Rogue Academic Downloader Busted by MIT Webcam Stakeout, Arrest Report Says
wired.com"For its part, JSTOR says it worked with Swartz’s lawyers to get the data back[...]"
Interesting way of putting it. I would have said "removing the data from his possession"
Interesting way of putting it. I would have said "removing the data from his possession"
This is part of a standard narrative to treat copyright infringement as theft analogous to theft of "tangible" traditional property. You will also notice terms like "documents were stolen" in the original indictment. Although to be fair to JSTOR, their official statement did not use such (imho) misleading language.
To really increase the realism of the metaphor, in the future when such content is stolen, they should refuse to serve it to library users. They could explain that, regrettably, the journal issue I seek is currently missing due to a recent theft, and assure me that they are working as fast as possible to recover the stolen documents.
My local library is like that. I've had to wait on checking out a PDF because all available copies were taken.
Yay, future!
Pleas please please tell me this is a joke? Set numbers of PDF checkouts? I don't know if I should weep or vomit.
Physical books impose a natural limit on the number of simultaneous checkouts. If a book is very popular, the library will buy more copies to accommodate demand. If a PDF is popular, the publisher expects the library to buy more copies.
It's artificial scarcity, but this is hardly new. The number of books in a library was never limited by the cost of paper.
Artificial scarcity is possibly one of the most perverse things to come out capitalism.
The particular 1 bits he took were of unusually high quality.
"We secured from Mr. Swartz the content that was taken..."
http://about.jstor.org/news-events/news/jstor-statement-misu...
That's a fair point. I'll be more careful next time.
manhunt for a slender guy with a backpack riding a bike on MIT’s campus
Well that must've narrowed it right down.
OMG he's still here!
Authorities still on the lookout for a possible accomplice, described as "Asian, approx. 20 yrs. old, wearing a T-Shirt."
>The two MIT officers and Special Agent Pickett then tried to stop Swartz, who jumped off his bike and ran away, only to be caught and handcuffed by the Secret Service Agent, according to the report.
RUN FASTER. I really can't stress this enough. The reason he got caught is because he didn't run fast enough. If you're going to do stuff like this, LEARN TO RUN FAST. Cops are fat and slow. You can usually get away from them, especially in a place like MIT.
Look at that kid! That is not a fast-looking person. Run faster, guys.
Ha, I was just thinking the same thing. Also, if we're talking pure logistics, don't jump off the BIKE either.
Perhaps we should consider the fact that the secret service was involved.. I bet that guy is pretty fast. I don't know why I think that though, just seems more "tough".
Another thing: Aaron is a really important person to have writing/researching/hacking outside of prison. Surely it's a net win to just pay a faster/sneakier kid to do this for him? Do you think he thought for one second he might get caught?
35 YEARS IN PRISON? Avon Barksdale is only serving seven! :)
They might ask for 35 years but if the judge gives him 35 years i'd go out to the prison with some free Aaron signs and do a hunger strike.
I'm sure I wouldn't be the only one. That would be outrageous. Actually any jail time would be ridiculous, he's not a dangerous person at all.
There are many crimes for which you can go to jail even though you are not a dangerous person.
Yes, but crimes that have the potential to benefit people without hurting anyone else?
Some of them - not all. Just look at all those drug-related laws.
It is just me, or does a 35 year old prison term sound CRAZY? Never mind the proposed monetary fine... the punishment just doesn't seem to fit the crime. It's outrageous.
To put things into perspective...
- Swartz, 24, faces 35 years in prison and a $1 million fine under the indictment.
- Anders Breivik killed at least 76 people, and the maximum punishment under Norwegian law is 21 years (albeit with the option to extend it for 5 years each after that).
Who committed the bigger and more serious crime here??
Its a false comparison due to different legal systems. In the US Breivik would be facing multiple life sentences or the death penalty.
Drugs still hurt people. DOSing a library doesn't. Obviously that depends on which drugs and how many, and maybe the laws are a little "one-size-fits-all" here.
... especially in the US
And all of those are instances of unjust punishment.
I'm reminded of the Boston Legal episode where the defendant kills his mother and they argue that he's not a danger to society because he only had one mother and is therefore not going to repeat his crime.
More seriously, I'm not sure if I should interpret your statement to mean that white collar criminals are dangerous or that they should never go to jail.
Someone mentally unhinged enough to kill his own mother clearly is a danger to society though, unless there was a strong case that she deserved it. In that case, sure. No sense in putting him in physical harms way by putting him in jail.
