Kind of interesting, according to the case file, the PACER records were being pulled en masse during normal court hours (typically when courts are also accessing the PACER database). A user noticed that PACER was going slow and notified PACER of the apparent slowness. Looks like they investigated, shut the PACER system down and were able to detect the requests were coming from an Amazon Web Hosting account linked to Swartz.
I find this interesting because it wasn't some flag on the PACER system screaming "HEY SOMEONE IS DOWNLOADING THESE EVERY TWO SECONDS" but instead was noticed because some law clerk was irritated at how slow the server was at responding.
This is similar to how many breaches and DDoS attacks are discovered. Lots of companies have absolutely no controls to detect the most basic of flooding or spidering behavior.
Secondly: Devil's advocate, but it is a "hard problem." It is easy to look for behaviour on the system, it is very hard to look for patterns of behaviour.
I mean let's say that some of your users are normal court clerks, it wouldn't be unusual to see them sit around and pull tons of records all day every day. So how do you pick up normal requests on-mass and unusual requests on-mass?
If I was in charge of protecting such a system I wouldn't even attempt to detect this (too hard). Instead what I would do is make it impossible to get records sequentially (e.g. 1, 2, 3...9999999) instead each record had a unique randomly generated token associated with it (a UUID/GUID).
So in order for someone to gain every single record they would either need to conduct a "real" break in and steal the files, or search for every possible criteria (which, for them, becomes a huge hassle/problem).
PS - Most DDoS are, these days, against layer 3 (network). Since it is far harder to defeat a layer 3 attack (as it can literally crash a lot of network hardware). While layer 7 (software) DDoS attacks still exist, they're often conducted by less formidable adversaries and they're much easier to stop (e.g. return a JavaScript redirect instead of the normal page, most browser-users won't notice, but it will defeat a targeted attack until they re-target (and you could rename it every 10 minutes)).
The person involved wanted to create a local archive of records. An index of material was possible to obtain, but rapid sequential requests resulted in an IP block preventing further access.
Modest levels of restructuring the requests, in random sequence, with a significant (several minutes) delay between requests, and random delay, eventually succeeded in retrieving the material.
If that had failed, a distributed set of requests could have been attempted.
When I've faced issues of high (to the level of service-degrading) levels of traffic, I've found tools that allow me to aggregate requests by similar attributes, including requests coming from a defined network space (CIDR or ASN), which can be quite useful. Reading such patterns just from eyeball scans of logs is pretty bloody difficult, and tools to assist in this are ... poorly developed.
>Reading such patterns just from eyeball scans of logs is pretty bloody difficult, and tools to assist in this are ... poorly developed.
There's some enterprise software out there designed for use cases like this, but they're typically very expensive. There are also other issues, like the storage requirements of full logging of request headers and bodies if you really want to see the big picture.
Simple IP rate limiting will stop the majority of would-be scrapers/scanners in their tracks though. Especially if there's so much material that it could take days or weeks to finish a scrape if you had to add a random delay of 3 or more minutes per request.
I do network security for a large company, so I'm not talking completely out of my ass when I say you can have alerting in place to at least detect the most obvious behavior. There are also tools and even entirely inline appliances (look at RSA Silvertail) designed specifically to look for automated behavior against a web server.
Someone clever enough will be able to get around it, but it's really not hard to detect automated scanning or scraping behavior, especially if they're not delaying their requests in any way.
Stopping a layer 3/4 DDoS is another matter entirely. They're quite easy to detect but quite hard to mitigate yourself; you need your upstream provider to mitigate it for you.
Also, using Javascript interstitials against layer 7 attacks (like Cloudflare and Incapsula do in their default mode) will stop script kiddies, but they're not hard to get around if you know what you're doing. So you'd either have to, as you say, change the method every few minutes...or just use a captcha.
It depends on the pattern of the requests. If they're requesting different URLs each time, for example, then it could go under the radar for a period of time. If it's a resource where normally someone would not request more than ~15 articles in an hour (like what it might be for PACER), you can have alerting for when more than 50 articles are accessed in an hour.
