Bad headline to IMO a much bigger story. Aaron’s metadata was swept up in, apparently, an NSL grab of a massive trove of email headers from the University of Pittsburg.
A case ostensibly linked to “Al Qaeda” allowed the FBI claim they had a basis to request a massive dump of email metadata from the University of Pittsburg IT department. We don’t know exactly how much data was collected, just that Aaron’s email happens to be on Page 27 of an Appendix.
All this metadata is stored indefinitely and is accessible in the course of any unrelated investigation.
The legal standard the FBI has to meet to be able to NSL this information from a target is described as “a hunch”.
National Security Letters (NSLs) are the things that every time they have been challenged in court the FBI drops the request, right? Since they don't want to test the constitutionality of them?
Seems like the University of Pittsburgh didn't call up the EFF and instead capitulated to a likely unconstitutional request.
In 2007 I don't think it was nearly as clear that challenging them was an option. But I'm also sure that similar things go on all the time and we just don't learn about it.
The irony of the email header collection is that since this batch of headers is associated with an "al Qaeda" investigation, then since the content of the emails is unknown, suddenly anyone who shows up in the headers appears suspect, especially out of context in a future datamine. Even though presumably hundreds or thousands of email addresses were in this same dump, and maybe one was of interest to the FBI at the time, but they cast the net as widely as they're allowed.
It's called "making the haystack bigger" in relation to finding the needle in the haystack. In other words mass surveillance increases the noise rather than the signal, which we've always know it does. The government just doesn't care because in the end mass surveillance allows it to target anyone at will without real judicial oversight for each person being investigated.
And this is where the rules/regulations become important for how many degrees of separation -- how many "hops"; see also the 'Kevin Bacon rule' -- they are permitted to pursue based upon the original source data.
If you believe that they actually adhere to them. As someone else described (I don't know), this particular collection started with "a hunch"...
If we don't know what our government and its agencies are actually doing -- to a reasonable degree, as it were -- we cannot exercise oversight and we cease to be a democracy (in the form of a republic, or otherwise).
MIT and Carmen Ortiz share responsibility for the death of Aaron Schwartz. Threatening the guy with life in prison for downloading academic journals? It's absurd. Never forgive either, let it haunt them wherever they go.
Come on...what they did was shitty, but Aaron killed himself because he was depressed and suffered frequently from suicidal ideation, literally for years before he even stepped foot into MIT.
He killed himself because he was threatened with life in prison. He may have been particularly vulnerable to these threats, but that only makes them worse. If they had just called him mean names, maybe you'd have a point.
Did Swartz tell you that this was why he killed himself?
Or are you just spitting on his grave by suggesting that he was too dumb to understand what sentence he was realistically facing? Swartz had good legal representation, he definitely knew he wasn't in serious trouble.
Clearly this guy had been depressed for a long time, he had already posted a suicide note on his blog long before the whole JSTOR thing.
I think he killed himself immediately after a traumatizing course of events, and people are jumping through hoops to make sure nobody gets blamed. People are really uncomfortable with the idea of being responsible for the world around them to any extent, and just one of the coping mechanisms for this is blunt literalism, "he wasn't threatened with life in prison, only 14 felony convictions and maybe a few years at most!"
No, he killed himself because he was depressed and had suicidal thoughts.
> Swartz declined a plea bargain under which he would have served six months in federal prison. Two days after the prosecution rejected a counter-offer by Swartz, he was found dead in his Brooklyn apartment, where he had hanged himself.[15][16]
So, he was facing potentially 6 months in prison. He rejected that, and then killed himself.
What do you mean this information is not so reliable? Just because someone mis-attributed true information on wikipedia has no bearing on the truthiness of the matter. And the information about the rejected plea deal is directly from Aaron's lawyer.
(using a different account because I've apparently posted too much for HN)
From the article:
> "Swartz’s lead defense attorney, Elliot Peters, said today that both he and Swartz rejected the plea deal offered by the office of US Attorney Carmen Ortiz, and instead were pushing for a trial where federal prosecutors would have been forced to publicly justify their pursuit of Swartz."