Imprisonment as a punishment is a horrendously barbaric concept, particularly considering the current state of the American prison system. White collar criminals, or any color collar, if not a physical danger to society, should never be sent into those hellholes.
Prisons should be used solely for isolation. People like Charles Manson clearly need to be detained. Treatment, where deemed possible and necessary, should be done in proper medical facilities. People who don't need treatment and are not a danger to society should be in neither.
If their crimes are financial, punish them financially. Strip them of their assets and garnish their wages. It works for deadbeat parents (who I absolutely oppose putting into prisons).
I agree with this. I think better ways could be found for them to repay their debt to society. It would be cheaper also.
I'm sure I wouldn't be the only one.
But I am sure you would be one of very few. This is sadly the world we live in.
"35 YEARS IN PRISON? Avon Barksdale is only serving seven! :)"
So... where is tptacek assuring us all that he won't spend a night in jail?
35 years is the upper limit for wire fraud. Hopefully, that should only be used on people who cause serious privacy violations, national security leaks, massive data loss, etc.
Actually, if he's accused of wire fraud, his lawyers might get him off; as I don't think he did anything fraudulent. At what point did he misrepresent a fact, which was relied upon by the victim causing losses? He lied about his name, but that didn't cause the loss. He lied about his IP number, but I think he simply represented his IP number to be a "John Doe" - any other number than the one that was blocked; not the IP number of a privileged user. I would debate that nobody expects your IP number to remain constant under all circumstances anyway, unless you have a privileged IP which the admins have specifically greenlisted.
So how did his "lies" (dummy name, and maybe a dummy IP number) cause any losses?
And is changing your IP number to some other random IP (once or twice, not in an automated way) really misrepresenting a material fact?
You ruined The Wire for me. I just started watching season 1.
He ruined 1% of it. Keep going :)
Dumbledore kills McNulty!
Omar died :(
US Federal agents, particularly those deployed in the field, are generally not 'Fat and Slow' cops.
How about the most basic IDS on the laptop? He really should have know it was taken from the closet (and its network connection) and then replaced. Personally, I'd have been more patient and used wifi. Or one of these: http://en.wikipedia.org/wiki/SheevaPlug
Yeah, a throwaway computing device in the network closet, which he then pulled the data from over the net (or, even better, which then uploaded the data to another server) would have dramatically reduced the risk he took.
It's 20/20 hindsight, though. It's obvious from the way he behaved that he didn't think this was anywhere near as big a deal as it's turned out to be. And I might have easily made the same mistake.
Well, he's accused of hiding his face from surveillance cameras by holding his bike helmet up to his face and looking through the ventilation holes. You don't do that if you don't think it's a big deal, no?
A bicycle helmet? I might hold a helmet over my face if I were joking around or playing a prank. If I were serious (though I highly doubt I'll end up in such a situation), I would be using something other than a bicycle helmet.
It's hard to believe they'd go to all of this effort to catch someone who'd placed a laptop in an unmarked closet. There was no indication that a student was not allowed in the area, according to my reading.
In hindsight we can think of lots of ways to defend against this kind of detection, but which of us would really think they would get the Secret Service involved to catch a person who was downloading public domain documents under a legal license awarded to the library of one of the most tech-savvy places in the world? It really should have been expected that something like this would happen. It's almost conceivable that it's not really unusual to see MIT students going to a wired connection in a network closet if necessary.
While there are lots of ways to keep things private, most of us aren't constantly on maximum guard. There has to be a cost-benefit analysis, and apparently someone at JSTOR has friends high up.
...person who was downloading public domain documents...
I hate being pedantic[1] but I keep seeing people make this mistake: JSTOR is not just public domain works, and there is no indication that the downloading was limited to public domain works. I think people are getting confused due to the release (by someone else) of a torrent of public domain material from JSTOR, but that's not a torrent of what Aaron downloaded.
[1] Not really, but I hate that I don't hate it.
"I hate being pedantic[1] but I keep seeing people make this mistake: JSTOR is not just public domain works, and there is no indication that the downloading was limited to public domain works."
I'd like to tweak the presentation here. Many of the comments I keep seeing (including here on HN) seem to go with the take that
1. That it positively did include works that weren't in the public domain. There doesn't seem to be any indication that this is the case. 2. That Swartz intended to distribute content downloaded from JSTOR not in the public domain. Given the credentials and history of the person in question, it just doesn't seem to be a rational conclusion that Swartz's visions of the future included consciously distributing infringing material (nor the consequences that would go along with it).
1. That it positively did include works that weren't in the public domain. There doesn't seem to be any indication that this is the case.