Generally speaking rate limiting to that degree will help you evade detection though.
It probably wasn't Swartz's fault the servers were slow, but even if the slowness was unrelated he probably popped up in one of the queries they used to diagnose the system.
Or it was a conspiracy. Parallel construction has me freaked out too. I just don't think that it's the most likely explanation.
In light of the breezily incurious language about the person who supposedly "noticed" the supposed "slowness," I'd say it's one of those casual lies told to make a case look better and neater, and maybe hide someone who would be a troublesome witness.
What would the response be? The petition says to remove Ortiz. Not investigate. Not chastise. Not start hearings.
That's a pretty binary decision. A website survey, that could easily be gamed, that has fewer signatures than the population of a random small city, is supposed to result in completely bypassing the USC?
Most would agree with the sentiment, but the petition was failed from the moment the creator hit Submit.
The administration only responds to trivial petitions or petitions that already side with their policy. Typical. Obama claims that his is the "Most transparent administration ever"
You could actually argue that handling of these petitions is very transparent: petition text goes in, petition text comes out, and there's a null transform in the middle.
My favorite petition came right after a few of the early responses, titled "We demand a vapid, condescending, meaningless, politically safe response to this petition."
Can you really blame the guy for being politically safe? I know it sucks but it is a war of inches.
Things change with the backing of the people. The Republicans know this well and uses that reaction. They are fundamentally populist (whether you agree with them or not, they have skill here).
Absolute justice gives way to a triage. Fundamentally with out that triage nothing gets treated. It is an unfortunate reality.
It will only change, if how we work is rethought. These are the scope of the actions available in our game. The pattern has been replicated consistently through similar models in history.
It could very easily become robbing Peter to pay Paul.
*edit
Getting downvote....sigh.... I realize it is an unpopular opinion but it is a consistent pattern for republics through out human history. Please offer me a counter example to facilitate debate if you disagree.
i disagree. for one thing, he's in his 2nd term, there is no 'war of inches' to lose. when he has a political agenda, nothing stops him from shoving it through no matter what. for stuff he cares two licks about but knows his voters care about, he just retorts 'the republicans wont let me'.
He already has; odds are that he has sunk any chances of a Democratic presidential victory in 2016. A significant portion of the base that rallied for his presidency two terms in a row are disillusioned with the government they got.
That statement cuts both ways... If it is a choice between good and evil, the obvious moral choice is good. It is only a moral decision when it is between two evils.
Determining the lesser and potentially sacrificing for the common good. This the primary responsibly of any leader responsible for strategic decision making.
As you said, this means making sacrifices for the common good.
No, good and evil are clear choices.
Irradiating the flying public, taking pornographic pictures or molesting children are all evil, and Obama could have stopped that.
Domestic spying, Obama could have stopped it.
Hell closing guantanamo, he didn't even do that. And that's a straight up operation in violation of the constitution top to bottom.
We may have the choice between two evils at election time, but no politician is forced to choose evil.
Okay here is an example. Enigma machine in WW2. Do you let a city get bombed and lose 10k lives or reveal that you have broken a code and lose the war?
Numbers could be a criteria, but either way this is where moral philosophy really comes into play. I am disturbed at times how black and white many people see these decision.
Greater good is a perspective and it like anything else is we do...uncertain.
I'd venture a guess it's the TSA, with the backscatter machines (radiation), millimeter wave machines (pornographic pictures - not really but definitely privacy-invading) and groping people inappropriately, including children all having been or still being policy during the Obama administration's operation, and the president having direct control over the TSA.
Subscribe to the Org For Action mailing list and receive a few of those, and you'll see how fruitless that argument really is.
Yes, the president should stay somewhat politically neutral, lest he alienate roughly half of the population. That doesn't mean the responses can't be neutral.
Considering the emails that from from the president, his wife, and his supporters are routinely filled with provocative, if not downright incendiary statements, it's kind of silly that his responses (where applicable) are so entirely vapid on whitehouse.gov.
