Aaron Swartz making an unauthorized entry into the network wiring closet at MIT in January 2010.
The other day, I did a double take when I saw an email from Taren Stinebrickner-Kauffman, the partner of the late Aaron Swartz -- but it was a campaign mailer set up by the ACLU, which I subscribe to:
Dear Cathy,
On January 11, 2013, facing decades in prison on trumped up charges, my partner, Aaron Swartz, made the tragic choice to take his own life. He was only 26.
Aaron's supposed crime? He was accused of checking out too many articles (4.8 million), too fast, from an online academic library called JTSOR, to which he had authorized access. He never used or distributed the articles and later returned them. For that, he faced 35 years behind bars and endured two years of relentless persecution.
So Stinebrickner-Kauffman and the ACLU -- which should know the law better -- decided to go with the "checking out too many books from the library" theory of the case, which is the notion from the script kiddies, eternal teenager geek lifers and Anonymous anarchists on every single tech blog and forum and discussion site like Redditt.
But if you read the grown-ups on this, an entirely different picture emerges -- one that now Stinebrickner-Kauffman is now busy campaigning busily against to gain sympathy not just for her boyfriend but for the cause.
I can't imagine the grief someone would experience finding their beloved hanging from a window, after just seeing them seemingly upbeat that morning. I can't imagine sitting down and blogging about anything related to it only a few weeks later. That this woman can is part and parcel of her life and role as an anti-corporate "progressive" campaigner whose life with Swartz was a movement love story.
This is now being parsed by the crowd at the Atlantic -- and not always sympathetically.
What I want to gather here now is a series of notes that I think will speak for themselves. Most of them come from the New York Times, Marcy Wheeler's many blogs on this subject at Empty Wheel, and Saul Tannenbaum's article -- and the comments at Empty Wheel.
What's clear from the picture that emerged is that the MIT people didn't look up from their desks and chuckle, "Oh, somebody's taking out too many books from the library again! Kids will be kids! Guess we'll have to reset the servers again LULZ".
Instead, they were worried, thought it was the Chinese hacking them because of how sophisticated and secretive it was -- and then got even more worried when they found physical evidence of break-ins in the networking wiring closet -- a vital component of the university's computer network, not a "broom closet," as some people try to write about it fancifully, not some old forgotten nook because it had "a homeless man's clothing in it," but the network's wiring heart.
That the door was even open at MIT instead of locked spoke to a culture of laxness and liberation -- which is why Swartz apparently chose MIT for his "propaganda of the deed". Saul Tannenbaum writes interestingly of how the IT people have become "more corprate" since he -- a frizzy-haired geek with wire-rim glasses -- left, and people in suits replaced him. He implies that the corporatization of IT at MIT is a precursor for what he sees as an untenable lawsuit -- that MIT now was hand-in-glove with the national security state and corporations and was no longer the hacker paradise of the 1970s and 1980s in its heyday where the very lexicon of hackerdom was codified and the culture of open source was solidified as much as it was in Silicon Valley.
Start with the New York Times, an article little-discussed in the tech press which tended to ignore it as it didn't fit their "library narrative". The article is titled "How MIT Ensnared a Hacker Bucking a Freewheeling-Culture". Remember how I said that we never, ever seemed to hear who the IT guys were and what they thought about all this? Well, they're mentioned and even quoted in this article. They're exactly the people that Prof. Hal Abelson is now talking to and will report back from in "a few weeks" along with other senior MIT officials in the decision-making chain.
But he is unlikely, as a founder of Creative Commons, the copyleftist organization that Swartz ardently supported as well along with his mentor Larry Lessig, to be anywhere near as critical of the Times -- which isn't all that critical either of a liberal East Coast bastion like MIT.
What happened, as NYT says, is that the authorities at MIT -- first the computer guys, and then the senior managements decided "to treat the downloading as a continuing crime to be investigated rather than a security threat that had been stopped" -- like JSTOR. MIT is constantly contrasted unfavourably with JSTOR, but JSTOR was the content hacked, not the servers breached like MIT.
