Oh well, apparently the access of AaronSw was not "unauthorized".
If indeed Aaron’s access was not “unauthorized" — as
Aaron’s team said from the start, and now MIT seems to
acknowledge — then the tragedy of this prosecution has
only increased.
I wonder how this makes the prosecutors look like now.
This point, the one where if Aaron had sat in the library downloading Jstor articles, it would have been "ok" (because it is allowed by the guest policy) was always problematic for me as well.
I don't get this at all. If Swartz had walked into the library and told a librarian, "hi! I'd like to download the entire JStor archive. Where can I plug in?", they obviously would have told him "No". Everyone knows this. Swartz knew this: that's why he did so much to conceal his identity and conceal what he was doing.
Allowed by (then) MIT policy: Enter library, download "some" jstor articles.
There were no explicit limits other than 'we reserve the right to refuse service' sorts of things in their policy. So were he a patient person it would have been ok for him to come in each day, download some, until he had the entire set of all documents, however long that took.
An analogy might be ketchup packets at a fast food restaurant. You are allowed to take a 'few' for your meal, but clearly if you poured the whole box of them into your back pack you would be asked to leave, not because you are "stealing" ketchup, but because they choose to refuse you service based on your abuse of their free ketchup.
So he clearly abused their good will, and by that abuse they had the right to revoke his access. And he was clearly working to avoid automated monitoring and revocation (which is a stand in for the librarian kicking you out) But prior to them revoking his access, his access was authorized.
Like I said, it's a weird thing. If someone comes to your "anyone is invited party" and then starts making an ass of themselves and you ask them to leave, you can't really accuse them of criminal trespass and breaking and entering. But you can sue them in civil court if they damage stuff, and you can call the cops to haul them away if they refuse to leave.
The point though of Lessig's note is, I believe, that this was an egregious use of a poorly written law (CFAA) with a variety of legal problems with its application. Had it gone to court the case law it might have established would have been helpful in avoiding future abuses.
Everyone agrees that if Swartz had asked the library staff to help him download the entire JStore archive, they would have clearly said no. The difference between "some jstor articles" and "the entire archive" is huge and significant. His authorization was never a blanket authorization to do whatever he wanted with the JStor access, in part because MIT could not offer that: they could only offer access under terms that JStor set, and those terms banned whole archive scraping.
The more honest answer is that we'll never know what would've happened because he didn't ask the librarian--trying to make any stronger a claim is assumption.
Lessig mentions the library scenario, but MIT has wireless access as well and allows guests (non-student, non-faculty) to access JSTOR through that. It absolutely does not require going to the library and showing ID as in the scenario Lessig proposes.
So basically he accessed a wiring closet without authorization. The 50 years or so of time the federal attorney wanted to impose was all based on laws concerning unauthorized access to the network, not the closet.
They wanted to impose a few months, not 50 years. To have even a shot at 50 years under the Federal sentencing guidelines, he would have had to have had multiple prior convictions and to have basically been the Al Capone of unauthorized access.
They offered him a plea deal for a few months (6?) if he pleaded guilty. The club they beat him with was the threat to pursue 50 years if he fought the charges.
The prosecutor basically did sell him as an Al Capone of computer hacking; a threat to the nation, Mom, apple pie, and all that is good and right in America.
No, that's not true. We know it's not true because Aaron Swartz's lawyer disclosed the sentence they were threatening him with at trial, and it was nothing resembling that number. You can go look it up yourself. In the meantime, one wonders: since we know the number you stated can't possibly be true, where did it come from? What enabled you to confidently state that Swartz was threatened with a 50 year sentence?
Federal prosecutors later charged him with two counts of wire fraud and 11 violations of the Computer Fraud and Abuse Act,[17] carrying a cumulative maximum penalty of $1 million in fines, 35 years in prison, asset forfeiture, restitution and supervised release.[18]
[Edit]
Background information is also available here. It verifies the number of charges filed but not the total length of the possible prison term involved:
http://video.pbs.org/video/2325573247
No, you are still not even close. What's more, you didn't even respond to my comment; you simply parroted again the press release maximum sentence. Press release maximum sentences bear almost no relationship to reality. Once again: we know what he was actually threatened with. His lawyer disclosed it.
I'm going to let you do your own homework, because I expect that when I show you you're wrong, rather than thanking me for correcting you, you're going to get indignant and find some way to attack both me and the actual correct answer to the question. Maybe if you look it up yourself, that won't happen.
I've given you more than enough detail to go find the right answer.
You can in the meantime take my word for it on two things: (1) that Swartz was threatened with a specific sentence recommendation that was nowhere near 35 years (it was still a very tough sentence totally out of proportion to what he did) and (2) that a DoJ press release maximum sentence bears no resemblance to the sentences CFAA convicts can expect to receive from a judge.
1) The discussion on reasonable sentencing Some have argued that criminal prosecution was inappropriate ... did not mention that MIT, as well as JSTOR, did not want a jail sentence imposed. The recent MIT report states that MIT made this known to the prosecutor. That MIT suffered loss was a major reason given to justify jail time. The writer can be excused for not knowing that, at the time, confidential information but it makes moot his arguement of jail time being reasonable.
2) Pointing fingers at media outlets for exaggerating possible jail time is a non-sequitur when, as stated in the link, prosecutor PR releases purposefully seek the exaggeration.
3) No where in the link is it argued that the prosecution took long jail time off the table. Quite the opposite, they left the possibility there on the edges to bully the defendant into accepting a plea that included jail time. This even when JSTOR and MIT both wanted to avoid it.
4) Generally speaking I found the link was predisposed to favor the prosecutors. I say that because in all cases where Aaron Swartz's actions are discussed there is the assumption that his actions were part of a larger pattern of behavior. To me it smacked of justifying prosecutorial overreach based on "future-crimes". On the other hand it easily accepts overreaching prosecutorial actions as just the way the system works.
5) The link, I thought, worked hard to dismiss outrage over the Swartz case by saying it was misplaced. The outrage, it was argued, should instead be at the system. While it is obvious that it is the laws that must be changed, it is instances like the Swartz case that moves public opinion snd enables change.
That's Orin Kerr's take on what happened, but Kerr is not Swartz's lawyer, who, once again, disclosed what the actual threatened sentence was for Swartz.
And, no matter what DoJ's press releases say, facts are facts; sentences are not as a general rule computed by adding up all the possible maximum sentences of every charge.