I am not advocating neutrality. I am advocating avoiding snares.
Policy change is fundamentally dependant on the organization of the people. It is that organization that makes it a political reality.
A Presidents ability is constrained by this dynamic and it is a good thing! It keeps power in check.
The people enable absolute justice not the President. They are the arbitrators of liberty.
Whether you agree with the institutions actions or not there is a greater balance to be struck.
* edit
I am concerned I did not address your point on vapid responses enough.
I just think it is a constant political liability and it would be better off if every senator, party, legislator ..etc could reply to the question. Then the people could get behind an idea to make it a political reality.
* edit 2
Also checked out Org For Action. I would guess that perhaps it is a different audience and it is not using the Presidential position? I do see your point. Perhaps it is simply different chains of command and therefore policy?
This is actually a perfect microcosm of the subject in question :-)
Knowing the community and how they feel about these hot button issues I gain no reputation by making a point against the grain. In fact I have lost reputation...
Hahaha... If I had took my own advice and applied more PR(triage) or acted as a populist. Then would I not have gained votes instead of lost? Even if the position was invalid or it was not what I believed?
This is precisely the deficit that has held back democratic culture for centuries. It is our greatest weakness.
I think the criticism that they don't normally respond to petitions is valid so I don't really want to point this out but they did respond to the petition to allow cellphone unlocking and that has affected change. Of course, the petition wasn't the only cause of the change.
That's actually really interesting. The cynic in me wants to say "well, it was happening anyhow, so they capitalized on it", but I wonder how much of an impact that petition actually had.
It is the type of thing a politician gets irritated too by and it isn't really controversial from the voters point of view, so it gets done.
In the EU the politicians at EU level pushed through max roaming charges for SMS messages, whilst leaving data roaming rates ludicrously high. My take on it was that the politicians weren't using data so they only dealt with what was painful for them on an individual level.
Why are you reminding about this? Isn't it obvious, 6 years later, that entire Obama Administration is a charade?? Why would it be any different when it comes to petitions.whitehouse?
Don't mind the case of obvious abuse of power and long arm of the gov that destroyed the life of a young and basically innocent man.... here look at this one, nice and thoroughly answered:
I'm afraid you are right. "After 911 we tortured some folks but lets not be sanctimonious about the tough job the tortures had" is by far the worst thing any president (or dictator) has ever say in a public speech.
Responses of the Obama administration to online petitions has been ... less than encouraging.
However: the administration created the petitions process, and petitions are online. What has and hasn't been responded to is a matter of public record.
If, at some point, another political party (or even a different administration of the same party) comes into power, and changes this in any significant way (including, possibly, improving the system, though I suspect it might go the other way) will be notable.
Regardless of the follow-through, Obama did set a precedent.
Was there ever an argument beyond 'information wants to be free' to this? Let's say PACER docs were being pulled and hosted elsewhere. What if case information was updated as per part of the legal process, aka person X is now innocent. How does this change to past case documents get propagated to the 'illegal' mirror?
This is interesting because I think we do want an authoritative document store and that, yes, we hence need to pay for its upkeep. So if he had mirrored and hosted all of these cases, they would've been merely snapshots of past history, not the curated corpus that PACER has.
The same could be said of scientific papers where large retractions are handled by the journals, but may be lost by some mirrors.
Information quality, provenance and current validity is more important than the trope of 'wanting to be free.' Once information passes into the 'historical' realm, perhaps it should/must be free, but when we are in the malleable phase it's irresponsible to 'mirror once' without knowing how to get pushed (or pull) updates.
Look at how the Linux kernel mirror system works, push mirroring, etc. The scrape method doesn't pass the smell test if you really want to provide a service beyond point in time archiving (aka archive.org).
Regarding depression, suicide and unfair persecution I'll withhold comment.
> Was there ever an argument beyond 'information wants to be free' to this?
