Slashdot Mirror
Aaron Swartz and MIT: The Inside Story
An anonymous reader writes: "The Boston Globe has reviewed over 7,000 pages of documents from Aaron Swartz's court case, shedding light on the activities that got him in trouble and how MIT reacted to his case. Quoting: 'Most vividly, the e-mails underscore the dissonant instincts the university grappled with. There was the eagerness of some MIT employees to help investigators and prosecutors with the case, and then there was, by contrast, the glacial pace of the institution's early reaction to the intruder's provocation. MIT, for example, knew for 2½ months which campus building the downloader had operated out of before anyone searched it for him or his laptop — even as the university told JSTOR they had no way to identify the interloper.
And once Swartz was unmasked, the ambivalence continued. MIT never encouraged Swartz's prosecution, and once told his prosecutor they had no interest in jail time. However, e-mails illustrate how MIT energetically assisted authorities in capturing him and gathering evidence — even prodding JSTOR to get answers for prosecutors more quickly — before a subpoena had been issued. ... But a number of JSTOR's internal e-mails show a much angrier face in the months that Swartz eluded capture, with employees sharing frustration about MIT's "rather tepid level of concern." JSTOR officials repeatedly raised the prospect, among themselves, of going to the police, e-mails show."
And once Swartz was unmasked, the ambivalence continued. MIT never encouraged Swartz's prosecution, and once told his prosecutor they had no interest in jail time. However, e-mails illustrate how MIT energetically assisted authorities in capturing him and gathering evidence — even prodding JSTOR to get answers for prosecutors more quickly — before a subpoena had been issued. ... But a number of JSTOR's internal e-mails show a much angrier face in the months that Swartz eluded capture, with employees sharing frustration about MIT's "rather tepid level of concern." JSTOR officials repeatedly raised the prospect, among themselves, of going to the police, e-mails show."
So MIT as a body did not care about Swartz, but some busy bodies did. I wonder if it is a part of their job description?
It was never about Aaron or JSTOR. It is how can some people fulfill their dreams on advancing their careers by throwing somebody 6 feet under.
Well job done, US prosecution.
Where is the mod for 'duh'?
You can't be ahead of the curve, if you're stuck in a loop.
Bureaucracy is low intensity conflict, i.e. war. War is hell. Hell surely has a hellish bureaucracy.
Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
Debunked by whom?
I agree in part and disagree in part. Swartz was not an asshole, he was however a moron, who let occupioer types convince him that just because you protest, you cannot be arrested for your protests. Which is just the opposite of what Martin Luther King said which is that if you break laws protesting an unjust law, you should gladly go to jail.
That said, let us remember that what Swartz did was download a bunch of papers describing research that was mostly paid for by the government, and that researches paid [1] to be published. The money used to pay to publish also mostly out of government money. Fact is that the system for publishing academic articles served us well for many years, but is now obsolete. The job could effectively done better by the government sponsoring e-journals, and would be much cheaper then the government is paying now, and be free to anyone with internet access.
The thing is that I believe the Boycott Elvesier movement has done more to promote the cause of publicly open journals then anything that Swartz did.
[1] Because I'm sure some idiot will come along and claim that Swartz was stealing from the authors of the papers.
The whole story is just a damn shame.
I just hope there are some people who feel guilt about it.
You are welcome on my lawn.
Former researcher here:
a) while the System for publishing needs to be overhauled seriously (and thats happening all the time) it is by no way obsolete
b) while publication fees exist these are usually minor, and are quite low if you dont demand printing features (e.g. colored prints)
c) I think JSTOR fulfills a important role. Without such a organization, univerities would be forced to eat the shit of the publishers in a much bigger extend
d) Not acting on the illegal copying of a big database would undermine the attempts to open up the situation. Something which Aaron did is exactly what the publishers alsways fear.
e) The MIT acted correctly. If a business partner of mine is attacked in such a way on my network, i have the responsibility to clear the situation and secure evidence but no responsibility to press charges on my own.
f) I dont share the interpretation that he did not know what he was doing
g) Reasons for suicides are complex. The assertion that somebody is responsible for a suicide, since he was not 100% positive and supportive about an individual is not the right message, especially *not* in the light of preventing future suicides
In this case it appears that one major factor was that his girlfriend was threatened and he seemed to think that suicide would take the pressure off her. Due to the fuss generated over his suicide he was correct and the threats of legal action against his girlfriend stopped.