There are multiple interviews where Elliot Peters makes the same claim.
I really have no idea what you're complaining about, or what you expect. Do you need a recorded video of Elliot Peters saying these things about the plea, and then displaying his drivers license and stating his social security number? The way the reporting was done in my original link is completely standard.
Its such a shame that he took that ultimate step. He seemed very savvy legally so its odd that he would commit to taking his own life before even being convicted. He wasn't completely backed into a corner, he had options. That alone makes me think the depression and suicidal ideation existed previously.
It doesn't matter. You can't blame anybody for not being Steel like Shkreli. The aggressions of the justice system were wildly disproportionate and unjustified, and the aggressors are responsible for the consequences of their duress.
I think his response was more disproportionate than the "aggression" they directed at him. Killing yourself over 6 months in federal prison? Not wanting people to get subpoenaed?
I'm not defending the government (since controlled buys are entrapment in my book and should be illegal) with Popcorn but there's a pretty big difference here.
Aaron Swartz = a very questionable "breaking and entering" charge and some computer "crimes". Otherwise, publicly, an extremely upstanding member of society.
Popcorn Sutton = very very very openly an illegal distiller, and seller, of untested/unreglated alcohol that he self-documented via video and distributed the video as well as a self-published manual. Had multiple arrests and convictions over the years for the alcohol production, drug charges, assault with a deadly weapon. He was then arrested for trying to sell to an undercover officer while illegally possessing a firearm as a convicted felon. Popcorn illegally distilled alcohol for at LEAST 35 years.
Popcorn? Popcorn sold potentially dangerous alcohol, drugs, almost certainly was guilty of tax evasion spanning multiple decades, was convicted of assault with a deadly weapon.
Bootleggers aren't 'innocent'. They're extremely territorial up to the point of property destruction and even murder. They evade alcohol taxation, they often don't report the income from their sales (because, well, duh they don't want more attention). In some instances they are often involved in narcotic/meth/marijuana/heroin trafficking, sometimes have gang affiliations, have murdered law enforcement officers, etc.
Popcorn was convicted, and served time, for some of those offenses decades before his last arrest and continued to carry on with his illegal activity. If you think selling potentially toxic alcohol, tax evasion, drug dealing and violent assault are absolutely 'wrong'. Those are the things we KNOW he did.
His last arrest, in my opinion the alcohol charge should have been dropped as entrapment, but he was a felon in possession of a firearm which is a crime (and a sensible one, given his prior conviction of assault with a deadly weapon) and he should have been fully on the hook for that.
It's unfortunate he felt the need to take his life but his case is in no way similar to that of Aaron Swartz. Aaron made a bad decision and did a largely digital crime, Popcorn was overtly a career criminal.
As long as you ignest methanol with enough ethanol mixed in, it's not lethal. You would have to separately capture the small amount of stuff coming out before the "heads" to make deadly methanol. Soundslike this could happen only if you make an industrial quantity batch, and are completely reckless about the basics.
>>Popcorn? Popcorn sold potentially dangerous alcohol, drugs, almost certainly was guilty of tax evasion spanning multiple decades, was convicted of assault with a deadly weapon.
Bootleggers aren't 'innocent'.
Replace with marijuana and you get the same. Declare taxes on cocaine sales? People know what they want, moonshine, and he provided it. Do I think everyone should mix stuff on their bathtub or garage and sell it to people? Nope, but people that buy moonshine know what they want and he had his own brand /customers. So, while illegal no harm comes from them to the average person. (A CEO uses a legal, but paid for via lobbying, loophole to save 1000x more in taxes than all moonshiners steal combined)
When's the last time you've heard of a burnout pot-dealer murdering people, murdering police, modifying their cars to outrun police to the point of actually spawning a sport (nascar).
When's the last time you heard that marijuana made someone blind or destroyed their liver and kidneys by containing methanol and lead?
this is, in my opinion, a dishonest argument. Obviously a burnout pot-dealer isn't out murdering people, but guerrilla growers growing on land that is not theirs are definitely just as territorial as moonshiners doing the same. There's a difference between drug producers and Steve who lives down the street and usually has an ounce or two to spare.