I can think of four: 1) The information is vital to government and to justice, both personally (if you are party to or have a stake in the case) and as a public affairs issue; its availability should not be restricted in any way, and especially not restricted to those who can afford to pay. 2) In principle, access to the courts should not discriminate based on any factor, especially wealth. 3) The information is a product of taxpayer-funded activities and therefore should be public and free. 4) 8 cents/page for downloaded data is ridiculous; what if HN charged us 8 cents/page?
Does anyone know what Swartz' actual arguments were?
The strongest reason, to my mind, is that we have a common law system, so the public can't fully and accurately comply with the law without access to the court records upon which the common law rulings are based.
The complaint is that the current system of document storage is not good enough to balance private review and public disclosure. Restriction should not be withholding. It is like eating a pizza pie before it cools.
Burning the roof your your mouth sucks... Quality of information is as important as availability. This is a job for a lever.
>>> What if case information was updated as per part of the legal process, aka person X is now innocent.
You seem to be confusing two questions here: access to data and reliability of data. Let's take the example of opens source software, specifically linux kernel you mentioned. Anybody can create a mirror of linux kernel sources. Would that mirror be up-to-date? Who knows. How we solve this problem? We have a network of authoritative mirrors, we have signatures, we have places where new persons can discover which mirrors are recommended to be used. Does this mean if you want to open a new mirror you'd be banned from doing so until you prove you're worthy? No. But in order for your mirror to be useful by more than yourself, you'd have to convince others you are.
Same can work with legal and scientific information. Let's even say federal government, with all its trillions of dollars, can not afford hosting a free information site. Removing merely legal hurdles, while keeping paid access, would allow volunteers with cooperation of trustworthy organizations - like universities, major NGOs, etc. - to raise private funds to keep free mirrors alive and up-to-date.
This is a solved problem, the only thing preventing its deployment is the legal prohibition. Quality is not a problem, we know how to solve quality issue. Swartz tried to use technology to go around legal hurdles - unfortunately, in current environment this no longer works, law has caught with technology enough to resist attempts to work around it with technology. Now one can only hope it would soon advance enough to actually enable technology to help, not only disable it.
I've been following a legal case using pacer for the past year and if you something is added or updated on a case an email notice gets sent out to the people who have registered as interested parties with a link to the document and you get one free download.
A pretty simple way to bridge pacer to a system that doesn't suck would be to register some kind of bot to get the email notices from each case and download and file each document as it becomes available.
The argument is this information is free. Products of the federal government are in the public domain, so to restrict access to it so aggressively is unethical.
How come no one even bothered to remove his full address and ssn from the records?.. On the other hand, even the very names of people who approved and drafted the documents are removed.
I’m not sure about his address, but social security numbers of all deceased people are made public by the government in the Social Security Death Index, presumably to prevent identity fraud.
Effective immediately, the FOIA provides no protection at all to deceased individuals. However, HIPAA is precisely the opposite in that the records are immediately sealed and the right to open it passes with the rest of the estate. I should note, I am not a lawyer and you should not take this as legal advice.
It could mean something to their families, though. That may not be enough for it to be law, but I'm sure a lot of families would prefer that if something troubling came up after their loved one died, no one else would have to find out.
If it pleases living people to think that they will have a right to privacy after they die, or to force other people to not pry into their dead relatives secrets, living people could easily craft a right to privacy for the deceased.
Wait, were the case files for Aaron Swartz classified or just never made public? What would be the reasoning for classifying his case? How was he a threat to national security?
I think classified is the wrong word. These are investigative documents released after a FOIA request, but I don't see any indication that they were ever classified.
On PACER fees, IMO a good compromise is to only charge for the actual court documents retrieved. No charging for search results, docket listings etc, and there is already a $3 cap on documents.
Frankly there are plenty of private organizations desperate to take over Internet distribution of these documents, at no charge to anyone. If PACER can't match or compete with this, then they should step aside as far as distribution goes.
Because our law is made by the hands of ultimately fallible beings. We are inevitably going to make mistakes. This is the reason we have legislative bodies. They are a guard against our own lack of omnipotence.