Are you starting to see what sort of people were involved here? If they were petty criminals instead of lawyers or their agents acting like petty criminals they would probably be doing time for their actions.
I'm not sure that guilt is the right response. His father is probably feeling absolutely destroyed by this, and I don't think he needs to be dragged through the muck by people looking for someone to blame.
Kids like Aaron are probably all over the place - young people who think the only moral thing to do in the world is to try to steal from those with power because of how that power has been so abused by its bearers. I don't blame them for thinking that way, but it's really sad that there's nobody other than disenfranchised radicals to give them a sense that there might be a better world on the horizon.
Institutions like the universities have it in them to give people hope for the future. I hope they try to take this as a chance to explore why people want to take from them and look at how to broaden access to their research to make it more widely accessible, rather than just closing up shop and keeping everything behind the locked doors of the academy.
Myu:
> Swartz was not an asshole,
No, he was an asshole. The *scale and intensity* of his attempt to download and replicate *all* of JSTOR, including the indexing, was not only illegal in itself. Because of the amount of bandwidth he was using, he repeatedly crashed parts of JSTOR. That means that researchers and scholars woldwide lost access to a vital research tool. And as a response, and to protect the rest of the world's access, they finally had to cut off MIT's access. He was screwing with people doing medical research. People *die* because cutting edge research gets held back for bonehead reasons.
If Swartz had taken the single step of cutting the bandwidth he used by 75%, JSTOR wouldn't have kept crashing and had to punt MIT. And if he'd done it from his office at Harvard, *which had similar access to JSTOR*, there probably wouldn't have been a way to charge him, and it would be his employer's problem. Swartz was allowed on the MIT campus because of his Harvard ID, and his screw up has cast that whole reciprocal agreement between MIT and Harvard for library and campus access in doubt.
What Swartz did was not directly stealing from the authors of the research, it was making their research inaccessible while in progress. It screwed with the thesis writing of friends of mine, and interfered with research projects throughout MIT. Frankly, MIT should have been *much* more eager to help slap cuffs on this twit, but they're traditionally very, very slow to act against "cracking" because it's *embarrassing*, and the prosecutors inevitably fuck it up. Look into the David Lamacchia case about 10 years ago for an example
He set up a laptop in a cabinet and downloaded files. The charges -- at best -- should have concerned interference with property. There have been MIT pranks which warranted more serious charges.
Instead Schwartz was faced with a 35 year sentence and the full weight of a Federal prosecution. It's as if Rosa Parks refused to give up her seat, and instead of a $10 fine, found herself charged under anti-terrorism legislation with a 15 year prison sentence for disobeying TSA regulations and a $10 million fine. In other words, a cruel and unusual punishment. Even Dr. King would have found it difficult to rally support in the face of that kind of state reaction to protest.
May the Maths Be with you!
In his office at Harvard. He had legitimate JSTOR access there. The difficulty is that he needed _bandwidth_, and ideally to avoid detection on the routine network maps managed by IT staff, and to avoid the typical monitoring and proxy configurations found on most competently administered public wi-fi access points.
For your own good, you might be wise to stay out of this one. In much of this debate the role of industry in determining who should and should not have access to certain empowering resources gated by the universities, for the sake of creating and managing a skilled workforce, is seriously contentious. To step in and attempt to use your power to force through certain changes risks a serious lose of customer and social confidence.
Myu:
If JSTOR is disseminating public-domain papers and just charges the cost of hosting them for downloaders, what was it afraid that Swartz would actually do with the trove of downloaded papers? Had he gone set up his own database and website, it would have incurred costs similar to JSTOR, and so Swartz would have charge about the same to keep it running.
If Swartz' bulk downloading was crashing the site, why doesn't JSTOR just teergrube its download process. Imposing a one-second delay at the start of each downloaded paper would not be noticeable to the ordinary user, but would have prevented Swartz from overloading the system by downloading huge blocks of data at one time.
"Swartz was not an asshole, he was however a moron, who let occupioer types convince him that just because you protest, you cannot be arrested for your protests", by MouseTheLuckyDog
"The prosecution of Aaron Swartz was motivated, in part, by the 2008 “Guerilla Open Access Manifesto” the internet activist had penned advocating for civil disobedience against copyright law, Swartz’s attorney confirmed Friday." ref
"A reluctant witness's account of a Federal prosecution. If you haven't been following the case, start with the editor's note for context. ref
In his office at Harvard. He had legitimate JSTOR access there.
