Alex Stamos' piece describing the defense he would have given for Aaron Swartz at trial is being widely linked by all the copyleftists and coders mourning the suicide of Aaron Swartz and attempting to turn him into an "Internet freedom" cult hero.
I really hate it when people pretend that they are not really supporting hackers and that they are in fact "white hats" and working for Internet security -- when in fact they claim the "black hats" aren't doing wrong and thereby deliberately and falsely minimize the real damages of hacking. It undermines the truth.
And I really hate it even more when they pull this "knowier than thou" bullshit invoking their supposed superior technical knowledge in a case and imply they have a withering put-down to anyone doubting the received wisdom -- when in fact they manifestly do not have that at all.
If Alex Stamos was an expert witness on this case, we have to ask the question whether he knew there was a 6-month plea in the works, and if so, why he was purveying the falsehood and spreading the Internet hysteria about the "30 years" or "50 years". Shame on him, he knew better -- even if he wasn't in the loop.
Sure, technically the prosecutor included this statement in his press release originally: "“If convicted on these charges, SWARTZ faces up to 35 years in prison,
to be followed by three years of supervised release, restitution,
forfeiture and a fine of up to $1 million.” But that is a mere formality and everyone knows that an indictment is not a sentence and the defense in this case was extremely vigorous. As a commenter pointed out -- something anyone following any legal case ever, even only on television could say, "your inability to distinguish between the maximum for an offense and the
likely sentence he’d have received IF found guilty is a little galling
when you call yourself an expert witness — someone who’s allegedly done
this frequently". Amen!
It's truly an outrage, knowing of the Guerilla Manifesto, all of Swartz's past speeches and writings, to pretend that this heinous act is merely an "inconsiderate" deed like holding up the library checkout line with checking out "too many books".
That's arrant bullshit. Aaron Swartz made a guerilla -- terrorist -- attack on the servers of MIT to make a point. This is what is known in the business as "the propaganda of the deed". He deliberately, methodically, powerfully made this point by circumventing the system's intended use and downloading *4 million files*.
That's not "inconsiderate". That's not just "trespassing". That's a crime. That's wrong. Stamos deliberately and propagandistically avoids mentioning that HUGE number of files because he knows the number itself undermines his fake tap-dance.
To look through the self-serving geek keyhole on this case and consider only the temporary delay for users in the system cause is to completely overlook Swartz's obvious, self-stated intent (and intent at least since 2008 and his Guerilla Manifesto).
It also overlooks the very nature of the deed itself that Swartz wanted done in order to accomplish his purpose.
Have the decency to respect at least the anarchic views and acts of this self-proclaimed Internet freedom fighter, and don't try to dumb him down into somebody who forgot to stamp out his library book and put it into his backpack carelessly. Please. Have the decency to do that, you asshole!
Invoking Lessig on prosecutorial discretion?! What the fuck! How about invoking Lessig on professorial discretion and not sending young people to their doom, letting them live out your youthful fantasies of anarchy while you hide behind your Harvard privileges?!
Let's refute each and every one of these points from Alex Stamos
o It doesn't matter if MIT's network is open; perhaps that's even the reason it was chosen as the victim, the way with WikiLeaks, Julian Assange chose the most liberal, democratic open society in the world, under the most liberal and "progressive" president it had likely ever known in history -- to make the point, to demonstrate that smash. Just because a network is open doesn't mean you get to circumvent its intended use. By this logic, the victim in the Steubenville rape case now being hysterically pumped by Anonymous to distract from Assange's rape charges and their own criminality "deserved it" because she was drunk. See what I mean? Your logic stinks.
o If MIT failed to put "controls" up to prevent *the downloading of 4 million fucking files, you moron* then...gosh...so what? That doesn't make it right
o Did you read the indictment? It doesn't matter if JSTOR's website allowed "unlimited downloads" by anybody on MIT's network. If that were true, and the system really "allowed" this, then Aaron could have just kept clicking.
