Log In
Background_flag_guy

Daily Kos

Community
What Aaron Swartz did at MIT

Courtesy of The Tech, we have the following summary of what led to the prosecution against Swartz:

In the basement of Building 16 there is a wiring and telephony closet, known as Room 16-004t. Between November and December 2010, Aaron Swartz accessed this room and hard-wired his Acer laptop into the network, assigning himself two IP addresses. The computer was hidden under a cardboard box in the closet, and it remained there undetected for weeks. In this time it downloaded over 2 million JSTOR articles, more than 100 times the number of legitimate JSTOR downloads at MIT during that time period. (Emphasis added.)
It's the boldfaced section that's the most important. He accessed an unauthorized area of a campus of which we was not a community member, and added his computer to the network in a way no "outside" computer should ever be connected to a network like MIT's: directly to the switch system that controls and routes information over the network.

This, ultimately, is the real issue; the JSTOR downloads are ultimately secondary to this (although they may have been the primary source of the prosecutions). It's the unauthorized access to the network that had to have been MIT's biggest concern. While in this particular instance, there was very little in the way of ramifications, that is just a fortuitous happenstance. The next person to try such a stunt might be more malicious—perhaps introduce spyware into the network, or malware that might bring down the network. With more "direct" access to the network than can usually be obtained through standard access points, the damage that could have been inflicted is limited only by the creativity and skill of the hackers in question.

If MIT was indecisive in this matter, I can understand the two positions that they had to try to balance:

* Swartz's actions did not ultimately harm anyone, and had a (somewhat misguided) logic to them.
* However, his actions compromised one of the world's largest and most important computer infrastructures, and did disrupt the work of numerous MIT employees.

Faced with this, I think MIT needed to demand some criminal prosecution. The actions of the prosecutor in question were too overzealous; but to have just let everything slide, or lead to a "slap on the wrist" penalty would have only encouraged further attempts to compromise the network. (Seeing somebody get away with something like this would be a green light for more ignoble hacking attempts.)

There might be those who comment about MIT's reputation for "hacking" and tolerance of outrageous stunts. There is, in fact, a "hacking" culture at MIT, but it should be kept quite distinct from the "hacking" culture outside of MIT. MIT's variety of "hacking" is supposed to be non-destructive and non-disruptive. Getting the marquee in Lobby 7 to display IHTFP on the first day of finals? That's OK. Taking down a research group's website? Not cool.

It should also be kept in mind that Swartz was not a member of the MIT community. That means he isn't bound by MIT community rules—he couldn't be fired or administratively punished—so legal measures were the only option. Would it have been better to go about this via the civil system? I think so, but that wasn't the decision MIT and prosecutors reached.

Also, keep in mind that MIT's vast computer infrastructure supports the entire MIT community. This means that it also supports research projects from DOD, DOE, NSF, and many other sources, private and government. Some of those projects have various levels of confidentiality associated with them—which could be compromised if machines such as the one Swartz attached to the network were allowed to "pry."

Was this whole event a debacle? Absolutely. Aaron Swartz was mistreated by prosecutors, and the whole series of events was unfortunate. But I think it's important to realize that he was an active participant in the events that led to his decision to take his own life. He chose to exploit the MIT network, rather than the one at Harvard, presumably because it was more powerful. He chose to trespass and illegally attach his computers to the network. His actions resulted in disrupting the availability of a major research tool to a large fraction of the campus for a period of several weeks. While his cause was noble, his means were anything but.

(Disclosure: I am an alumnus of MIT.)