Precisely. Why enter a networking closet when you can just do the download from a place where you are already allowed to go?
The difficulty is that he needed _bandwidth_, and ideally to avoid detection on the routine network maps managed by IT staff
Was there a reason why those papers needed to be downloaded in such rapid succession? If he was able to get - for example - 20GB of papers in a day, what difference would it make if it took him a week instead? I can't find a solid argument for why he couldn't have done it without using the networking closet.
As for detection, if he was downloading papers that the school had access to, then detection should not have mattered. It is not unusual for grad students (for example) to download many GB worth of papers when writing or preparing their thesis; similarly people writing review articles for publication might need to download very large numbers of papers as well.
and to avoid the typical monitoring and proxy configurations found on most competently administered public wi-fi access points.
Even if the wi-fi throttled down his bandwidth for excessive usage (though an academic wi-fi should be set up more intelligently, only doing such things when the traffic is purely recreational rather than academic), he still could have obtained the data - it would have taken longer.
If all he wanted was academic journal articles - and I'll agree that they should have been free rather than paywalled - there was no good reason to use the networking closet. Hell if he's as smart as we make him out to be with regards to networking he could have either distributed his downloads across a number of systems to evade detection, or spoofed (IP and/or MAC) addresses, or a number of other things to do the same thing without having to physically go where he was not supposed to be.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
Let's beat it to death!
That the MIT IT people must have been frazzled about this. I've been in similar situations and my answer pretty much echoes theirs in that I too told them so.
But the case against the kid did i fact have several exploitable holes in it. That whole guest access thing. I've been in places where we've had to have public access. I made sure that the screws were torqued tight regarding security on those public machines. You could get on the web but you were blocked off from things the content manager didn't like, and you could print. That's it.
Let's say it again: copying is not stealing. You keep using that word "steal" because... you're trying to strengthen your argument, which is that Swartz was a jerk?
To further this assertion that Swartz was a jerk, you say that he effectively did a Denial of Service attack, though you concede that it was probaly not intentional. Let's look at that charge a little more. If some high school kid crashes the school web server by repeatedly hitting F5, is the kid in the wrong? Or, maybe, you know, the people who set up the system did a bad job and as soon as a problem crops up, go on a witch hunt. JSTOR was not hit with a DDoS. Systems should be robust enough to handle requests in a fair fashion. Maybe the ability to handle a DDoS is asking too much, but this was a single user. Don't join the witch hunt!
Seems also that you are not thinking of JSTOR at all. Were they jerks? Absolutely! They should never have locked away all that research that we paid for. It should be freely available, perhaps in torrents. JSTOR's entire model is an offense to freedom and a slap in the face to us all. And they could have done a better job on the technical side, and made their service able to handle a more demanding load. It's not like we haven't done loads of research into operating systems and task scheduling. Why do you give JSTOR a free pass? They're as much or more at fault for your friends' difficulties in accessing research.
Intellectual Property is a monopolistic, selfish, and defective concept. It is "tyranny over the mind of man"
If we're being precise, JSTOR is mostly a database of humanities journals. If we were talking about Web of Science or Scopus, then sure, perhaps that could've occurred. Even if it were a biomedical oriented database, very, very, very rarely will any doctor involved in point of care service try to find a journal article on anything. They will largely be using point of care oriented databases like Clinical Key which provide actionable information rather than benign background which isn't altogether relevant to a particular patient's needs.
Every post I make begins with the assumption P=~P.
JSTOR, not Swartz, cut off access: "MIT was harmed in the process, Grimson said, with 10,000 researchers denied an important resource for several days as JSTOR sought to cut off the mass downloading."
You failed your metaphor test yourself. Swartz didn't use anything but bandwidth that would have gone wasted otherwise. There is no real physical metaphor that makes sense. And it was JSTOR that cut off access, not Swartz: "MIT was harmed in the process, Grimson said, with 10,000 researchers denied an important resource for several days as JSTOR sought to cut off the mass downloading."
> Swartz didn't use anything but bandwidth that would have gone wasted otherwise.
No, he didn't use only "bandwidth that would have gone wasted otherwise", He overwhelmed the _JSTOR_ servers at least once, enough to crash some critical JSTOR services. That cut off access not just for MIT but for researchers worldwide. And the amount of bandwidth he was using slowed JSTOR significantly for MIT's students and researchers repeatedly in the months before he was arrested.
So no, he was blocking the service for other people.