But he didn't. He used hacking software -- scripts he wrote -- called "keepgrabbing.py". Keep grabbing! Why would he need a device to "keep grabbing" if in fact there were "unlimited downloads available"! Obviously because -- despite there being no CAPTCHAs -- he didn't want to sit there for hours -- days -- and get that huge, fat motherlode of files -- 4 million! -- THAT way, but wanted to acclerated it. SO HE HACKED THE SYSTEM. Hacking is coercive; hacking is wrong; hacking is using the system not as it was intended, in circumvention of its established norms, be they code or law.
o Of course using a system not as intended is hacking. This perennial desire to whitewash the word "hacking" and make it seem like computer fraud and tampering isn't hacking is absurd. His python scripts weren't just "discovering" and "requesting" them, they were KEEP GRABBING THEM. Keep grabbing, even if it doesn't involve "breaking a CAPTCHA" is exactly what it says on the can: A BIG GRAB. That Stamos slyly leaves out the name of this script is very, very telling -- you know that naming it, the way the indictment does, weakens his case, eh?
No, KEEP GRABBING is not "right clicking and choosing save as". Because "right clicking and choosing save as" is when you are using the system legitimately and normally. It's when you are really researching a topic and using a system as it was intended, and downloading small quantities -- or if large quantities -- taking them over time as you review the material.
That's not what KEEP GRABBING was all about: it was deliberately assaulting the system and making a huge grab *to make a point*; to have the anarchic "propaganda of the deed".
o I have to gasp at the breathtaking ballsiness of Stamos' saying "Aaron did nothing to cover his tracks or hide his activity" when he in fact a) broke into the cabinet b) made a fake account to download the material c) covered up his face with a bicycle helmut. Do you think we're stupid?! How can he *lie* so baldly! it doesn't matter if he "left a verbose .bash_history". The fact is, *he made a fake account*. If he was using the system normally and properly, he would have logged in with his name and university credentials, full stop. But he wasn't doing that; he was making an anarchist attack on the system as part of an ideological crusade that required the method of coercion and violence -- violence in overriding a system and forcing people to work long hours to recover its functioning.
o The government's indictment talks of the $5,000 damage required by MIT to fix their system; it talks about the down time and the paralyzing of the system and the denial of service -- essentially -- to users. Of course it shows negative effect. We don't have the word of MIT's actual system operator that turning off JSTOR access was "silly"; we also have nothing to show that this "Ghost" that was the fake account Swartz made was "a pretty easily identified user agent". That is Stamos' conjecture -- and it's clearly unfounded.
In short, Aaron Swartz *was* a super hacker: he stole 4 million documents to make a point by breaking and entering and using false credentials, and scripts to circumvent the system's normal use. He did this in service of a destructive anarchist ideology.
Prosecutors -- even zealous prosecutors as these are made out to be (although they, um, let him go before trial and offered him...um...six months) aren't in the business of prosecuting ideology, or belief systems like anarchy and copyleftism. In fact, they want to make a good case, they would actually stay away from making statements regarding the "heroic beliefs" of the defendant and making him into some sort of victim/hero. They never, in the history of this case, ever said anything about the nature of hacking nor did they publicly threaten him with any 50 years; this is all pure speculation by the hysterical tech media.
Yet when the hacking is of a very large scale like this to "liberate" an entire system and render it non-functional -- it is no longer a walled garden, and no longer has a paid content wall -- the law has to be upheld. The entire reason you prosecute crime is not merely to "stick it" to one person out of spleen (as the geeks seem to imagine); it is rather to cure a situation of harm -- this is a harmed system -- and make it whole by deterring further harm. It doesn't matter if Aaron Swartz wasn't going to sell the files -- nobody accuses him of this because they know he was a selfless, crusading ideologue. What matters is that he destroyed the sense of the system by stealing its commodifiable content and decoupling it from that capacity and putting it into his own alternative "liberated" system.
Oh, only "Inconsiderate" to "download files too quickly"? Sheer, unadulterated bullshit. It was a plan to make a huge attack on The Man and The System and change the nature of education and knowledge. It was a terrorist attack for the sake of a "better world".