It's stated in the Wired article that "much of what Swartz is accused of downloading from JSTOR is copyrighted".
It's stated in JSTOR's statement that "The downloaded content included more than 4 million articles, book reviews, and other content from our publisher partners' academic journals and other publications". (Elsewhere the size of the total JSTOR library is said to be over 6 million.)
The indictment states that downloads included "approximately 4.8 million articles, a major portion of the total archive in which JSTOR had invested. Of these, approximately 1.7 million were made available by independent publishers for purchase through JSTOR's Publisher Sales Service."
2. That Swartz intended to distribute content downloaded from JSTOR not in the public domain.
I'll grant that the absence of detail on this claim in the indictment makes it very debatable. However, it's hard to fit any explanation about his intentions to the facts as we know them without making major assumptions about information we don't have.
For instance, many people assume the downloading was for legitimate research. Not unreasonable on the face of it (given, as you say, credentials and history) but then, why does a Harvard research fellow need to covertly access JSTOR from MIT? And not just access, but download two thirds of it? There may be an entirely legitimate answer to that, but if so, it can't be gleaned from the information we currently have available.
> It's stated in the Wired article that "much of what Swartz is accused of downloading from JSTOR is copyrighted".
I'll ignore this for the moment (or at least regard it as "dubious"), and I hope it's obvious why. If we do ignore it, let's see if it's possible for the other two citations you provide here take on a different character in its absence:
> It's stated in JSTOR's statement that "The downloaded content included more than 4 million articles, book reviews, and other content from our publisher partners' academic journals and other publications".
> The indictment states that downloads included "approximately 4.8 million articles, a major portion of the total archive in which JSTOR had invested. Of these, approximately 1.7 million were made available by independent publishers for purchase through JSTOR's Publisher Sales Service."
The claims about partners only means that there were publishers and other organizations supplying content to JSTOR (and were probably selling that content through their own, unrelated channels.) This does not preclude the content in question being entirely public domain content. Given the other characterizations in the indictment, I suspected it of being an instance of deliberately giving an impression of something that doesn't match what really happened while carefully skating on the edge of truthfulness. (I.e., "Yeah, partners were making it available for purchase, but, oh, did we fail to mention that it's public domain anyway?")
A closer reading, though, lends credence to still-in-copyright works being in the mix, if you treat "major portion" as being synonymous with "majority" (used correctly), and even more starkly and convincingly, in light of the numbers you provide.
Here are some more numbers provided by JSTOR: 7 million items online across 44 million pages as of February 2011 <http://about.jstor.org/about-us/jstor-numbers >.
[In case you can't tell, what I'm really saying is you've got me convinced.]
> However, it's hard to fit any explanation about his intentions to the facts as we know them without making major assumptions about information we don't have.
One such assumption you could make is that he was operating under the modus of grabbing what was possible and sorting it all out later. It doesn't seem to even qualify as a stretch. Given a similar line of thinking of mine in the past for a similar operation (involving databases operated by Gale Group), I certainly don't have any trouble maintaining this assumption for myself (and to myself). There is a detail that gives me pause, though...
> but then, why does a Harvard research fellow need to covertly access JSTOR from MIT
Damned good question.
> And not just access, but download two thirds of it?
Well, is there really any question here? I think it's safe to say that, were it not for a thorny interruption, Swartz was probably aiming for something closer to three thirds of it.
This is a photo of the closet: http://i51.tinypic.com/2v96u61.jpg.
This doesn't look particularly welcoming, and there's no norm at MIT that suggests it's okay to enter locked IS&T wiring closets.
Also, FYI, this warning is on pretty much every door of the Institute: http://i51.tinypic.com/23hlsft.jpg
second lesson - use wireless. One laptop (or better - "gumstix" http://www.gumstix.com/ ) reads and transmits. Another, not physically connected, not in the same room, etc. - receives.
"... RUN FASTER. I really can't stress this enough. The reason he got caught is because he didn't run fast enough. If you're going to do stuff like this, LEARN TO RUN FAST. Cops are fat and slow. ..."
Got COM?
COM?
"... Repeat. - You got com? -All units ..."
Translates as 'do you have communications?'. A standard Mil question you might be asked at any time, "Got Com?". If you do, this means any person giving chase will have the means to convey information for others to pursue. Making running away futile.
[0] http://en.wikipedia.org/wiki/Starship_Troopers_%28film%29
"And real gangsta-ass niggas don't run for shit, 'cause real gangsta-ass niggas can't run fast" -- Geto Boys, "Damn it Feels Good to be a Gangsta"
I see the anti-cop contingent from reddit has finally arrived. Seriously, for your sake, I hope you are just trolling.
