Alex Stamos' piece describing the defense he would have given for Aaron Swartz at trial is being widely linked by all the copyleftists and coders mourning the suicide of Aaron Swartz and attempting to turn him into an "Internet freedom" cult hero.
I really hate it when people pretend that they are not really supporting hackers and that they are in fact "white hats" and working for Internet security -- when in fact they claim the "black hats" aren't doing wrong and thereby deliberately and falsely minimize the real damages of hacking. It undermines the truth.
And I really hate it even more when they pull this "knowier than thou" bullshit invoking their supposed superior technical knowledge in a case and imply they have a withering put-down to anyone doubting the received wisdom -- when in fact they manifestly do not have that at all.
If Alex Stamos was an expert witness on this case, we have to ask the question whether he knew there was a 6-month plea in the works, and if so, why he was purveying the falsehood and spreading the Internet hysteria about the "30 years" or "50 years". Shame on him, he knew better -- even if he wasn't in the loop.
Sure, technically the prosecutor included this statement in his press release originally: "“If convicted on these charges, SWARTZ faces up to 35 years in prison,
to be followed by three years of supervised release, restitution,
forfeiture and a fine of up to $1 million.” But that is a mere formality and everyone knows that an indictment is not a sentence and the defense in this case was extremely vigorous. As a commenter pointed out -- something anyone following any legal case ever, even only on television could say, "your inability to distinguish between the maximum for an offense and the
likely sentence he’d have received IF found guilty is a little galling
when you call yourself an expert witness — someone who’s allegedly done
this frequently". Amen!
It's truly an outrage, knowing of the Guerilla Manifesto, all of Swartz's past speeches and writings, to pretend that this heinous act is merely an "inconsiderate" deed like holding up the library checkout line with checking out "too many books".
That's arrant bullshit. Aaron Swartz made a guerilla -- terrorist -- attack on the servers of MIT to make a point. This is what is known in the business as "the propaganda of the deed". He deliberately, methodically, powerfully made this point by circumventing the system's intended use and downloading *4 million files*.
That's not "inconsiderate". That's not just "trespassing". That's a crime. That's wrong. Stamos deliberately and propagandistically avoids mentioning that HUGE number of files because he knows the number itself undermines his fake tap-dance.
To look through the self-serving geek keyhole on this case and consider only the temporary delay for users in the system cause is to completely overlook Swartz's obvious, self-stated intent (and intent at least since 2008 and his Guerilla Manifesto).
It also overlooks the very nature of the deed itself that Swartz wanted done in order to accomplish his purpose.
Have the decency to respect at least the anarchic views and acts of this self-proclaimed Internet freedom fighter, and don't try to dumb him down into somebody who forgot to stamp out his library book and put it into his backpack carelessly. Please. Have the decency to do that, you asshole!
Invoking Lessig on prosecutorial discretion?! What the fuck! How about invoking Lessig on professorial discretion and not sending young people to their doom, letting them live out your youthful fantasies of anarchy while you hide behind your Harvard privileges?!
Let's refute each and every one of these points from Alex Stamos
o It doesn't matter if MIT's network is open; perhaps that's even the reason it was chosen as the victim, the way with WikiLeaks, Julian Assange chose the most liberal, democratic open society in the world, under the most liberal and "progressive" president it had likely ever known in history -- to make the point, to demonstrate that smash. Just because a network is open doesn't mean you get to circumvent its intended use. By this logic, the victim in the Steubenville rape case now being hysterically pumped by Anonymous to distract from Assange's rape charges and their own criminality "deserved it" because she was drunk. See what I mean? Your logic stinks.
o If MIT failed to put "controls" up to prevent *the downloading of 4 million fucking files, you moron* then...gosh...so what? That doesn't make it right
o Did you read the indictment? It doesn't matter if JSTOR's website allowed "unlimited downloads" by anybody on MIT's network. If that were true, and the system really "allowed" this, then Aaron could have just kept clicking.
But he didn't. He used hacking software -- scripts he wrote -- called "keepgrabbing.py". Keep grabbing! Why would he need a device to "keep grabbing" if in fact there were "unlimited downloads available"! Obviously because -- despite there being no CAPTCHAs -- he didn't want to sit there for hours -- days -- and get that huge, fat motherlode of files -- 4 million! -- THAT way, but wanted to acclerated it. SO HE HACKED THE SYSTEM. Hacking is coercive; hacking is wrong; hacking is using the system not as it was intended, in circumvention of its established norms, be they code or law.
o Of course using a system not as intended is hacking. This perennial desire to whitewash the word "hacking" and make it seem like computer fraud and tampering isn't hacking is absurd. His python scripts weren't just "discovering" and "requesting" them, they were KEEP GRABBING THEM. Keep grabbing, even if it doesn't involve "breaking a CAPTCHA" is exactly what it says on the can: A BIG GRAB. That Stamos slyly leaves out the name of this script is very, very telling -- you know that naming it, the way the indictment does, weakens his case, eh?