Sure, moonshiners are sometimes direct to customer, but some will have distributors because you can throw tens, or even a hundred or more gallons in the bed of a truck or a van. Simply getting enough materials to manufacture large quantities is a great way to 'get got', buying sugar in sufficient quantities will get state BATF called. You have to obtain large amounts (for a private individual) of grain and sugar (which usually means paying people to set some aside for you and buying their discretion, or having customers go buy in smaller quantities for you for pay or for a discount on their liquor), transport it to a storage area, transport it and horded containers to an often remote location to cook and distill where the scent can travel for many many miles and the heat signature is readily visible from piloted aircraft and UAVs, fill containers, transport containers to one or more caches, then actually deliver to customers or sellers. This is comparable to a 'guerilla grower' however the risk to reward ratio is considerably less than a grow-operation. Then of course you're selling something of unknown purity, that may contain lead or methanol which can do damage within hours of consumption and over relatively short periods can cause irreversible damage or death.
For grow operations that are outside, you mostly need to go set up some trail cams, plant your crop, watch it (and be willing to protect it with lethal force), and transport it at harvest. Sure, you can then carry more in value out on a single person than a moonshiner might make from an entire run. Moonshine has to be competitive with state or retail sold alcohol so 20-30$ a quart for 150-190 proof. Sure a grow operation is making a lot more money even at wholesale pricing, a quick google search shows 18.5g of 'average mid weed' is a cup of volume so 74g of week is roughly the same volume of a quart jar, even if you assume half that due to moisture volume, someone could easily walk out of the woods with 5kg of weed in a 65 liter hiking backpack which is far more than your average dealer is going to be moving in a reasonable amount of time.
Yes, a 'guerrilla grower' is an order of magnitude higher on the threat list than most moonshiners BUT a moonshiner is an order of magnitude higher than your buddy from high school that sold a little weed to fund his habit, or had a few plants growing in his closet and sells almost exclusively to people he's known for years and is likely buying from a single individual or has a couple of grow tents in his walk-in closet.
I absolutely blame the prosecutors, but I'd want to include the university in this. Aaron's motives (from my outside perspective) were to make information freely available. It's frustrating that the university is happy to partner with organizations that restrict research papers like this. It's not in the spirit of scholarly work, in my opinion.. I don't know what the university could have done different.
Why does no one have the perspective that Aaron knew he was literally stealing, according to the law, and that subverting the law, even if non ideal, was HIS choice, and therefore the overly dramatic legal threats were invited by HIS actions. It's his fault, and he didn't own up to it, even though he meant well.
This is a contested and unsettled legal question. It is not an established fact that what Aaron did would constitute stealing, due to the nuances of this particular situation.
> and that subverting the law, even if non ideal, was HIS choice, and therefore the overly dramatic legal threats were invited by HIS actions
Even if you ignore the fact that MIT has a long, established student culture of civil disobedience and circumventing the law, the level of prosecution was completely disproportionate to what he actually did.
"the generic term for all crimes in which a person intentionally and fraudulently takes personal property of another without permission or consent and with the intent to convert it to the taker's use (including potential sale)..." (see the link above for more)
"1) any article, object, asset or property which one owns, occupies, holds or has under control. 2) the act of owning, occupying, holding or having under control an article, object, asset or property." (again - more is available at the link)
Ok - so data can't be occupied, so we can drop that. Holding something implies that something is now in someone's hands and not in another's; data doesn't really work that way either. So - can you "own" or "control" data?
I'm not going further down this rabbit hole, but it seems to me that we have carved out this special exemption for data - or more generally IP - that isn't applied to physical objects. Which is to say that if you make a copy of data that isn't "your's" (whatever that means in a legal sense), that you have now, in some manner, committed theft. You have somehow stolen something from someone else - even though they still have theirs!