Have you actually read anything about this case? Some facts include:
a) He was threatened with 35 years in prison for downloading journal articles from MIT. Both MIT and JStor (the wronged parties) were against this heavy handed prosecution.
b) Aaron was not convicted because he chose to kill himself while the prosecution was ongoing. The prosecution wanted him to serve six months in a federal prison; Swartz refused this plea deal. Aaron killed himself shortly after the prosecution declined his offer.
c) This style of prosecution (ie - go to court and risk 35 years in prison vs plead guilty and spend six months) goes against justice.
Aaron was a good friend of mine, I know quite a bit about this case.
a) No he wasn't, this is a common misconception by people who don't understand how the US court system works.
b) Aaron had a good deal, the indisputable breaking-and-entering charge would probably have gotten him more than 6 months. (Clarification: Aarons state charges were dropped to make way for the more serious federal charges, so in the end he didn't even get charged for the breaking-and-entering.)
c) Again, read up on the US court system.
You're disrespecting his memory by using him as a weapon for your misguided crusade.
a) Even if we want to bicker about the exact time, can we agree that he was facing a possible 5 years? That's ten times longer than what the prosecutors thought an appropriate punishment (the 6 month offered plea).
b) Not for a college-class first time offender into an unlocked network closet, especially given the institution. That would have been handled at the local level, and would have most likely ended up in probation.
c) Yes, this case was business as usual for the US "justice" system. That doesn't make it right.
If Aaron was a good friend of yours, then you probably do have some different insight. Please share it here instead of repeating the same tired he-got-what-he-deserved FUD.
Aaron's attorney at the time of his suicide wrote a summary of the case shortly after Aaron died. His attorney believed that given the nature of the crime (particularly: nonremunerative) and Aaron's first-time offender status, he was unlikely to serve a custodial sentence even if he was convicted. You can reach a similar conclusion by looking at the federal sentencing guidelines and seeing where the probation cutoff is.
This isn't bickering; the C.W. about Swartz is indeed that he was facing decades in prison. He was not.
I agree with the overwhelming majority of everyone that a custodial sentence for Swartz' actions would have been a miscarriage of justice. But the distinctions being made in this thread are not minor ones.
The prosecution thought he would get well over six months in prison, so beliefs clearly differ.
From a security mindset, you must surely know that if something can happen, then you must consider it. The statistical "expected outcome" of the sentence is irrelevant when it's the variance that's so crushing.
I'll give you that "decades" is an emotional exaggeration the other way. But unless you can bound that maximum at less than three years, then I would still call it "bickering". Anything in that range is life altering, and distinguishing between personality-ending and life-ending isn't particularly meaningful when they have a similar effect on the defendant.
You can look at sentences for comparable crimes with remunerative intent. For instance: Stephen Watt got 2 years for being instrumental to a massive credit card theft operation.
Another question you could ask is, is there an expert in criminal law who has made a case for Swartz actually facing 3+ years in prison?
a) Sure, he was facing a possible "5 years" (most likely much less) and was well aware of that.
b) Debatable, a prison sentence of a few years definitely wouldn't be anything out of the ordinary
c) You make it sound like there's something wrong with deals by prosecution, I don't think so. The deals don't hurt anybody and offer an easy way out.
Aaron knew what he was doing, he made a conscious decision to do it. I believe Aaron also knew that he'd get in trouble for doing this, what he was doing was civil disobedience. Orin Kerr describes this fairly well in his article http://www.volokh.com/2013/01/16/the-criminal-charges-agains...
I replied to your top-level comment, but I'll just emphasize here, that Kerr himself does not agree with your assessment that "there really doesn't seem to be anything wrong with the law here".
He also doesn't agree with your opinion that there's nothing wrong with the way prosecutors use plea bargaining.
He does argue that Aaron knowingly broke the law and should have faced some consequences, but probably not felony charges.
Really, you should read Kerr more carefully before linking to him.
And with that, you lose a great deal of credibility. It goes against your claim to have a great deal of knowledge about this case.