The visitor was clever — switching identifications to avoid being blocked by M.I.T.’s security system — but eventually the university believed it had shut down the intrusion, then spent weeks reassuring furious officials at Jstor that the downloading had been stopped.
“The user was now not using any of the typical methods to access MITnet to avoid all usual methods of being disabled,” concluded Mike Halsall, a senior security analyst at M.I.T., referring to the university’s computer network.
Early on Jan. 4, at 8:08 a.m., according to Mr. Halsall’s detailed internal timeline of the events, a security expert was able to locate that new method of access precisely — the wiring in a network closet in the basement of Building 16, a nondescript rectangular structure full of classrooms and labs that, like many buildings on campus, is kept unlocked.
So Mike Halsall didn't think somebody was just "taking too many books out of the library," because that wasn't what was happening -- and he acted properly and normally for his job position regardless of whether he is viewed by anyone as "corporativized" now.
In the closet, Mr. Halsall wrote, there was a netbook, or small portable computer, “hidden under a box,” connected to an external hard drive that was receiving the downloaded documents.
Two days later, the timeline notes that Aaron Swartz “enters network closet while covering his face with bike helmet, presumably thinking video cameras may be in hallway.” More seriously for the M.I.T. investigation, “once inside and with the door closed, he hurriedly removes his netbook, hard drive and network cable and stows them in his backpack.” He was gone within two minutes, too quickly for the police to catch him.
Mr. Swartz turned over his hard drives with 4.8 million documents, and Jstor declined to pursue the case.
That's a very different picture that emerges from the weeping and self-justifying and indignantly righteous narratives on the Huffington Post, the Verge, Tech Crunch, CNET and hundreds of other incestuously-connected tech sites and blogs.
But it explains that there wasn't any "library" problem but a disturbing problem of physical breaking and entry and secrecy.
There's a lot of chatter about MIT making the decision to prosecute, as if they are sell-outs to that "Man" that Issa said we should "stick it to". But Swartz was a trespasser on their campus and in their system -- he was a Harvard student. Swartz's lawyer's later efforts to try to fight off these charges by referencing various precedents were not accepted by the judge. *The judge*.
Says the Times:
The government has defended M.I.T.’s decision to “collaborate” with the federal investigation and argued there was no need for a warrant because, as a trespasser on M.I.T.’s campus, Mr. Swartz had no reasonable expectation of privacy for his netbook. And M.I.T.’s officials were rightfully concerned, the government argued, by the threat they faced.
“M.I.T. had to identify the hacker and assist with his apprehension in order to prevent further abuse,” the government argued in court.
Empty Wheel has done a thorough analysis of this report and tried to pick it apart.
The NYT references “a security expert” analyzing MIT’s network.
Early on Jan. 4, at 8:08 a.m., according to Mr. Halsall’s detailed internal timeline of the events, a security expert was able to locate that new method of access precisely — the wiring in a network closet in the basement of Building 16, a nondescript rectangular structure full of classrooms and labs that, like many buildings on campus, is kept unlocked.
This is a detail I’ve long wondered about: who was the expert and what tools did she or he use?
And then there’s the thoroughly unsurprising news that Michael Pickett was with MIT’s head cop when they found Aaron on January 6, 2011.
A little after 2 p.m., according to the government, Mr. Swartz was spotted heading down Massachusetts Avenue within a mile of M.I.T. After being questioned by an M.I.T. police officer, he dropped his bike and ran (according to the M.I.T. timeline, he was stopped by an M.I.T. police captain and Mr. Pickett).
Earlier Empty Wheel had talked about "our government's unpatriotic investigation" of Swartz in which it came out that no illegal surveillance was carried out.
There were no interceptions (as the term “intercept” is defined in 18 U.S.C. § 2510(4)) of wire, oral, or electronic communications relating to the charges contained in the indictment, made with the consent of one of the parties to the communication in which the defendant was intercepted or which the government intends to offer as evidence in its case-in-chief.
Yet Empty Wheel asks: "Anyone want to bet they were using some fancy surveillance to find Aaron?"