> If we're being precise, JSTOR is mostly a database of humanities journals.
From JSTOR's own front page information, you're quite correct. But look closely:
Area Studies (602 titles)
Arts (1600 titles)
Business and Economics (2048 titles)
History (7834 titles)
Humanities (8043 titles)
Law (817 titles)
Medicine and Allied Health (688 titles)
Science and Mathematics (3025 titles)
Social Sciences (11255 titles)
While you're quite correct that it's mostly humanities journals, the medicine journals are a critical research tool, as are the math and science journals. So called "harder" sciences tend to publish less than the humanities, but what they do publish is quite critical to further research. JSTOR is an especially useful resource for cross-correlating research that touches multiple fields and which your local university or research library may not be able to afford the journals for.
I could not help thinking of 16-year old freshmen in my MIT class who committed suicide some decades ago. Before MIT he was the center of attention in his hometown for his brilliance. At MIT he was just another "average" genius hacker and not the center of attention.
I'm guessing when Aaron mastered some new project he got bored and moved on. Couldnt really complete a degree or product then. I am not sure to parent or manage these these kind of geniuses.
I forget the exact details. but the feds were pursuing a a student startup company related to bitcoin. MIT decided to give some legal help to them and to future such problems. I think the Swartz case increased their sensitivity.
He could have worked around that by downloading at a slower rate. If you are downloaded a lot at one time it's going to draw attention but if he downloaded at a slower rate (say an article every ten minutes) then it isn't likely to draw that much attention.
An article every 10 minutes is slower than new articles appear at JSTOR. But I agree, he could have reduced the chance of detection by lowering his download rate. Even at MIT, if he'd lowered his download rate by 75% I don't think he'd have crashed JSTOR and they'd have pursued his abuse much less avidly: perhaps law enforcement would have never been involved at all.
>> and to avoid the typical monitoring and proxy configurations found on most competently administered public wi-fi access points.
> Even if the wi-fi throttled down his bandwidth for excessive usage (though an academic wi-fi should be set up more intelligently, only doing such things when the traffic is purely recreational rather than academic), he still could have obtained the data - it would have taken longer.
The throttling would have shown up and been traceable to his wireless MAC address. And he needed a safe, reliable place to _store_ the laptop with the hard drives.
Few network admins exert the effort to monitor their ports inside their wiring closets very well: they tend to devote their monitoring to their network borders, and to their wi-fi routes because those are most likely to have attackers or abusers from outside your supported community. The articles seem to show that MIT follows this "don't implement security that you can avoid" model to their internal networks.
That tactic is out of date. The government has adapted to it. Now if you break laws protesting an unjust law, you are arrested and go to jail until your cause is long dead (or better yet, you are) and nobody even notices except a few unimportant true-believers.
Those trolls that Glenn Greenwald wrote about are trying to prevent Aaron from being martyred. "Convinced by some occupiers"? So you're trying to say teh evul OWS corrupted his pure heart? Please. On the other hand, you could say Aaron was inspired upon seeing occupiers help people who were illegally forclosed upon reclaim their homes. But you'd sooner subtly shit on a populist movement like OWS. Loaded, weasely words. Nice try, ttoll.
Standard authoritarian tactic -- follow the chain of cause and effect back to the party you want to blame, then stop.
Vandalism, arson, speeding, blasphemy, slander, theft, fraud, and copying are all different. None of these should be lumped together as somehow different forms of stealing, not even fraud, vandalism or copying. While the goal of most fraud may be theft, it isn't always. Money is not the only thing that can be forged. So can driver's licenses and identification papers. Throwing a brick through your window is not stealing, it is vandalism. You lost a window, and no one gained it, whereas copying is the other way around. Someone gains something and you lose nothing. Nor should all of these be crimes. Blasphemy is no longer a crriminal act in much of the world. And what have you to say about the distinction between the material and the immaterial? These different things should have different legal treatment.
I did not say a DDoS was okay. I said that what could seem to be a DoS (with one 'D') should be okay. The principle is that any use that is easily handled by a good system should not be regarded as bad. If the system is poor and can't handle some usage that could be handled by a known better system within reason, that is the fault of the system, not the usage.
scientific journals ... are very expensive to run
No. Journals are no longer expensive to run. Neither the authors nor the reviewers receive any compensation from the publishers. Distribution, except for the obsolete dead tree kind, is now so cheap as to be close to zero cost. The publishers have sunk to being lowly, rent seeking gatekeepers who contribute no value.
often charge outrageous subscription fees
I agree, and am glad you also see their fees as outrageous.
public access which would be _impossible_ with so many journals and no organization of their contents and references, and no infrastructure to keep websites running and backups made
Those are jobs for our public libraries.