> The deals don't hurt anybody and offer an easy way out
With this, you lose a great deal of reputation you might have as a moral person, since you seem to think that extortionate behavior is acceptable, particularly from those with overwhelming power, such as the USG prosecutors. True, you are in good company, as the US justice system largely agrees with you that they have the right to extort; but that doesn't justify your position so much as emphasize that theirs, and yours, is evil.
> The deals don't hurt anybody and offer an easy way out.
What is wrong with some of you Americans?
How can you have as a part of justice system a deal where you can say "Ok. Let's pretend that I did this thing and you don't have to actually prove it and you won't try to convince anyone that I did this other more horrid thing you accuse me of. And who cares about the truth?"
Plea bargaining exists in Germany as well (under the rubric of "confession agreements").
I think plea bargaining is a red herring. Plea bargains are a necessity: jarring as it is for us to consider this, most felony† defendants are in fact guilty, as a simple consequence of how policing works. It doesn't appear that way to us intuitively, because we only hear about the interesting cases.
That's not a defense of US criminal procedure! We have a terrible, back-breaking policy flaw: sentences are much too onerous, as a result of several decades of "war on crime" legislation from the 70's, 80's, and 90's.
Even if the numbers make guilt look more likely, we cannot create policy with the assumption of guilt. We subscribe to a principle of innocent until proven guilty, plain and simple.
This principle is an essential safeguard, critical for the preservation of order in a democracy.
As I have said before in this thread. Don't rob Peter to pay Paul. It is simply illogical and counter productive.
No doubt a functioning court system is also extremely critical.
We just need to think about it like a bug in the software. In the end it is up to social innovators to correct this deficiency. There is a solution to this problem.
EXTRA --
There is the argument that this does not apply to illegal combatants or immediate threats to national security. Obviously that is another problematic and complicated position that my have policy bleeding into this case.
It is an unfortunate problem with the current judiciary system. Pleas do avoid trail and as I understand it when things go to trail the penalties are substantially harsher.
So in many ways it can become the best bet... even for an innocent person.
> The deals don't hurt anybody and offer an easy way out.
Plea bargaining is a system that leads the state to extort guilty pleas out of innocent people. If you think it doesn't hurt anybody, quite frankly you have no idea what you're talking about.
If you'd like to learn more, here's a well-known paper on the subject:
If sentencing guidelines were ratcheted sharply downwards, plea bargaining wouldn't have an extortative effect, because prosecutors wouldn't have the latitude to pursue outlandish sentences.
However, if plea bargaining was outlawed but sentencing guidelines remained as they are now, sentencing and criminal procedure would remain unjust for the majority of defendants, who are ultimately guilty but don't deserve outlandish sentences.
Both policy changes are very unlikely, but for different reasons.
Plea bargaining won't be outlawed or curtailed because doing so would require allocating a huge amount of money to the court system, which is already overtaxed. Preempting an argument nobody has made: that's not "their problem, not ours", because what we'd really be talking about is years and years of delayed trials during which people will be held in confinement anyways. Look at China for an example of a system that has that problem in a big way.
Sentences won't be ratcheted down because there's never a political upside for doing that. That's obviously tragic.
A few years in prison for breaking and entering a maintenance closet on a college campus for a first time offender is ordinary?
Wow, I guess the hacks that happen at MIT do carry quite the risk then. I can only imagine how many decades people would have gotten if they were caught putting the Lunar Module on the Great Dome.
The law was going to give him prison time and mark him as a felon for life for the crime of downloading academic papers with the intent of making them available to the public. It continued to pursue this even after JSTOR had asked the attorneys to back down, hounding him incessantly even after informed that he was psychologically ill.
The tragic thing about this is that anyone affiliated with an academic institution already most likely has free JSTOR access and those who do not can find a large number of significant papers on sites like gen.lib.rus.ec, visit a local university library, email someone with access to the paper or can do any number of other things.