If you haven't noticed police skepticism on HN until now, you haven't been paying a lot of attention! It tends to go across the civil-liberties-leaning political spectrum. Before the left-leaning Reddit had a subreddit on cop abuses, the libertarian magazine Reason (reason.com) had them as a regular feature. And of course many of us read Bruce Sterling's The Hacker Crackdown as kids, and I wouldn't say that I mainly sympathized with the "crackdown" side when reading it...
There's nothing wrong with police skepticism or discussing libertarianism. Calling cops dumb and fat and saying you can avoid arrest by running faster... ehmm... what the hell passes for intelligent discussion on here now?
"saying you can avoid arrest by running faster"
Is that false? If they cannot catch you, how can they arrest you?
By ID'ing you from video from any of tens of cameras in the area, coming to your house, arresting you there, and then charging you with resisting arrest.
And in the (lets face it, relatively unlikely) case that you have some degree of fame already, that will likely work. However in the general case, elude arrest for the first initial hours after a non-news worthy crime and you will never be arrested. The best way to do this in the worst case scenario? Run.
People have the tendency to greatly overestimate the usefulness of security camera footage in solving crime. Personally, I blame Hollywood.
http://www.guardian.co.uk/uk/2008/may/06/ukcrime1
http://www.thisislondon.co.uk/news/article-23412867-tens-of-...
http://en.wikipedia.org/wiki/Assassination_of_Mahmoud_Al-Mab...
It is categorically false. Police have radios, backup units, plainclothes units, dogs, helicopters, and some level of support from just about every citizen on the street. Where this happened, you are smack in the center of Cambridge in broad daylight with hundreds of witnesses and nearby patrol units. You can't outrun every witness on the street, or the officers summoned to the block ahead of you. It is absolutely ludicrous.
But for the sake of argument, let's assume he is the next Jason Bourne and manages to elude all of Cambridge, Boston, and MIT police on bicycle. What then? They clearly identified him on the street, so he knows they have his face. They also have his prints from the laptop, and the FBI probably has those filed from the PACER incident, so pulling his complete identity is only a matter of time. Staying at his job and place of residence is therefore out of the question. Does he pull a Whitey Bulger and go into hiding in some remote corner of the US? Give up contact with everybody that ever knew him and change his identity? Even Whitey got caught after 17 years, how long do you give a mild-mannered 24 year old with no ties to the criminal underworld? "Running faster" is only putting off the inevitable and adding charges to the docket.
In this particular case, he was clearly boned. In the general case, RUN. Being in the middle of a city only helps you.
I say this as someone who has never been arrested.
Cops don't need our support. They have guns for that.
Throwing a constant stream of criticism at those in power keeps the system healthy. There is no reason to let them rule over us and heap them with praise.
Sentencing a criminal to jail is theoretically supposed to be for the good of society. So in a case like this, they'd better ask themselves if society would ultimately benefit from having him behind bars.
The actual damage done here was negligible, especially considering the questionable locking-down of the content in the first place (i.e. maybe it should always have been free, and it was still valued at only $50,000 by the school, not $1 million). Swartz maybe did something stupid, but his ability to contribute to society is still far greater out of jail than in. There is also every bit of evidence to suggest that his intent is to contribute positively to society.
In other words, if he serves more than a few months in jail for this, or is actually asked to pay a million dollars, I will be incredibly disheartened by the "legal" system.
The two main theories of justice in the US is retribution and deterrence. Applying these two theories to the case here it isn't totally unreasonable for him to be punished.
I feel that deterrence is a stronger argument here - maybe you are right in that he'll be a net positive anyway as a free man, but there is some validity in that it will make the next guy who wants to secretly install laptops in server closets to think twice.
He could argue that he created $50,000 of value since now there's 2 copies.
(and maybe pay the fine with 20 copies of the database)
I smell a way to solve the debt crisis here...
Oh, how I wish you were right about "for the good of society". I completely agree with you. However, a large section of the rest of the world talks a lot about "justice", which as far as I can tell means do they deserve to go to jail, which usually gets simplified to, did they break the law.
He did something stupid? He knowingly and willfully tried to go around the University block. I don't think I would send him to jail. A HEFTY fine and some community service would do.
I feel safe knowing the Secret Service was on the case. Wouldn't want any of that published scientific knowledge falling into the hands of the public, after all.
Totally blowing things out of proportion. 35 years? Secret Service? Just for JSTOR data...it's unusual punishment
Everything Aaron does is out of good intentions. I know, I've worked with him before.