Imagine a physical item, and imagine you had a way to copy it. Maybe a wood table, and you are an expert woodworker. You see it, you take some measurements first, plus some photos, maybe a 3D scan? Or you used photogrammetry from the pictures to gain the 3D data. Whatever. Then you go home and make the copy in your workshop. You make an "exact" copy of that table, and the owner (the guy who originally made it - maybe he was selling it, too) learns about it.
Have you just stolen from him? Have you committed theft?
In the real world, if you tried to bring such charges, you might be laughed out of court (unless he had a patent on it, and you were trying to sell that copy - because patent law allows one to make such copies in order to make improvements, but those copies can't be sold or manufactured in quantity).
But when it comes to data - all of a sudden, it's different. With data, the deprivation (even if you are just keeping it for yourself, with no intention of passing it on to someone else!) is considered to be "a loss of sales revenue".
So why not in that case of that table? Or any other potentially manufactured artifact?
The "slippery slope" argument might be the idea that in the future, that yes, if you happen to make an exact copy of a manufactured article (whether manufactured as a singular item or by the millions, whether done by hand or by machines), and regardless of whether you intend to sell it or keep it for your own use - that if caught, you will be deemed as having committed theft; as having stolen something.
I mean - why not? That's what we do with data, so why not physical items?
The next step is, of course, to just define stealing or theft as being the deprivation of sales revenue...but that would be crazy, right?
As crazy as thinking that one could define stealing and theft as being something you do where you don't deprive the original owner of anything...?
>And even that accusation seriously stretched credulity.
How did that accusation seriously stretch credulity? The technical means may have been simple, but it's unquestionable that he did so intending to circumvent access controls.
They shouldn't have threatened him to the extent they did, I definitely concede, and I wish he didn't feel so pressured to commit suicide - but I'm not convinced he was the perfect person everyone seems to claim.
I think the punishment should fit the crime. If he photocopied every book in the library, how much time do you think he'd face?
Let's say you can prove intent to distribute; I still don't think it's worth any jail time. It's theoretically harmful at best, minor harm to anyone at worst. It's not like a large specific harm (say, stealing someone's car, which has a definite negative impact on them). It's more like... taking all the shrimp at the buffet.
Plus our copyright law is completely fucked anyway and encourages anti competitive behavior (the exact opposite of its intent). On top of that, there's a good bet that 99.99% of the papers involved were the results of taxpayer-funded research.
I don't think he's a saint, but I do think he got a bullshit deal by an overzealous, madwoman prosecutor and university - both of whom rely on federal funding. And everything that was "stolen" was also created with federal funding.
I've willingly broken laws in the past believing they were fully unjust, should I have been driven to suicide as well for that time I pirated a song in eighth grade?
Swartz was not in eighth grade. He was 26 years old. You would not have been tried the same as him. You seem to have pirated a single song, whereas Swartz downloaded over a million articles.
But really, all of those differences don't really matter. The most important difference is: Would you kill yourself instead of going to jail for just 6 months? Maybe you would. I don't know for certain. But if the US's booming prison industry tells me anything, it's that you (like most people) probably wouldn't kill yourself instead of taking a 6 month sentence.
> Aaron knew he was literally stealing, according to the law.
I am sorry to be "that guy", but sometimes laws are unfair.
Extreme counter-example: SS officials in nazi Germany were acting according to the then-in-place laws. That does not mean they can thus be exempted from any consequences.
> In short, Aaron Swartz was not the super hacker breathlessly described in the Government’s indictment and forensic reports, and his actions did not pose a real danger to JSTOR, MIT or the public. He was an intelligent young man who found a loophole that would allow him to download a lot of documents quickly. This loophole was created intentionally by MIT and JSTOR, and was codified contractually in the piles of paperwork turned over during discovery.
> If I had taken the stand as planned and had been asked by the prosecutor whether Aaron’s actions were “wrong”, I would probably have replied that what Aaron did would better be described as “inconsiderate”. In the same way it is inconsiderate to write a check at the supermarket while a dozen people queue up behind you or to check out every book at the library needed for a History 101 paper. It is inconsiderate to download lots of files on shared wifi or to spider Wikipedia too quickly, but none of these actions should lead to a young person being hounded for years and haunted by the possibility of a 35 year sentence.