But he was going to give them away, had an ideology consistent with that notion of "liberating" and "spreading" information this way, and he had acted on it in the past despite the criminality involved and acted on it with intent in this case. Trying to minimize his propagandistic ideological motivations and his "propagagnda of the deed" doesn't minimize the real serious crime he committed, and it doesn't do service to his cause, if you support it. But then, that's not what Stamos' cunning devilry here is all about. Stamos' purpose is to take a star turn and slyly support the copyleftist cause while pretending to be a "security professional".
Bullshit, from start to finish, and a discredit to his profession.
So much more honest is one of Swartz's fellow believers, who gets it not only about Swartz's cause, but how that cause has to work if it is sincere -- and yet never does with these hipsters who won't take accountability for their actions:
Joe Citizen says:
Thanks for posting this. It make it rather clear that Aaron intended to distribute the files freely – i.e. to go through with the crime.
It also makes clear that he saw this as civil disobedience. The most important factor in civil disobedience – that which gives the practice its moral force – is that one breaks an unjust law and willingly accepts the punishment demanded by the laws. That is the whole point – you take the suffering of the punishment upon yourself and then confront the society at large with the question – ” do all of you really believe that I deserve this”?
It makes no sense whatsoever to commit the crime and then to try to avoid the punishment. That is not civil disobedience. That is just common criminality.
Don’t get me wrong here please. I am not saying his suicide was an attempt to avoid punishment. I don’t know enough about the man to say that. But all his friends who are turning on the prosecutor are doing great disservice to Aaron if in fact he committed this crime as an act of civil disobedience. The prosecutor was simply playing his assigned role in the matter. In fact, if he did not prosecute, then there would be no real civil disobedience, and no opportunity to make the case to the society at large that the laws needed to be changed.
An excellent challenge to Stamos in this thread also comes from MD.
from the generation that knows ghandi and Lincoln are movies....
me .. im here to be famous too...
anyhow... MIPS
6 months.. and the kid would have had his own TV show...anyhow.
Posted by: c3 | 01/15/2013 at 02:46 AM
Wasn't Stamos going to be called as an expert witness whose expertise is computer stuff?
Why would he be expected to be an expert in lawyer stuff or privy to the defense's entire strategy?
He has an electrical engineering degree from Berkeley, but I can't find any mention of a law degree.
Posted by: unitron | 01/15/2013 at 04:46 AM
I really don't understand the utter love for this Guy. HE was a Criminal A Hacker. HE stole things he was not suppose too.
Guess what downloading Movies Music Books and Journals are illegal if you are not allowed too.
Acedemic Journals are not only online they are Printed in 4 color. The cost of this is high doing that sometime monthly for the load of Journals they produce. So shocking these place ask you to pay a subscription fee. I have to pay for the WallStreet journal. But shouldn't that be free? I mean it has information it.
So he broke the LAW. The Prosecution offered a Deal He said NO.
Sorry He killed him self because he was to much of a coward to face his crime.
Yes he was not a HERO he was a Petty Theif a COWARD if he really believed in a revolution that people are spewing about or social Disorder. He should have faught it. But in the end he turned into an Adam Lantz. A Man with a screwed up mentality of what the world IS and should be.
So tired of reading how he was these Technophillias saviour. Big deal he wrote RSS. My uncle wrote the FTP protical when he was working for the Goverment.
Posted by: Cathiee Mcmillan | 01/15/2013 at 08:27 AM
@unitron -- yes, he was going to be called as an expert witness on the forensics of the hack, but his job as an ideologue was to minimize the hacking damage to try to make it look as if were no big deal.
@Cathiee Of course the idea that everything online should be "liberated" for the entertainment of masses is very widespread. This is not a generation that understands what things cost.
I think he's more of a depressive than a coward, but I still think overall that suicide is a cowardly act. Depression is a real condition but in our day and age, especially with rich parents, treatment, including residential treatment is within reach. Although no one ever discusses it, I wonder if Swartz not only was thrown into despair at the thought of even only six months in jail, which of course isn't trivial if you are a white male of privilege expecting another outcome. But I wonder if the fact that two days before he killed himself, JSTOR's release of 4 million documents also made him feel as if his grand anarchic "propaganda of the deed" was rendered meaningless.
