Posts Tagged ‘Computer Crime’

Aaron Swartz’s MIT Mega-Download: Computer Crime, or Mere Copyright Infringement?

Posted on July 21st, 2011 • Filed under Uncategorized • No Comments

Demand Progress founder and “Internet activist” Aaron Swartz was recently indicted on a number of federal charges including wire fraud and computer fraud, reports the New York Times. The charges stem from Swartz’s use of MIT computer networks to download a huge quantity of scholarly articles from online academic journal repository JSTOR.

Swartz also received attention in 2009 for downloading a huge quantity of US court records from PACER, the federal court system’s public case records system. PACER has received a great deal of criticism because it charges fees for downloads, even though the court filings contained within are in the public domain. Swartz’s project aimed to provide access to a significant portion of these documents outside of the confines of PACER. Taking advantage of a pilot program allowing free trials of PACER at some public libraries, Swartz wrote a Perl script that allowed him to download nearly 20 million court documents – an act that got him investigated by the FBI.

Now the feds are after Swartz again, and this time it’s serious.

Swartz’s new indictment is available on Scribd. The government’s theory of the case is that Swartz committed wire fraud and computer fraud by “access[ing] a protected computer — namely, a computer on MIT’s network and a computer on JSTOR’s network — without authorization and in excess of authorized access, and [fraudulently] obtain[ing] things of value” – the academic journal articles. Additionally, the government charges Swartz unlawfully obtained information from a protected computer by “obtain[ing] from a protected computer information whose value exceeded $5,000″ – again, the journal articles – and recklessly causing damage to MIT’s computers.

The first problem with this theory is that, from the facts, MIT’s network is obviously open to at least some downloading of articles from JSTOR by guests on MIT’s premises. Swartz mightily abused these privileges, most seriously by plugging his computer into a router in a closet at MIT in order to circumvent attempts to block his laptop’s IP and/or MAC identifier. (The indictment’s account of what Swartz actually did in the closet is somewhat murky.) However, given that Swartz was using a network that allows guest access, it seems this act was more obviously literal trespassing than computer trespassing. Swartz was in a closet he presumably wasn’t allowed to be in, but when he connected his computer to that router, it appears from the indictment he was obtaining the exact same kind of access that would have been available to other guest users at MIT – access to academic journals. No rootkit access, no superuser privileges – just regular old guest user status.

The second problem with this theory is that the “information” and/or “data” Swartz downloaded is published academic research. The articles in question, and the information contained within them, are anything but secret or proprietary – they can be easily accessed at any academic library with print or online journal subscriptions.

More importantly, the idea that the articles are “information whose value exceeded $5,000″ is extremely problematic. Why? Copyright law.

JSTOR doesn’t sell academic journals to universities. It sells easy access to academic journals to universities. The contents of those journals don’t belong to JSTOR – the rights to the research available through JSTOR are distributed among huge numbers of individual copyright holders, from the journals themselves to the authors and researchers to the universities which sponsored their research.

What’s more, Swartz obviously didn’t “steal” the articles – he simply reproduced them, and he did so for non-commercial purposes. The articles remained accessible on JSTOR. Swartz’s conduct looks far more like potential copyright infringement (a civil, not criminal, offense) than criminal behavior. And it might not even be copyright infringement, as each individual download of an academic article by Swartz would arguably fall under the “scholarship or research” provisions for fair use of copyrighted material of Section 107 of the Copyright Act.

Additionally, placing a dollar value on otherwise freely and publically circulated academic research is problematic. If it would cost a layman $5,000 to access those articles through JSTOR, but nothing to access them for free in a library, is the value of the articles really $5,000? Would it ever really cost an academic researcher like Swartz more than $5,000 to access those articles? If Swartz had stopped by MIT every day for five years, downloading copies of those articles a few at a time, would he still be facing these charges?

Swartz clearly exceeded his MIT network guest privileges, and obviously did something wrong in that closet, but conceiving of PDFs of widely available academic research as Wargames-style “secret computer data” seems to me to involve a serious misunderstanding of copyright law.

Your thoughts and comments are always appreciated.

Photo courtesy Fred Benenson.