But that's a load of nonsense and I don't think it diminishes Aaron's memory to say so.
He wilfully, deliberately and with substantial premeditation broke the law. Having pretty much stated publicly he was going to and been caught and let off for a similar crime previously. He was bang to rights guilty.
However, he was then persecuted mercilessly and threatened with a sentence way out of proportion to the crime. He was hounded to his death for political brownie points and that's unforgivable.
But to suggest he was just a naughty schoolboy is inaccurate and unhelpful.
> That does not mean they automatically deserved what they got
Indeed, and I said the same about Aaron.
Snowden's a different case as he didn't break the law to show up the law.
But it's critical to history that Rosa Parks broke the law. If she had just annoyed a racist bus driver then there's no shining a light on the system. And crucially, that's what Aaron was attempting to do too.
>Can you quote the bits you consider "a load of nonsense"?
The article attempts to defend Swartz by essentially claiming that what he did was unimpressive... So what? Same goes for SQL injection. In fact, most crimes are quite unimpressive.
It's indisputable that both JSTOR and MIT actively tried to block Swartz, and that he actively circumvented those blocks.
The article also makes the completely bullshit claim that Swartz could've realistically received a 35 year sentence.
I'm not sure I understand. It reads like you're blaming a suicide victim for dying before he received a verdict instead of the people who put him in that position, but I'd rather not assume your intention.
Not a defense for his actions, but meant as a way to illustrate how disproportionate the response was for what he actually did. I'm working off memory here, so maybe I'm wrong, but from what he was really be pursued for should have been a civil matter at worst.
In the case of _pranks at MIT_, which has a rich history of outrageous pranks, I'd hoped it would have affected their reaction to it, much as one would hope that students wouldn't get arrested for breaking an entering if they did it to assemble a Volkswagen in someone's office.
Crucial to note is that Aaron _wasn't_ an MIT student. Most of those "pranks" were students. Aaron was trespassing, though MIT decided they did not want him to be prosecuted.
Horrible position to take. He was bullied and bullies deserve to be punished.
Recent suicide of 9 year old because bullying had sparked debate in our office. And most agreed her bullies and parents of bullies should be charged criminally.
He was threatened with prison and then he killed himself. I doubt it was the only factor, but you'll need some sort of compelling evidence to argue that it wasn't the main factor.
And you keep saying he couldn't have hanged himself over these charges. Given that he was threatened with prison time, and shortly after hanged himself, what's your counter-theory? He was murdered by the CIA? He was totally fine with the changes, but he just got real sad all of a sudden? There is no reasonable circumstance where this wasn't the major factor in his suicide.
My numbers aren’t wrong. They’re the plea deals he was offered. Two deals, 4 months in prison or 6 months and opportunity to argue for a lower sentence in front of the judge.
You’re the one giving incorrect numbers, he couldn’t possibly have been sentenced to 50 years.
According to his attorneys, the prosecutors believed that the most they could achieve at trial would have been 7 years. A very different number from 50 years.
I suggest you look into the case a little before making statements like this. Techdirt may not be the best source either.
He'd already rejected the plea bargain. He was going to stand trial at that point.
> According to his attorneys, the prosecutors believed that the most they could achieve at trial would have been 7 years. A very different number from 50 years.
And a lot more than 6 months.
You still haven't answered my question. If he didn't kill himself because he feared prison, then what happened?
> Elliot Peters, Swartz's attorney, told The Associated Press on Sunday that the case "was horribly overblown" because JSTOR itself believed that Swartz had "the right" to download from the site. Swartz was not formally affiliated with MIT, but was a fellow at nearby Harvard University. MIT maintains an open campus and open computer network, Peters said. He said that made Swartz's accessing the network legal.
I should have used more accurate language. I think my intended statement is clear now.
If an organization murders someone, who serves the punishment? You can't put an organization in prison, though you could shut it down for a period of years. Or you assign guilt to specific people and put them in prison.
We've got to get better at "piercing the corporate veil."
