present in the JSTOR case, had Swartz lived to see trial. He wrote:
If I had taken the stand as planned and had been asked by the prosecutor whether Aaron's actions were "wrong," I would probably have replied that what Aaron did would better be described as "inconsiderate." In the same way it is inconsiderate ... to check out every book at the library needed for a History 101 paper. It is inconsiderate to download lots of files on shared wifi ...[41]
U.S. Attorney Ortiz asserted after the 2011 indictment that "stealing is stealing, whether you use a computer command or a crowbar, and whether you take documents, data or dollars. It is equally harmful to the victim, whether you sell what you have stolen or give it away."[42]
At a January 24, 2013, memorial for Swartz, Carl Malamud recalled their work with PACER. He noted that they had brought millions of U.S. District Court records out from behind PACER's "pay wall" and found them full of privacy violations.
We sent our results to the Chief Judges of 31 District Courts ... They redacted those documents and they yelled at the lawyers that filed them ... The Judicial Conference changed their privacy rules.... [To] the bureaucrats who ran the Administrative Office of the United States Courts ... we were thieves ...
So they called the FBI ... [The FBI] found nothing wrong ...
"Was the overly aggressive posture of the Department of Justice prosecutors and law enforcement officials," he asked, "revenge because they were embarrassed that — in their view at least — we somehow got away with something in the PACER incident? Was the merciless JSTOR prosecution the revenge of embarrassed bureaucrats because they looked stupid in the New York Times, because the U.S. Senate called them on the carpet?"[43]
Former Nixon White House counsel John Dean wrote an article on the legal blog justia.com entitled "Dealing with Aaron Swartz in the Nixonian Tradition: Overzealous Overcharging Leads to a Tragic Result", saying "these are not people who are conscientiously and fairly upholding our federal laws. Rather, they are typically authoritarian personalities who get their jollies from shamelessly beating up on unfortunate people like Aaron Swartz."[44]
George Washington University law professor Orin Kerr wrote on January 15, 2013, that "the charges brought here were pretty much what any good federal prosecutor would have charged."[45] [46] Duke University law professor James Boyle replied in The Huffington Post: "I think that in [Kerr's] descriptions of the facts [and of] the issues surrounding prosecutorial discretion ... he tends ... to minimize or ignore facts that might put [Swartz] in a more favorable light."[47]
In response to a piece by Larissa MacFarquhar in the New Yorker, retired journalist Jane Scholz objected to what she perceived as an effort "to turn Swartz into a hero for facing government prosecution after hacking the JSTOR archive", arguing that "Swartz was apparently familiar with laws protecting proprietary-information-management systems, so he should not have been surprised by the severity of the prosecution's response to his crime. It is a crime, and not a victimless one. I am a retired journalist; during my working years, my salary depended, and today my pension relies, on people paying for copyrighted content. In recent years, as the business that supports journalism has declined, thousands of journalists have lost pay, benefits, and, ultimately, their jobs. [... ] I find it ironic that Swartz made several million dollars selling the rights to his own copyrighted programming to Conde Nast. Swartz's is a sad story, but it's not a heroic one." Law professor Mike Maddison commented on Scholz's letter: "it is difficult to find a better example of the glib equation of 'my career isn't the success that it once was' and 'somebody committed a crime' that infects contemporary dialogues about IP rights."[48]
David Aaronovitch noted in The Times that JSTOR was itself a "product of philanthropy" but that it had to charge access fees so that it could pay academic publishers for rights to their publications. He decried the "reckless" behavior of a generation which "cannot be persuaded—yet—that copyright matters".[49]
In contrast, Peter Ludlow in The Chronicle of Higher Education argued that due to the publish or perish nature of academia and the importance that journals' reputations have, "[w]hen an academic signs away copyright to an academic publisher, it amounts to a 'contract of adhesion'—meaning a contract in which one party has all the power and it was not freely bargained" and that "like the original authors, JSTOR had to negotiate its licensing agreements from a position of weakness", which Ludlow illustrated with a bargaining agreement from JSTOR's history, which stipulated that the publishers "be compensated if there was a loss to their (minimal) sales of rights to older materials, and they demanded compensation even before JSTOR covered its own expenses". Ludlow concluded that "Until academics get their acts together and start using new modes of publication, we need to recognize that actions like Aaron Swartz's civil disobedience are legitimate."[50]