You probably mean 6 months or less, because that was the prosecution offer. And yeah, I think that was actually a pretty good deal. Although I would agree that in a perfect world the material he took would already have been public.
I think you are grossly underplaying the consequences of that plea deal. Six months (or less) in federal prison would still have him labeled as a "convict" and he would have lost numerous civil rights (voting being one) as a result. Needless to say, he would have to carry that label for the rest of his days as a US citizen. From what I understand, Aaron did not want to carry that cross, more so since he considered himself innocent. Hence, in protest, he took his own life. I am neither condoning nor criticizing his action and his final decision, as I am in no position to do that. However, I strongly doubt it was as simple or straightforward as you'd like it to appear. If you are a friend of Aaron's and you have come out publicly (on HN) as one, perhaps you could explain the reasoning and motivations better than most of us. Why not do that, instead of oversimplifying the whole situation?
Soldiers go to war knowing they can be killed. That doesn't mean when the enemy kills US soldiers, we should just shrug and say "well, they knew the risks, who cares?", does it?
No, I meant what I've written. If 6 months was an "amazing" deal, then 9 months or a year would be good a good deal and I absolutely disagree with that.
There are some serious problems with the Computer Fraud and Abuse Act, which was seriously abused in this case. Members of Congress have recognized this and tried to reform the law because of the abuse.
I don't think technological illiteracy plays a large part here, Aaron exploited a flaw in JSTORs ratelimiting system and continued doing so after being blocked several times by JSTOR administration. After that didn't work out he broke into a server cabinet at MIT.
The choice between "100% OK" and 30 years in jail is a false dichotomy. Nobody says Aaron Swartz was a saint without any flaw, and one can easily find many ways in which in hindsight one could suggest better action, especially if one doesn't actually have to act on their own advice. But that he was a fallible human being is not the same as accepting the treatment he's got from the US government. He was trying to fix an injustice and he was not harming anyone. Prosecutors have enough power and discretion to accommodate that if they wanted. They didn't want.
30 years in jail is a false dichotomy and people need to quit parroting that in relation to this case, it was never ever in any way going to be close to that.
Well, 30 years maybe a bit exaggerated, but multiple years in jail were well on the agenda if Swartz would not take the plea agreement, as the facts of the case were against him and the jury probably would not (and would be instructed not to) relate to his motives and why he did it. Then it would come to the sentencing and as the feds were determined to make an example of him... it would be hard to expect much leniency, especially given the fact that Swartz probably didn't think what he did was wrong (even if how he did it may be against he law) so he would not get the "regret" leniency too. So maybe not 30 years, but multiple years still, which is very harsh and can ruin one's life.
P.S. btw, please look up what "dichotomy" is. You can not have dichotomy of one thing, at least in the meaning of the word we're dealing with here.
To this, I can only add that there are a lot of bad laws and even more, much more, bad prosecutions, so sounding like every prosecution is right and if you don't like it, just don't break the law, is not only sounding mean and morally obtuse, but also very uninformed.
Sorry but serving six months jail time (and most likely less) for repeatedly breaking and entering is perfectly reasonable to me and not obtuse whatsoever.
Most on HN are outraged with this type of sentencing because it's someone they liked, but if it was anyone else it would be perfectly acceptable.
Did you spend time in federal prison? Are you dealing with convicted felon status? You seem to be awfully quick recommending people to sit in jail and accept the life of a convicted felon. It's either you recommend it from experience of it not being a big deal, or it is the obtuseness.
Essentially he was exploiting a vulnerability in JSTOR to mass download court documents, what if he was downloading credit cards instead? Or some sort of corporate secrets?
(Sure, credit cards and court documents are very very different. But the act here is the crime, not what he gains from it)
> Essentially he was exploiting a vulnerability in JSTOR to mass download court documents
He was downloading academic articles, not court documents. You're mixing up the JSTOR download and the time he pulled down PACER documents. He did have legitimate access to the JSTOR documents, but was bypassing rate limiting. In the process, he did do some things that were illegal, but nothing that honestly justified the Feds charging him with CFAA or wire fraud charges filed, nor anything that justified a felony conviction. What he was doing wasn't the sort of crime those laws were written to address and that they were intended to stop. The Feds. abused the ambiguities in poorly written laws to charge him.
