The Witness Perspective

Anyone who is, or is thinking of becoming, a prosecutor ought to read Life Inside the Aaron Swartz Investigation for Quinn Norton’s account of what it feels like to be a witness in a prosecution, including in a grand jury proceeding. I doubt that much of it, especially the run up to the grand jury, was an unusual experience, which will make it all the more instructive to participants in the legal system.

I haven’t written about the Aaron Swartz story because I don’t have much to say that hasn’t been said well and often elsewhere. What’s publicly available does suggest that prosecutors took a surprisingly tough line with Aaron Swartz (whom I believe I only met once, briefly, but who left a comment here once). This tough approach is consistent with an attitude I think is common to a lot of law enforcement and, sadly, judges, in that they see “hackers” as evil creatures akin to Tim May‘s ‘four horsemen of the Infocalypse‘.

I’m not, by the way, a fan of the ordinary grand jury, which I think has strayed far beyond what it was and should have been, and has become a too-pliant tool of the prosecution. Interestingly, Florida does it better: as well as using local grand juries to hand down first degree murder indictments, statewide grand juries here investigate social problems and come up with frequently sensible reports and recommendations often aimed at spurring legislation or administrative reform.

And it’s more than clear that we need to reform the Computer Fraud and Abuse Act, along the lines of the “Aaron’s Law” proposal making the rounds.

All that said, and assuming the most noble of motives on Aaron Swartz’s behalf, it also seems to be the case that breaking into a server closet at MIT and inserting a machine there that availed itself of the data stream isn’t nice and wasn’t legal. There was at least petty crime, and perhaps more depending how one valued the data acquired. What is at issue to me regarding the feds (as opposed to, say, MIT) is not so much the fact of a prosecution but rather the means used to go about it. Then again, I suspect these means were standard operating procedure, which is the real issue.

(Spotted via Cory Doctorow, Inside the prosecution of Aaron Swartz.)

This entry was posted in Law: Criminal Law. Bookmark the permalink.

One Response to The Witness Perspective

  1. Vic says:

    Even more abusive enabling of federal prosecution by the Computer Fraud and Abuse Act is the case of Andrew Auernheimer who was just CONVICTED of doing the following:

    Having noticed that a web server at ATT (one not behind a firewall, nor requiring any passwords to enter), when prompted with an iPad’s “integrated cicuit board identifier” (probably really a MAC address, would return the email address of the iPad’s owner.

    Armed with this information, he wrote a script to run possible identifiers past the server and acquired a huge number of email addresses.

    This is actually just an automation of what ALL of us do every day. “I need to book my flight on United. hmmmmm. I don’t know the web site…I’ll try…Hey, it worked!”

    He brought this to ATT’s attention, but they were busy that day. He was prosecuted and convicted for “hacking” into ATT’s servers under the CFAA.

    (I think I have the essential details correct. It’s hard to know for sure when you just get stories reported by people who think linux is some sort of childhood desease, and have no idea what ssh, ftp, TCP/IP, etc. are.

    To my mind, this is far more abusive than prosecuting someone for doing what Schwartz did. Though to be clear, I do not think that anyone should be prosecuted for any part of their list of crimes that is just connecting to a server which doesn’t ask for authentication, and retrieving whatever might be freely available to anyone with a computer and an internet connection. It’s entirely the fault of the server maintainer if they don’t lock up what should be locked up. But if you break into a server closet to do that…

Comments are closed.