Tuesday, January 15, 2013

Inspector Javert

Corrupt public officials can do a good deal of damage, but the over zealously self-righteous can be even more dangerous, armed as they are with moral certainty. U.S. District Attorney Carmen Ortiz and her deputy Stephen Heymann played the role of Inspector Javert in the case of Aaron Swartz, the brilliant computer scientist who was driven to suicide by their vicious prosecution of what was in effect a harmless prank.

Emily Bazelon:

Swartz was accused of going into an unlocked computer-wiring closet at MIT in September 2010, changing an IP address on a university computer, and using it to download the papers from JSTOR, which normally charges per article or per subscription. Why did Swartz monkey around this way with JSTOR? I’m not sure he ever explained this particular act, but it’s not wholly surprising given his record of passionate advocacy for freeing information online. He’s the guy who also figured out a way to download 20 percent of the government’s federal court database, PACER, another giant repository of information that charges user fees

For this, Swartz was charged with fully 13 counts of violating the Computer Fraud and Abuse Act, which meant he faced millions of dollars in fines and up to 35 years in prison. This law is notoriously capacious. Prosecutors can stretch it to cover misdeeds that would otherwise barely qualify as illegal....

In a detailed and convincing post, Alex Stamos, the expert witness who was planning to testify for Swartz at trial, points out that MIT deliberately operates an “extraordinarily open network” with few controls to prevent abuse. Any visitor can register, and it’s easy to bypass the controls that do exist by assigning yourself an IP address, according to Stamos. There are no terms of use or definition of abusive practices. And when Swartz downloaded the JSTOR articles, “the JSTOR website allowed an unlimited number of downloads by anybody” on MIT’s network. There were no controls for catching bulk downloads. And so, Stamos concludes,

Aaron did not “hack” the JSTOR website for all reasonable definitions of “hack.” Aaron wrote a handful of basic python scripts that first discovered the URLs of journal articles and then used curl to request them.

Few things are more dangerous than government officials who abuse their powers. Fire Ortiz. Fire Heymann. Somebody at MIT needs to walk the plank too.