Rob Weir, who describes himself as an "associate editor of a very small journal", writes in Inside Higher Ed that "Many wonder why money accrues to those whose only 'creation' is to aggregate the labor of others, especially when some form of taxpayer money underwrote many of the articles. That's a legitimate concern, but defending Swartz's method elevates vigilantism above the rules of law and reason." While he concedes that "JSTOR charges university libraries a king's ransom for its services", he also argues that "even a modest journal is expensive to produce" and that "if you want anyone to read your journal, you'll give it to JSTOR or some other aggregator. Unless, of course, you can drum up lots of free advertising". He concludes that the "information wants to be free" adage fails to account for the "hidden costs within the culture of free", and proposes that "there ain't no such thing as a free lunch" is the appropriate summary of production costs in the Information Age, which he transmutes to "if you can't do the time, don't do the crime" for "hackers and info thieves".[51]
Tim Wu, writing in The New Yorker, called out what he perceived as lack of proportionality, writing that "The act was harmless — [... ] meaning that there was no actual physical harm, nor actual economic harm. The leak was found and plugged; JSTOR suffered no actual economic loss. It did not press charges. Like a pie in the face, Swartz's act was annoying to its victim, but of no lasting consequence."[52] Wu went on to compare Swartz's act with that of Steve Jobs and Steve Wozniak, who, according to Wu, "in the nineteen-seventies, committed crimes similar to, but more economically damaging than, Swartz's. Those two men hacked AT&T's telephone system to make free long-distance calls, and actually sold the illegal devices (blue boxes) to make cash. Their mentor, John Draper, did go to jail for a few months (where he wrote one of the world's first word processors), but Jobs and Wozniak were never prosecuted. Instead, they got bored of phreaking and built a computer. The great ones almost always operate at the edge" writes Wu, in support of this thesis that "We can rightly judge a society by how it treats its eccentrics and deviant geniuses—and by that measure, we have utterly failed [in the case of Swartz]."[53]
After Boyle's Huffington Post column, Kerr returned to the topic, advocating reform of the Computer Fraud and Abuse Act (CFAA) under which Swartz was prosecuted. "The problem raised by the Swartz case is ... [that] felony liability under the statute is triggered much too easily. The law needs to draw a distinction between low-level crimes and more serious crimes, and current law does so poorly ..."[54]
Chris Soghoian, a technology policy analyst at the American Civil Liberties Union, argued similarly, "Existing laws don't recognise the distinction between two types of computer crimes: malicious crimes committed for profit ... and cases where hackers break into systems to prove their skillfulness or spread information that they think should be available to the public."[55] Jennifer Granick, Director of Civil Liberties at the Stanford Center for Internet and Society, both defended Swartz and challenged the scope of the law under which he was prosecuted.[56] [57]
Law professor Stephen L. Carter agrees that the prosecution of Swartz was ridiculous, but also lays the blame on Congress for creating a new type of federal felony roughly every week.[58] Carter considers that the CFAA is a good example of this phenomenon. He writes: "Enacted in the 1980s, before the Internet explosion, the statute makes a criminal of anyone who 'intentionally accesses a computer without authorization or exceeds authorized access' and, in the process, obtains financial information, government information or 'information from any protected computer. Carter then gives the following example: "You're sitting in your office, when suddenly you remember that you forgot to pay your Visa bill. You take a moment to log on to your bank account, and you pay the bill. Then you go back to work. If your employer has a policy prohibiting personal use of office computers, then you have exceeded your authorized access; since you went to your bank website, you have obtained financial information. Believe it or not, you're now a felon. The likelihood of prosecution might be small, but you've still committed a crime." Carter further writes that the problem with the statute was well-known, and that "some federal courts have given the statute's language a narrow construction, but others have read it broadly, and the Obama administration has opposed efforts in Congress to narrow its scope. Alex Kozinski, chief judge of the U.S. Court of Appeals for the Ninth Circuit, warned in an opinion last spring [of 2012] the government's position 'would make criminals of large groups of people who would have little reason to suspect they are committing a federal crime.[59]
On January 11, 2013, two years after his initial arrest, Swartz was found dead in his Brooklyn apartment, where he had hanged himself.[60] [61]
Speaking at his son's funeral, Robert Swartz said, "[Aaron] was killed by the government, and MIT betrayed all of its basic principles."[62] Mitch Kapor posted the statement on Twitter.[63] Carmen Ortiz's husband, IBM executive Tom Dolan, replied through his own Twitter feed, @TomJDolan, "Truly incredible that in their own son's obit they blame others for his death and make no mention of the 6 month offer."[64] In Esquire, Charlie Pierce wrote that "the glibness with which her husband and her defenders toss off a 'mere' six months in federal prison, low-security or not, is a further indication that something is seriously out of whack with the way our prosecutors think these days."[65]