Intellectual Property is a monopolistic, selfish, and defective concept. It is "tyranny over the mind of man"
No one hates Aaron that fiercely. Your anger isn't convincing at all, but even so, I'm sure your masters are proud.
Goodness. Logical fallacy much?
I don't hate the man. I didn't hate the man. I just don't think it's fair to lay any blame on JSTOR or MIT for defending themselves from his abuse, and it _was_ criminal abuse of their resources, even if you refuse to call copying documents theft. Simply _scaling back_ the bandwidth of his downloads would have avoided JSTOR's problems and MIT's eventual cooperation with a criminal investigation, and people at MIT or campus guests like Aaron could have done their research unhiindered.
> If you persist in this belief that committing a DDOS or other disabling attacks is OK
Judging from your Slashdot ID, both you, and I, then, have participated in many actions which you seem to consider DDoS attacks --- namely, Slashdottings. I wonder if you'd be OK, then, that you should be charged with felonies for each and every one of those actions? Oh, I forgot --- you don't have to worry --- you're not someone who has a public presence so that convicting you could be politically worthwhile.
As for JSTOR, I find it telling that somehow, suddenly, they decided that it wouldn't ruin their business model if they made access free to the 6% of their database which anyway was in the public domain. They're not Elsevier, for sure, but it sure seems that Swartz did accomplish forcing JSTOR to reconsider what might be better for society, yet still OK to enable their non-profit business to continue running.
> Judging from your Slashdot ID, both you, and I, then, have participated in many actions which you seem to consider DDoS attacks --- namely, Slashdottings. I wonder if you'd be OK, then, that you should be charged with felonies for each and every one of those actions? Oh, I forgot --- you don't have to worry --- you're not someone who has a public presence so that convicting you could be politically worthwhile.
That's an odd, but interesting question. The last time I "slashdotted" a company I also called and gave the web administrator a courtesy call, to let them know what they were in for. One factor that made Aaron Swartz's behavior so reprehensible was that he _kept doing it_, apparently at full capacity, despite the obvious consequences to JSTOR and to MIT. It was actively destructive to an honest company and to research by thousands of people.
JSTOR's provision of free access to the public domain papers is, indeed, interesting. But I do believe that was already planned when Aaron got caught. JSTOR is a library service, a non-profit. They'll do what they can _afford_ to do to make the information available.
> One factor that made Aaron Swartz's behavior so reprehensible was that he _kept doing it_, apparently at full capacity,
> despite the obvious consequences to JSTOR and to MIT.
If you read JSTOR's own account, available on their website, Swartz continued to download between September and January, but without them noticing it. Somehow that makes me believe that he modified his behavior (including throttled bandwidth) so that only a new kind of analysis on JSTOR's part (probably statistical) gave him away.
> But I do believe that was already planned when Aaron got caught.
Obviously I cannot refute this, nor can you back this up with hard evidence.
> JSTOR is a library service, a non-profit. They'll do what they can _afford_ to do to make the information available.
They continued to pursue Swartz in January not because his downloading was costing them too much money, but because they feared that what he would do with the documents would cost them their goodwill with their upstream publishing partners. They could well have been correct (no one can know exactly what Swartz's long-term plans were). It seems pretty obvious to me that JSTOR, albeit a non-profit, was also an ossified bureaucracy, and whatever changes have happened since the incident are due to their management suddenly understanding that the way things "worked" ten years ago was no longer exactly what their users (or society) expected now (e.g., when they were founded, 99.9% of anyone looking for academic papers through the net were anyway academics/geeks --- now, I expect that a good segment of the general browsing population is also interested).
What possibly makes you think that JSTOR is ossified? They've been very progressive with how they handle new document formats, with the overwhelming number of new specialty journals, and with the advances in the sheer size of the data in new and already cross referenced work. That work is ongoing, it's _not_ cheap, and they're working very hard every day to manage it.
They've been precisely what a non-profit should be, and I applaud their efforts.
Whatever. It's actually refreshing to see fanboism for something like JSTOR. Since I got distracted, I suppose this thread is dead anyhow...
"He's an asshole." Sounds pretty cut and dry to me. You can spare the rest of your words--your agenda is easily read between.