WASHINGTON – I didnt know Aaron Swartz, but I wish Id followed the out-of-all-proportion charges the Department of Justice brought against him before his death. Swartz, of course, is the Internet prodigy who took his own life last weekend, a few days after prosecutors insisted, according to his lawyer, that he go to prison for allegedly committing computer fraud by downloading 4.8 million articles from the academic database JSTOR.
The causes of suicide are almost always complex, and Swartz suffered from depression. Im glad thats been a clear thread running through the coverage of his death. But Swartzs mental health history doesnt change the fact that he was on the receiving end of blatant prosecutorial intimidation – an egregious overcharging of crimes by the U.S. attorneys office in the name of setting an example. If the prospect of prison and high legal fees contributed to Swartzs decision to take his life, as his family and his girlfriend say, then that is a tragedy that should lead to serious soul searching at the Justice Department. Prosecutors wield enormous power over all of us. This case is one terribly sad example of what can happen when they abuse it.
Swartz was accused of going into an unlocked computer-wiring closet at MIT in September 2010, changing an IP address on a university computer, and using it to download the papers from JSTOR, which normally charges per article or per subscription. Why did Swartz monkey around this way with JSTOR? Im not sure he ever explained this particular act, but its not wholly surprising given his record of passionate advocacy for freeing information online. Hes the guy who also figured out a way to download 20 percent of the governments federal court database, PACER, another giant repository that charges user fees.
For this, Swartz was charged with fully 13 counts of violating the Computer Fraud and Abuse Act, which meant he faced millions of dollars in fines and up to 35 years in prison. This law is notoriously capacious. Prosecutors can stretch it to cover misdeeds that would otherwise barely qualify as illegal. To illustrate just how much overreach the act allows, law professor Orin Kerr, who writes at Volokh Conspiracy, once posted a ridiculous new terms of service for the blog and then wrote, If you post an abusive comment; you are an employee of the U.S. government; your middle name is Ralph; youre not super nice, as judged by me; or you have visited Alaska, I have kinda bad news for you: You are a criminal, as you have just violated 18 U.S.C. 1030(a)(2)(C) by accessing the Volokh Conspiracys service without authorization or in excess of authorization.
You can argue with Swartzs tactics – as Harvard law professor Lawrence Lessig, who knew and clearly loved Swartz, writes: The causes that Aaron fought for are my causes too. But as much as I respect those who disagree with me about this, these means are not mine. As Lessig emphasizes, however, not every miscreant deserves to have the full weight of the U.S. government come crashing down on him. JSTOR said Swartz did not sell or give away the articles hed downloaded and declined to take any action against him. (MIT, by contrast, lamely remained silent throughout his prosecution – only now are administrators investigating the universitys involvement in the case and promising a public accounting.)
Compare this to the defense of the charges against Swartz by Carmen M. Ortiz, the U.S. attorney for Massachusetts, in 2011: Stealing is stealing, whether you use a computer command or a crowbar, and whether you take documents, data or dollars. Whose characterization of the facts is more convincing? The governments ratcheting up of charges against Swartz reeks of the worst kind of prosecutorial intimidation. Im sure no one in the U.S. attorneys office thought Swartz should actually go to prison for 35 years. But the heavy penalty was leverage to induce him to plead guilty – and, according to his lawyer, ensure that he accepted a plea agreement with some time behind bars.
Why do this to an icon of the hacker movement? In a fierce post you should read in its entirety, Danah Boyd argues that the government saw Swartz as a way to show the hacker community who is boss. She writes: When the federal government went after him – and MIT sheepishly played along – they werent treating him as a person who may or may not have done something stupid. He was an example. And the reason they threw the book at him wasnt to teach him a lesson, but to make a point to the entire Cambridge hacker community. It was a threat that had nothing to do with justice and everything to do with a broader battle over systemic power.
The underlying point Boyd is making, I think, is that the government doesnt understand hackers and isnt good at distinguishing between miscreant vigilantes such as Swartz who are trying to free information systems and profit-driven or diabolical hackers who are trying to bring down those systems. Thats when an expansive law like the Computer Fraud and Abuse Act becomes dangerous. Prosecutors convinced of their own righteousness, and woodenly equating downloading a deliberately unprotected database with stealing, lose all sense of proportion and bring in the heavy artillery when whats in order is a far more mild penalty.
Id like to tell you that the prosecutorial overreach that took place in Swartzs case rarely happens. But thats not true. There are many principled prosecutors who only bring charges they believe they can prove beyond a reasonable doubt. But there are also some who bring any charge they can think of to induce a defendant who may be guilty of a minor crime to plead guilty to a major one. These cases usually are hard to call attention to: Theyre not about innocence. Theyre about the muddier concept of proportionality. If any good at all can come from Swartzs unspeakably sorrowful death, maybe it will be how this case makes prosecutors – and the rest of us – think about the space between guilt and innocence.