No, KEEP GRABBING is not "right clicking and choosing save as". Because "right clicking and choosing save as" is when you are using the system legitimately and normally. It's when you are really researching a topic and using a system as it was intended, and downloading small quantities -- or if large quantities -- taking them over time as you review the material.
That's not what KEEP GRABBING was all about: it was deliberately assaulting the system and making a huge grab *to make a point*; to have the anarchic "propaganda of the deed".
o I have to gasp at the breathtaking ballsiness of Stamos' saying "Aaron did nothing to cover his tracks or hide his activity" when he in fact a) broke into the cabinet b) made a fake account to download the material c) covered up his face with a bicycle helmut. Do you think we're stupid?! How can he *lie* so baldly! it doesn't matter if he "left a verbose .bash_history". The fact is, *he made a fake account*. If he was using the system normally and properly, he would have logged in with his name and university credentials, full stop. But he wasn't doing that; he was making an anarchist attack on the system as part of an ideological crusade that required the method of coercion and violence -- violence in overriding a system and forcing people to work long hours to recover its functioning.
o The government's indictment talks of the $5,000 damage required by MIT to fix their system; it talks about the down time and the paralyzing of the system and the denial of service -- essentially -- to users. Of course it shows negative effect. We don't have the word of MIT's actual system operator that turning off JSTOR access was "silly"; we also have nothing to show that this "Ghost" that was the fake account Swartz made was "a pretty easily identified user agent". That is Stamos' conjecture -- and it's clearly unfounded.
In short, Aaron Swartz *was* a super hacker: he stole 4 million documents to make a point by breaking and entering and using false credentials, and scripts to circumvent the system's normal use. He did this in service of a destructive anarchist ideology.
Prosecutors -- even zealous prosecutors as these are made out to be (although they, um, let him go before trial and offered him...um...six months) aren't in the business of prosecuting ideology, or belief systems like anarchy and copyleftism. In fact, they want to make a good case, they would actually stay away from making statements regarding the "heroic beliefs" of the defendant and making him into some sort of victim/hero. They never, in the history of this case, ever said anything about the nature of hacking nor did they publicly threaten him with any 50 years; this is all pure speculation by the hysterical tech media.
Yet when the hacking is of a very large scale like this to "liberate" an entire system and render it non-functional -- it is no longer a walled garden, and no longer has a paid content wall -- the law has to be upheld. The entire reason you prosecute crime is not merely to "stick it" to one person out of spleen (as the geeks seem to imagine); it is rather to cure a situation of harm -- this is a harmed system -- and make it whole by deterring further harm. It doesn't matter if Aaron Swartz wasn't going to sell the files -- nobody accuses him of this because they know he was a selfless, crusading ideologue. What matters is that he destroyed the sense of the system by stealing its commodifiable content and decoupling it from that capacity and putting it into his own alternative "liberated" system.
Oh, only "Inconsiderate" to "download files too quickly"? Sheer, unadulterated bullshit. It was a plan to make a huge attack on The Man and The System and change the nature of education and knowledge. It was a terrorist attack for the sake of a "better world".
But he was going to give them away, had an ideology consistent with that notion of "liberating" and "spreading" information this way, and he had acted on it in the past despite the criminality involved and acted on it with intent in this case. Trying to minimize his propagandistic ideological motivations and his "propagagnda of the deed" doesn't minimize the real serious crime he committed, and it doesn't do service to his cause, if you support it. But then, that's not what Stamos' cunning devilry here is all about. Stamos' purpose is to take a star turn and slyly support the copyleftist cause while pretending to be a "security professional".
Bullshit, from start to finish, and a discredit to his profession.
So much more honest is one of Swartz's fellow believers, who gets it not only about Swartz's cause, but how that cause has to work if it is sincere -- and yet never does with these hipsters who won't take accountability for their actions:
Joe Citizen says:
Thanks for posting this. It make it rather clear that Aaron intended to distribute the files freely – i.e. to go through with the crime.
It also makes clear that he saw this as civil disobedience. The most important factor in civil disobedience – that which gives the practice its moral force – is that one breaks an unjust law and willingly accepts the punishment demanded by the laws. That is the whole point – you take the suffering of the punishment upon yourself and then confront the society at large with the question – ” do all of you really believe that I deserve this”?
It makes no sense whatsoever to commit the crime and then to try to avoid the punishment. That is not civil disobedience. That is just common criminality.
Don’t get me wrong here please. I am not saying his suicide was an attempt to avoid punishment. I don’t know enough about the man to say that. But all his friends who are turning on the prosecutor are doing great disservice to Aaron if in fact he committed this crime as an act of civil disobedience. The prosecutor was simply playing his assigned role in the matter. In fact, if he did not prosecute, then there would be no real civil disobedience, and no opportunity to make the case to the society at large that the laws needed to be changed.