There's somewhat of a breakdown between responsibility and criminal liability, and you've jumped from one to the other. The original comment was talking about responsibility, and in this sense, an organisation's internal practices, accepted behaviours etc. all share significantly in the responsibility. Often responsibility really is impersonal. On the other hand, the substance of your comment points to the fact that criminal law is served on an individual basis, and perhaps that's a good thing.
It is, however, ignorant at best if we stop discussion completely at the point where an individual is put in prison for something they did on behalf of the organisation, or due to organisation policy etc. since part of the justice system is deterrence, the organisation itself should be factored into that calculation.
Various mafias are also organisations, but that's a much easier case than this - shut down a mafia by taking the heads of the organisation. That works because it's not "just business". But in the case of MIT I have a strong feeling that if there is such a systemic issue as other commenters are hinting towards, it won't be so easy to be rid of it by putting the person in top position in prison. Such a person is the appearance, not the essence.
One “great” thing about Trump taking office has been all of the sunlight on the FBI/DOJ abuses. We already knew these surveillance systems would be abused, and now we have many evidences of smoking guns. Unfortunately right now the only places picking them up are conservative researchers. Don’t ask me why.
This quote is a verifiable fact and should frighten everyone:
> We know from Collyers report the FISA-702(16)(17) process was extraordinarily abused by verified “contractors” who had access to the FBI/NSA database. The rate of abuse was 85%. Meaning 85 out of every 100 FISA702 database searches were unauthorized and outside of compliance.[1]
It gets worse. The data was used/sold for political purposes by opposition researchers.
The whole thing stinks and it’s not a partisan issue. Anyone that cares about this stuff should be rallying around this news and demanding more information. Parties aside, this is serious.
100% agreed. i don't think anyone should ignore it by any means. it's just that the FBI/NSA/etc seem to just keep doing it, which is why it shouldn't come as a surprise, they've been caught many times doing questionable data gathering.
Remember this article the next time the FBI argues for "more data access".
The FBI is already allowed to eat the fruit of the poisonous tree on a daily basis thanks to its expansive surveillance powers, and the vast majority of judges are clueless about it.
Obama's executive order days before he left office along with the recent renewal (and expansion) of FISA 702 now also allows all 17 enforcement agencies (including DEA, IRS, SEC, etc) to have the same type of access without a warrant.
Who knows how many decades will pass until all of this will be properly challenged at the Supreme Court. It's why I've argued here in the past about US' necessity to create a "Constitutional Court" that wouldn't allow blatantly unconstitutional laws to become laws after Congress and the president pass them in their effort to gain more power and control over the population.
And what makes you think that the checks and balances you have now are "the right amount"? Does it feel that way to you right now or in the past few decades?
TL;DR: not so much "data on Aaron Swartz" as "metadata on Swartz's email correspondence, as part of an unrelated investigation". The amount of email addresses about which 'metadata' was collected was obviously quite large, so it would be a mistake to read anything of significance into the fact that Swartz's email was involved.
That's par for the course for the sort of investigation we're talking about, though. It's not a 'fishing expedition', it's just a practice that's narrowly tailored to try and figure out the structure of highly dangerous crime cells and networks, as well as the possible perpetrators involved. There's a bit of a scare about 'metadata' collection lately, but as a tool it does have its narrow uses.
Do you have any basis for your claims of "narrowly tailored" or are you just making up facts?
If it were narrowly tailored, the FBI wouldn't be able to access the information when conducting an investigation that would not have otherwise been able to obtain that information without a court order.
Additionally your attempt to justify why this is OK is also wrong, NSLs are not supposed to be used to investigate organized crime, but to investigate and prevent terrorist attacks.
A case ostensibly linked to “Al Qaeda” allowed the FBI claim they had a basis to request a massive dump of email metadata from the University of Pittsburg IT department. We don’t know exactly how much data was collected, just that Aaron’s email happens to be on Page 27 of an Appendix.
All this metadata is stored indefinitely and is accessible in the course of any unrelated investigation.
The legal standard the FBI has to meet to be able to NSL this information from a target is described as “a hunch”.