Contacted by The Guardian, Ortiz's spokesperson had "no comment" to make on the matter;[64] Reuters reported being unable to contact Dolan. On January 16, 2013, Ortiz released an official statement, in which she reiterated that "I must, however, make clear that this office's conduct was appropriate in bringing and handling this case," and that her subordinates "took on the difficult task of enforcing a law they had taken an oath to uphold, and did so reasonably."[66]
In 2013, Zoe Lofgren and Ron Wyden advanced a legislative proposal called "Aaron's Law" to amend the CFAA in order to eliminate the aforementioned vagueness and also eliminate the "redundant provisions that enable a person to be punished multiple times ... for the same crime". In an opinion piece for Wired magazine, they wrote that "This is, in fact, what happened to Aaron Swartz — more than a third of the charges in the superseding indictment against him were under this redundant CFAA provision."[67]
On January 28, 2013, the lawyers for Swartz's estate sent a letter to the Justice Department accusing Assistant U.S. Attorney Stephen Heymann of professional misconduct.[68] They said Heymann "may have misrepresented to the Court the extent of the federal government's [early] involvement in the investigation."[69]
Emails and reports further illustrated ... that AUSA Heymann was himself involved in the investigation even before Mr. Swartz was arrested on January 6, 2011.
The lawyers also said Heymann "abused his discretion when he attempted to coerce" Swartz into pleading guilty:
Swartz ... naturally felt extreme pressure to waive his rights ... The difference between an offer of four months and a threat of seven years went far beyond the minimal reduction ... that should properly have applied for [a defendant's] "acceptance of responsibility" under the Sentencing Guidelines.
On March 15, the lawyers asked the federal court to modify the protective order on Swartz's file to permit public disclosure of the discovery materials, including the names and titles of MIT, JSTOR and law enforcement employees. The lawyers said that withholding the names would make the documents "less intelligible and thus far less useful to Congress."[70] The First Assistant U.S. Attorney for Massachusetts, Jack Pirozzolo, said he was taking a role in the discussions and would be asking the court to give the affected employees an opportunity to be heard on the proposed disclosures.
The Department of Justice sought to redact the names of the prosecutors involved in the case. On April 3, 2013, a U.S. Attorney's Office spokesperson said, "Our argument against it is that not only does it have an effect on the people involved in the case, but there's also sometimes a residual effect." The Attorney's Office reported threats and hacking attempts against prosecutors already known to be involved: "threatening emails" received by Ortiz and Heymann, the hacking of Heymann's Facebook account and that "Heymann's father, a Harvard professor, received a postcard with his photo in a guillotine".[71] The postcard and some email excerpts were published by Wired magazine.[72]
On May 13, 2013, the court granted the estate's motion in part, permitting public disclosure of much of the material the estate's lawyers had sought to have unsealed, provided that the names of MIT and government employees were first redacted. The estate's argument for disclosure of these names was "substantially outweighed by the interest of the government and the victims in shielding their employees from potential retaliation," wrote Judge Nathaniel Gorton. The judge also ruled that information disclosing details of computer network security at MIT should not be made public.[73] The prosecutors and Swartz's lawyers were ordered to propose the terms of the disclosures and redactions by May 27, 2013.[73]
Kevin Poulsen filed a FOIA lawsuit and in November 2013 obtained the release of 130 pages from the file that the US Secret Service has on Swartz, out of approximately 20,000 pages that the agency has in relation to Swartz.[74]
Of Heymann, BuzzFeed has noted: "Back in 2008, young hacker Jonathan James killed himself in the midst of a federal investigation led by the same prosecutor."[75]
In January 2013, WikiLeaks claimed through its Twitter account that Swartz had been in contact with Julian Assange through 2010 and 2011, and that Swartz may have been a source of leaked materials.[76] If true, this would offer an explanation as to why charges against Swartz were pursued by the federal government despite JSTOR dropping charges and urging that the government and MIT do the same.[77]
The MIT network administration office told MIT police that "approximately 70 gigabytes of data had been downloaded, 98% of which was from JSTOR."[10] The first federal indictment alleged "approximately 4.8 million articles ... 1.7 million [of which] were made available by independent publishers for purchase through JSTOR's Publisher Sales Service."[1] The superseding indictment characterized the amount as "a major portion of the total archive in which JSTOR had invested ... " removing the estimates.[78]