Security

MIT releases 180-page report on Aaron Swartz hacking case

Image Credit: Source: selfagency/Flickr

The Massachusetts Institute of Technology (MIT) released a long-awaited report today investigating its actions in prosecuting programmer/activist Aaron Swartz for his role in hacking the school’s academic research paper database.

Swartz, who co-founded community news site Reddit and had a hand in crafting the Creative Commons licensing agreement, was prosecuted to the full extend of the law for downloading and distributing 5 million academic documents from for-fee database JSTOR.  Under the current law, he faced 13 felony counts, (aka a possible 30+ year prison sentence). While awaiting a final verdict in the trial, Swartz took his own life.

The law that Swartz was prosecuted under — The Computer Fraud and Abuse Act (CFAA) — essentially makes hacking illegal, but doesn’t distinguish between the intent of that hacking. (For instance, hacking medical records to build a chemical weapon to murder anyone with webbed feet carries the same weight as hacking a database to make scientific research available to those who would use and learn from it, as Swartz did.) Many blame MIT for not doing enough to end Swartz’s prosecution, which is what prompted institute to request this thorough report back in January.

The 180-page report, written by a panel of scholars led by computer science professor and open-information activist Hal Abelson, attempted to offer a comprehensive account of the Institute’s involvement in Swartz’s case — not a summarized lesson of what it should or shouldn’t have done. Yet, it’s very clear that the report itself does want MIT to learn from the situation based on the assessment.

Here’s an excerpt from the report’s conclusion:

“If the Review Panel is forced to highlight just one issue for reflection, we would choose to look to the MIT administration’s maintenance of a ‘neutral’ hands-off attitude that regarded the prosecution as a legal dispute to which it was not a party. This attitude was complemented by the MIT community’s apparent lack of attention to the ruinous collision of hacker ethics, open-source ideals, questionable laws, and aggressive prosecutions that was playing out in its midst. As a case study, this is a textbook example of the very controversies where the world seeks MIT’s insight and leadership.

…MIT missed an opportunity to demonstrate the leadership that we pride ourselves on.”

So to recap, MIT wasn’t guilty of any wrong-doing since the institute didn’t have much experience dealing with this kind of legal conundrum. However, that doesn’t mean MIT couldn’t have done more — setting a precedent for other similar cases where the crime arguably doesn’t fit the prescribed punishment.

You can read MIT’s report in its entirety for free (PDF) via the institute’s website.

Via New York Times