She suspects they had some GPS locator, or something on his phone, and could trace him as he ran away -- she illustrates her point with a Google map and pushpins. As the courts have ruled that GPS surveillance on vehicles are not allowed, maybe there is something unlawful here, but the dates would have to be checked.
It's also possible in a small college neighbourhood the cops were able to pick out the student with the backpack that they had seen on their video surveillance system.
The Young Turk on Youtube has made much of the fact that during a February 11 house and office the authorities did not tatke the hardware implicated in the crime. He asked whether it was "incompetence" and a fishing expedition where they were there to grab everything else "almost as if they were interested in something else" i.e. WikiLeaks. He wonders if Swartz was a "target for daring to ask about the treatment of Bradley Manning". On a second show, he puts these questions to Swartz's lawyer and doesn't get answers -- the sound seems to go bad right at that moment.
But the fact is, the police already took the laptop involved in the JSTOR hack and turned it over to forensic experts. Empty Wheel goes to great lengths to try to find something nefarious in this, with some thinking it indicates the corrupt core of the corporativized MIT hand-in-glove with the evil security state, but Tannenbaum making the point that they may have simply wanted to get the best experts, and that it was normal for police to call on such experts with whom they worked closely on many kinds of cases.
He asks the question on the CCTV site, Did the Cambridge Police Bring the Federal Government into the Aaron Swartz Case?
That's naturally the nexus of the issue that many of the tech set are complaining bitterly about, because they feel as if MIT has wronged Swartz -- his distraught father says MIT has killed his son -- by not dropping the case when JSTOR dropped it.
Tannenbaum is less emotional, as a former MIT IT guy:
finding that someone has placed a computer in one of your wiring closets, well, that gets outside the realm of network security and moves into physical security. And a prudent network administrator at that point calls the cops because trespassing is someone else’s problem.
He is challenged then by Rayne who uses the classic Anonymous double-talk known to us well from many an SL incident. Why wasn't MIT's security in their closet better? It's their fault:
MIT has a security problem, and it’s not just in its decision-making process or its network security. It’s a physical security problem...Frankly, Swartz did them a favor by revealing a weak spot in their security while not actually accessing anything that couldn’t be obtained without coughing up a registration and money to JSTOR.
MIT didn't see it that way; neither did law-enforcement.
And look again at comment no. 62 by Marcy Wheeler herself, who carefully analyzes all of Swartz's FOIA requests and tries to match them to the prosecution's actions to see if they were punishing him for those FOIA requests:
That’s not the same as saying they were not investigating him, period. Also note my FOIA post two doors down. There is at least the possibility that he may have come up in SOME grand jury investigation between October 8 and December 11 of 2010.
Look, part of the Manning investigation pertained to who helped Manning scrape lots of data w/encryption to avoid notice. He got a software tool to help him do that in Jan-Feb 2010 in Cambridge. According to Adrian Lamo, he had already told the Feds who that was by August. In Cambridge at that time (though I have no idea if he was at the parties earlier) was someone who had ALREADY scraped massive amounts of data without being identified. So it’d be unlikely that he would totally escape their interest.
[One of the questions I've always had about the Lamo chat logs and Manning's confessions is that if he confessed this in May, and Lamo told the feds by August 2010, then why did the cables still get published and not stopped by November 2010? I must have something wrong in the timeline.]
as Wheeler continues:
And presumably, one way to learn more about that would be to learn how Swartz uploaded the PACER documents to Amazon. That’s another thing he was FOIAing–what kind of info the govt got from Amazon in that investigation. And that’s something the GJ in this case was investigating too.
I’m fairly sure they used the GJ to investigate if he had ties to WikiLeaks, and that’s what his lawyer was trying to learn about in his discovery motions.
Bingo. Amazon is the connection here. If Swartz didn't make the scraper tool directly for Manning, or give it to Danny Clark to give it to him, or some other person, then maybe he helped at the other end of the pipeline, in getting the WikiLeaked items out of the US military's servers to WikiLeaks and then to "safety" at Amazon (but not for long).
We can estimate that they did use the grand jury, because Swartz's previous girlfriend Quinn was questioned and given immunity by the grand jury -- unlike David House, she didn't publish and notes so we don't know what happened.