As for him writing RSS -- well, Dave Winer claims he invented RSS although with the surge of sainthood for Swartz he's backed off a little:
http://scripting.com/stories/2010/11/11/didYouInventRss.html
And we already knew that the legend of him "founding Redditt" is a lot less than meets the eye, as the past clippings tell you identifying the real founder of Redditt:
http://www.wired.com/science/discoveries/news/2005/09/68710
Swartz founded another company which was then merged with Redditt, and they reluctantly made him a "co-founder," but then because he didn't show up for work they ended up buying him out. Somewhere buried in the Google results is an article that lays out this story -- every so often in the past years Swartz would be celebrated as "co-founder of Redditt" and the real story would then be re-told.
Posted by: Cathy Fitzpatrick | 01/15/2013 at 11:42 AM
So basically he really didn't create much of anything acept for being a Hacker.
Thank you
You are correct a lot of this younger generation feel the should be given things and everything should be free.
Posted by: Cathiee Mcmillan | 01/15/2013 at 01:05 PM
wow. Joe Citizen really tries his best. I couldnt' bear to read through much of the comment thread on that article before--thank you for picking out an important one. I too have been absolutely befuddled by the "Aaron was exercising civil disobedience" claim attached to "prosecutor should have dropped charges." The whole point of civil disobedience is that you know you may well have to pay the price (a price you disagree with) for your actions. The little bit of plea bargaining that's leaked suggests he was absolutely unwilling to take any time at all, let alone risk going up for anything near the sentencing for which the crime he knowingly committed was clearly indicated before he did it. Again and again, I get that from these folks: "one law for me, another one for you." Have you seen this amazing piece of outrage they've put up as a petition--they should be able to shut down other people's operations (of any indiscriminate sort, & we know they've already targeted law enforcement and other vital services) *and* have it be protected by law! Can you imagine the screaming if the govt started using hacker tools to shut the hackers down?
Posted by: Dgolumbia | 01/15/2013 at 08:12 PM
sorry, forgot the URL:
https://petitions.whitehouse.gov/petition/make-distributed-denial-service-ddos-legal-form-protesting/X3drjwZY
almost 5000 signatures to this outrageous thing...
Posted by: Dgolumbia | 01/15/2013 at 08:13 PM
This is a much more sophisticated and grow-up discussion where Orin Kerr at Volokh Conspiracy concludes that the application of the law was legitimate and not overzealous:
http://www.volokh.com/2013/01/14/aaron-swartz-charges/
He still has a "part 2" coming and he may end up saying there is "overreach" but it doesn't look like. Here's one particularly good one:
mesocyclone Aaron Coats • 4 hours ago
−
If he actually had legitimate access, why did he:
"Use MIT's site where he had no access?
Use spoofed MAC addresses?
Hide his computer in a closet?
The most likely answer is that his legitimate access did not include wholesale downloading of the database. Also, I'm sure it didn't allow free distribution to the world, which was his intent."
There are quite a few comments trying to peddle the "MIT is open and he didn't do anything wrong line" but others who point out that he wasn't part of the MIT community and that community does require an "act responsibly" ethics.
People don't understand what civil disobedience is anymore. They certainly don't learn it from their vaunted mentors like Lessig who never go and march on picket lines anyway.
I had seen that DDOS thing flash by and haven't had a chance to look, thanks for the link. It's appalling. I do not believe a DDOS is legal whatsoever, any more than a sit-in blocking a university entrance would be legal, and people understood it to be so and accepted the arrests.
It's not like a lunch-counter sit-in either -- the people at the lunch-counters didn't block all traffic in the store for the day; they merely sat down and demanded equal treatment. They even bought things in the store to show their good will.
So, so different than these spoiled brats.
I was happy to discover your blog, lots of great stuff there.
The question for me is always why there are so few people with this perspective.
Posted by: Catherine Fitzpatrick | 01/15/2013 at 11:15 PM
Greetings to www.forex.cd - Your trusty prime information of forex online information and reviews.
forex broker http://www.forex.cd/
Posted by: forex broker | 01/23/2013 at 05:46 AM