> what if he was downloading credit cards instead? Or some sort of corporate secrets?
What if he was raping women? Or committing genocide?
> But the act here is the crime, not what he gains from it
Downloading scientific journals is not the same "act" as committing credit card fraud. It is an outrageous defect in the law that it doesn't adequately distinguish them.
Wow. You claim to know a lot about the case, but you don't even realize that JSTOR holds scientific papers, not court documents.
Swartz had previously downloaded court documents from a service called PACER. An FBI investigation was opened, but closed with no charges being filed; he was not prosecuted for that.
My issue is not the crime but the intention of the individual and whether or not his behaviour was fundamentally prosocial and/or in the national interest.
We have constitutions and laws specifically to product/advance those interests. If that is the standard by which we judge actions, then it change how we should view the case.
This debate has fueled technological literacy among the general population/legislative/judicial. Much like the fappening is doing for crypto/personal_security (Re: Android/Apple announcements). It further underlines the critical role that technology plays in our civil life.
Your question made me want to find out more for myself. I ended watching The Internet's Own Boy[1]. I'm glad I did and I recommend it for anyone who hasn't seen it yet. It will answer your question of why people care.
It's famous for several reasons, which you are surely aware of.
The most obvious is that the suicide of a well-known, brilliant, and promising young activist gets people's attention. It's natural for people to mourn, to some extent, and to wonder what he could have done with the rest of his life had he not ended it. It is a very sad thing.
Also, it brought to a lot of people's attention, including mine, some of the problems with both the CFAA specifically and with the way that federal prosecutors routinely abuse their discretion generally. Orin Kerr discusses both of these points in the second part of the piece you linked to [0]. I'll quote one passage:
On the third question, the issue of who was to blame if the prosecution was too severe, I think it’s important to realize that what happened in the Swartz case happens it lots and lots of federal criminal cases. Yes, the prosecutors tried to force a plea deal by scaring the defendant with arguments that he would be locked away for a long time if he was convicted at trial. Yes, the prosecutors filed a superseding indictment designed to scare Swartz evem more in to pleading guilty (it actually had no effect on the likely sentence, but it’s a powerful scare tactic). Yes, the prosecutors insisted on jail time and a felony conviction as part of a plea. But it is not particularly surprising for federal prosecutors to use those tactics. What’s unusual about the Swartz case is that it involved a highly charismatic defendant with very powerful friends in a position to object to these common practices. That’s not to excuse what happened, but rather to direct the energy that is angry about what happened. If you want to end these tactics, don’t just complain about the Swartz case. Don’t just complain when the defendant happens to be a brilliant guy who went to Stanford and hangs out with Larry Lessig. Instead, complain that this is business as usual in federal criminal cases around the country — mostly with defendants who no one has ever heard of and who get locked up for years without anyone else much caring.
I agree wholeheartedly. But for many of us, it was the Swartz case that brought this issue to our attention in a big way. I think it is natural for us to associate the issue with Swartz even if we agree with Kerr that the problem is hardly confined to this one instance.
As for the CFAA itself, Kerr argues, and I again agree, that the provision triggering felony liability is much too broad. Had the statute been reformed as Kerr suggests, Swartz might not have been looking at a felony charge. I agree that Swartz should have faced some punishment, even if just a misdemeanor conviction and probation. It's really the looming felony conviction that Swartz was unable to swallow, and I am too. It highlights how the federal criminal law has grown into a monster.
If you want another case that shows the same thing and should also be famous, the George Norris felony orchid smuggling case [1] would be a great choice.
I find this interesting because it wasn't some flag on the PACER system screaming "HEY SOMEONE IS DOWNLOADING THESE EVERY TWO SECONDS" but instead was noticed because some law clerk was irritated at how slow the server was at responding.