There's this instructive email communication that Chris Soghoian, the privacy guru now working for ACLU whom I have criticized in the past, who communicated with Swartz and gave him advice and interpretation about "the cloud". He published these emails as a public service, but one wonders if in fact the grand jury looked at them as evidence:
And then there's this:
http://www.kindleproject.org/blog/2011/07/19/activist-aaron-swartz-faces-up-to-35-years-in-prison-for-downloading-academic-articles/
Swartz is no stranger to the feds being interested in his skills at prodigious downloads. In 2008, the federal court system decided to try out allowing free public access to its court record search system PACER at 17 libraries across the country. Swartz went to the 7th U.S. Circuit Court of Appeals library in Chicago and installed a small PERL script he had written. The code cycled sequentially through case numbers, requesting a new document from PACER every three seconds. In this manner, Swartz got nearly 20 million pages of court documents, which his script uploaded to Amazon’s EC2 cloud computing service. (from Tim De Christopher thatvisionthing no. 10 on Empty Wheel)
You know who else downloaded millions of pages? Bradley Manning.
Again, I will quote Tannenbaum:
Manning was no stranger to Boston and Cambridge, visiting his then boyfriend, a Brandeis graduate student active in the Boston area hacker community. During these visits, the last of which was in January 2010, Manning met David House, a founder of a Boston University hackerspace and an MIT researcher. After Manning's arrest and subsequent solitary confinement, House helped found The Bradley Manning Support Network, an activist group seeking to bring attention to what they saw as the inhumane treatment of Manning. House, himself, later became a target of the Wikileaks Grand Jury. During his grand jury appearance, in which he invoked his Fifth Amendment rights against self-incrimination, House was questioned about a supposed meeting with Bradley Manning and others during his January 2010 visit, including a breakfast at the Oxford Spa in Cambridge on January 27th.
As one commenter at Empty Wheel put this very succinctly, unlike so many anarchist word-salad sous chefs at the Atlantic:
it’s pretty cheeky to blow off net staff attempts to control their system while squatting on their real estate and physically hanging hardware on their lan. (lefty665 no. 91)
Indeed.
And here for reference against are David House's notes from his grand jury interrogation and a Guardian article about him turning against Assange later: "MIT computer scientist attacks founder in series of tweets that claim his actions 'put WikiLeaks supporters at risk'"
Swartz may have been one of those put at risk.
Again, Bradly Manning visited Cambridge in January 2010 with his then-boyfriend who was an MIT hacker moving in these circles, and attended an open house for BUILDs, the hacker community space established by David House.
The PBS Frontline did a film parsing all this and trying to interview various people on the subject. The Washington Post had some on this.
But Frontline actually gets little compared to a journalist of cyberspace Heather Brooke, who posts some of her notes with a meeting with Swartz just at that time, and an effort to retrace Manning's steps.
The Lamo chat logs appear to establish a connection between Assange and Manning.
Lamo says someone helped Clark install encryption for WikiLeaks.
Denver Nicks author of Private: Bradley Mannings, Wikileaks and the Biggest Exposure of Officials Secrets in American History did an interview with Democracy Now in which he said:
Julian Assange was part of this hacker culture in the '80s and early ’90s, and continues to be, but he was at that time. And like many people who are involved in that scene, Assange gets involved in writing open-source software, software based on the premises that Richard Stallman founded, the sort of free software ideals. Bradley Manning, later in his life, becomes good friends with a fellow named Danny Clark, who worked for Richard Stallman at the Free Software Foundation, and to some degree, I think, became interested in Stallman's ideas and the notion that information should be free.
As Swartz himself discovered, according to Heather Brooke, when "following the networks," Danny Clark was also connected to Benjamin Mako, who gave the FSF talk at the BUILDS open house the night Manning was present.
None of these people have to be put together in space and time to connect them, as some of them connect on Twitter or elsewhere. All of Swartz's tweets have been siphoned into a giant searchable file on the Internet Archive and one hopes nothing was removed.
TechDirt asked why the Secret Service took over the case two days after Swartz was arrested.