His crime isn't "borrowing" the data...it's getting caught.
His crime is also having those good intentions relate to opposing the current political establishment.
There's no proof whatsoever that this arrest was politically motivated. aaronsw's furtive behavior really muddies the waters here - if my sysadmin found a similar laptop in a server closet I would also have called the cops.
I agree, his arrest was probably not politically motivated. However, I believe the way the authorities proceed with prosecution and punishment will be influenced by Aaron's other activities.
35 Years seems a little over the top.
Gilbert Bland Jr traveled to university libraries around the country for years, stealing maps from irreplaceable antique books, by physically removing them with a razor blade. The total value of the maps that the FBI was eventually able to recover was over $500,000. In the end he paid $70,000 and served 17 months in prison.
This is a general trend, dating to the 80s, of treating Scary Computer Stuff as somehow much more dangerous than other kinds of stuff.
Related: the kids who ran LOIC to send a few megabytes of data to some websites are being charged with crimes that carry more jail time than is typically given to people who throw bricks through windows as part of a protest. Heck, you could probably burn a cop car without being in greater trouble.
35 years is the maximum possible sentence according to the law assuming he were found guilty on all counts and given the maximum sentence for each.
For comparison, Bland was facing a maximum sentence of 120 years. (Six charges of up to twenty years each.)
Spy magazine once did an article, where the reporter documented himself committing dozens of innocuous looking acts in public, all designed to accrue ridiculous amounts of jail time.
Swartz is a genius. His writings are brilliant. This is just stupidity.
JSTOR didn't get those documents through magic or witchcraft. However they collected them, a motivated, brilliant millionaire genius might be able to collect them as well. If they are in the public domain, then he could distribute them for free. Or, he could run around hiding laptops at MIT, and get arrested. I guess the latter is probably more exciting and more likely to get you laid.
To be clear, I think it's obscene that they are prosecuting him for this, and I think it will get thrown out in the end. Maybe he just wanted to make a political statement to get the discussion rolling. Maybe he just doesn't give a fuck.
"Rogue Academic Downloader..." Strong title for someone who you claim "He is also a general friend of Wired.com" I guess you know your real friends when you get in trouble.
It seems like a pretty unbiased and accurate description to me.
Someone should make a small, remote controlled rover with an IR light and an IR sensitive video camera, and a robotic arm. The arm is not tipped with a manipulator, but with a Cat5 plug. This rover will be paired with a quad-copter with enough power to deliver and retrieve the rover.
Anyone have access to https://floorplans.mit.edu/, or otherwise know anything about room 004T in building 16? I'm curious about signage or locks.
This is the last guy I want to see behind the bars (except of course myself).
I'm not interested in the soap opera, but I hope this serves a lesson to MIT: Always shutdown unused switch ports, and protect them with 802.1X.
Really, downvoted for this? Seriously, I'm tired of the soap opera crap.
802.1X is infinitely more interesting.
Something is missing..
Why was a Secret Service Agent on campus in the first place?
Something is just not adding up as FBI has jurisdiction not Secret Service..
Plus, what is the other 2% that was downloaded that was not JSTROR stuff?
Or ie ah do some journalism before writing the article?
They did do the journalism with respect to the jurisdiction issue. The Secret Service has jurisdiction in 'computer crimes' and 'access device fraud' via USC 18 S. 3056.
http://www.secretservice.gov/criminal.shtml
http://www.law.cornell.edu/uscode/18/usc_sec_18_00003056----...
That is not unusual. The Secret Service has a very long history of investigating computer crimes.
Indeed. They're almost solely responsible for protecting us from the hacker scourge of role playing and card game vendors: http://en.wikipedia.org/wiki/Steve_Jackson_Games,_Inc._v._Un...
That, and (in the same raid) a bunch of people who had owned up and were reconfiguring telco switches as pranks.
Not sure about the details there, and wikipedia is silent. Certainly SJG employees were active in the phreaking community. But AFAIK none were ever charged with anything. And I know with certainty no charges resulted from this raid in particular.
The whole thing was a terribly botched job, the "facts" in the warrant were a mash of giant whoppers of technobabble. It was a mess.
Did the SS have the best interests of society at heart, and might they have reasonably been fooled into thinking something was up at SJG? Yeah, probably. Did they actually do the right thing? No way.
I was thinking more like he carding and identity theft websites they've shut down, but sure
Why was a Secret Service Agent on campus in the first place?
Because only their wire taps (or laptops) are allowed in network closets... when other people do this, it is illegal ;)