The MIT General counsel's office "approved the disclosure of information to law enforcement agents even in the absence of a warrant or process complying with the Stored Communications Act"...(and in contravention of MIT's published policies of only disclosing such information after receit of such process), and at a time when MIT personnel were acting as government agents, Halsall gave S/A Pickett historical network flow data relating to two IP addresses associated with the netbook...
But that's the spin TechDirt will give to any hacker's case. Acting as government agents?! That's absurd. They were acting properly as people whose system was hacked and breached, and they called in law-enforcers.
As Tannenbaum explained, it was normal given this kind of physical breach. And it's important, again to note that Swartz's lawyer could not make the case in court that there was something improper here. Peters tried to argue that the case to cite was Sanchez, which holds "a mere trespasser has no Fourth Amendment protection in premises he occupies wrongfully". The lawyer had no luck in trying to claim otherwise for Swartz as a trespasser. The law doesn't change itself because you are a genius or making a larger point.
It's also helpful to look at this case document to get the government's story, which, after all, is based on what MIT told them. This is never done in the tech press; it simply has to be done to see the whole picture here and understand that MIT tech people did their jobs properly, and that engendered the need to bring in prosecutors who did their jobs properly. Read more here to see how MIT built their case for cooperating with authorities without a warrant.
On January 4, 2011, Dave Newman, MIT Senior Network Engineer, located an ACER netbook in a data room in the basement of an MIT building, which Newman believed was the computer being used to download journal articles from JSTOR. Timeline at 6. Newman, in consultation with Paul Acosta, MIT Manager of Network Operations, decided to leave the netbook physically undisturbed and instead to institute a “capture” of the network traffic to and from the netbook, which was done via Newman’s laptop, which was connected to the netbook and which intercepted communications coming to it.
On January 5, 2011, Ellen Finnie Duranceau, MIT Program Manager of Scholarly Publishing and Licensing, took notes of a conversation with Halsall in which she indicated that the netbook was “left in place to capture traffic” because law enforcement “want[ed] to find intent + motive.” Exhibit 24 at 2. Those same notes stated that it was “now a Federal case” and that everything that had been provided was done “by choice,” and not pursuant to a subpoena. Id. at 3.
So there you have it. These two are at the frontline of the decision-making process. They aren't evil prosecutors or evil corporate suits, but people doing their job properly. They didn't know -- again -- that they were supposed to act diferently because the intruder was an "Internet freedom fighter" hero and that they were supposed to get out of the way of "a national conversation" and a revolution to undermine the rule of law.
Pieter Hulshoff
@PieterHulshoff
CatherineFitzpatrick
@catfitz
Mr. Neva,
It strikes me that if you're going to take the Electronic Frontier Foundation so sorely to task, you might at least get our name right... But that's a minor point.
More importantly, I have a hard time figuring out what we've done that has you so pissed off. As far as I can tell, we have somehow failed to defend your dancing bear avatar from the Linden Lords who gave "him" a "place" to exist to begin with.
Unfortunately, much of what we do revolves around the law... changing it, adapting it, and seeing that it's enforced appropriately in areas of electronic ambiguity.
Thus, you placed us in a weakened position with regard to defending your "rights" on Second Life when you clicked "agree" to the long terms of service agreement you probably didn't read when you signed up. After you did that, there wasn't much we could do for you.
I'm sorry you believe that this merits screeching a lot of truly insulting things about us. For an old hippie who really doesn't think he's "like all the others," it is personally painful to read your tantrum. Indeed, it made me long for an opportunity to kick you in your tiny nuts.
To claim that there is something malignantly hypocritical about our suing the NSA to stop warrantless wiretapping in America because we don't also protect your online avatar from the rulers of the walled garden where you elected to create him traffics in a logical inconsistency that it's not worth my trouble to point out.
And to tweet that you're trying to undo what I've spent 20 years doing bespeaks a level of ingratitude that would make even my children blush.
Fortunately, I don't give a shit about your gratitude. I'm going to go on defending your rights - in those areas where you actually have some - whether you're grateful or not.
With all due respect,
John Perry Barlow
Posted by: John Perry Barlow | April 04, 2010 at 09:42 PM