FB Share
Email This Page
add comment
Print

Thompson writes: "Are activists like Swartz committing civil disobedience, or online crimes? We break down a few strategies of 'hacktivism' to see what is considered criminal under the CFAA."

Aaron Swartz in 2009. One person remembered him as 'a complicated prodigy.' (photo: Michael Francis McElroy/NYT)
Aaron Swartz in 2009. One person remembered him as 'a complicated prodigy.' (photo: Michael Francis McElroy/NYT)


Was Aaron Swartz an MLK of the Internet?

By Christie Thompson, ProPublica

19 January 13

 

hen Reddit co-founder and internet freedom activist Aaron Swartz committed suicide last Friday, he was facing up to 13 felony counts, 50 years in prison, and millions of dollars in fines. His alleged crime? Pulling millions of academic articles from the digital archive JSTOR.

Prosecutors allege that Swartz downloaded the articles because he intended to distribute them for free online, though Swartz was arrested before any articles were made public. He had often spoken publicly about the importance of making academic research freely available.

Other online activists have increasingly turned to computer networks and other technology as a means of political protest, deploying a range of tactics - from temporarily shutting down servers to disclosing personal and corporate information.

Most of these acts, including Swartz's downloads, are criminalized under the federal Computer Fraud and Abuse Act (CFAA), an act was designed to prosecute hackers. But as Swartz's and other "hacktivist" cases demonstrate, you don't necessarily have to be a hacker to be viewed as one under federal law. Are activists like Swartz committing civil disobedience, or online crimes? We break down a few strategies of "hacktivism" to see what is considered criminal under the CFAA.

Publishing Documents

Accessing and downloading documents from private servers or behind paywalls with the intent of making them publicly available.

Swartz gained access to JSTOR through MIT's network and downloaded millions of files, in violation of JSTOR's terms of service (though JSTOR declined to prosecute the case). Swartz had not released any of the downloaded files at the time his legal troubles began.

The most famous case of publishing private documents online may be the ongoing trial of Bradley Manning. While working as an intelligence analyst in Iraq, Manning passed thousands of classified intelligence reports and diplomatic cables to Wikileaks, to be posted on their website.

"I want people to see the truth… regardless of who they are… because without information, you cannot make informed decisions as a public," Manning wrote in an online chat with ex-hacker Adrian Lamo, who eventually turned Manning in to the Department of Defense.

Both Swartz and Manning were charged under a section of the CFAA that covers anyone who "knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer…"

The charges hinge on an interpretation of this section that says anyone in violation of a website's terms of service is an unauthorized user. Because they're unauthorized, all of their activity on that website could therefore be considered illegal. Both were charged with felonies under the CFAA, on top of other allegations.

The Ninth and Fourth Circuit Court of Appeals have ruled that such an interpretation of the CFAA casts too wide a net. With the circuit courts divided over whether a broad definition of "unauthorized" is constitutional, it may fall on the Supreme Court to ultimately decide.

Assistant U.S. Attorney Steve Heymann of Massachusetts was the lead prosecutor in Swartz's case. (He was known for winning a 2010 case that landed hacker Albert Gonzalez 20 years in prison.) Heymann offered Swartz a plea bargain of six months in prison but Swartz's defense team rejected the deal, saying a felony and any time behind bars was too harsh a sentence. Swartz's family blamed his death in part on "intimidation and prosecutorial overreach."

As a result of Swartz's suicide, some lawmakers are now calling for a review of the CFAA. On Tuesday, Rep. Zoe Lofgren (D-Calif.) proposed a piece of legislation called "Aaron's Law," which would amend the law to explicitly state that merely violating a site's terms of service cannot fall under the federal CFAA.

Distributed Denial of Service

A Distributed Denial of Service, or DDoS attack, floods a web site's server with traffic from a network of sometimes thousands of individual computers, making it incapable of serving legitimate traffic.

In 2010, the group Anonymous attempted to overload websites for PayPal, Visa and Mastercard after the companies refused to process donations to Wikileaks. Anonymous posted their "Low Orbit Ion Canon" software online, allowing roughly 6,000 people who downloaded the program to pummel the sites with traffic.

A DDoS attack can be charged as a crime under the CFAA, as it "causes damage" and can violate a web site's terms of service. The owner of the site could also file a civil suit citing the CFAA, if they can prove a temporary server overload resulted in monetary losses.

Sixteen alleged members of Anonymous were arrested for their role in the PayPal DDoS, and could face more than 10 years in prison and $250,000 in fines. They were charged with conspiracy and "intentional damage to a protected computer" under the CFAA and the case is ongoing.

Some web activists have pressed for DDoS to be legalized as a form of protest, claiming that disrupting web traffic by occupying a server is the same as clogging streets when staging a sit-in. A petitionstarted on the White House's "We the People" site a few days before Swartz's death has garnered more than 5,000 signatures.

"Distributed denial-of-service (DDoS) is not any form of hacking in any way," the petition reads. "It is the equivalent of repeatedly hitting the refresh button on a webpage. It is, in that way, no different than any ‘occupy' protest."

Doxing

Doxing involves finding and publishing a target's personal or corporate information.

In 2011, Anonymous and hacker group Lulzsec breached the Stratfor Global Intelligence Service database and published the passwords, addresses and credit card information of the firm's high-profile clients. The group claimed they planned to use the credit cards to donate $1 million to charity.

Anonymous also recently doxed members of the Westboro Baptist Church after several tweeted their plans to picket funerals for Sandy Hook victims. Hackers were able to access Church members' twitter accounts and publish their personal information, including phone numbers, emails and hotel reservation details.

Jeremy Hammond could face life in prison for allegedly leading the Stratfor hack and a separate attack on the Arizona Department of Safety website. Former Anonymous spokesman Barrett Brown was also indicted for computer fraud in the Stratfor dox, not for hacking into the system, but for linking to the hacked information in a chat room.

The charges for doxing depend on how the information was accessed, and the nature of published information. Simply publishing publicly available information, such as phone numbers found in a Google search, would probably not be charged under the CFAA. But hacking into private computers, or even spreading the information from a hack, could lead to charges under the CFAA.

Website Defacement

Hacktivists take over a website to publish their own content or messages.

One of the first known hacking protests was in 1989, when the "WANK worm" targeted NASA, the Department of Energy and other government websites to protest nuclear armament. The sites were changed to read, "Worms Against Nuclear Killers. Your Site has officially been WANKed. You talk of times of peace for all, and then prepare for war."

In a more recent example, Anonymous defaced Syrian government websites last November to protest Bashar al-Assad's imposed internet blackout. Anonymous also recently hacked MIT's website to post an Aaron Swartz tribute message, calling for freedom of information and speaking out against his prosecution.

Robert Morris, the hacker behind the WANK worm, was the first person to be prosecuted under the CFAA. He was sentenced in 1990 to a $10,000 fine and 400 hours of community service. At the time, the law only applied to computers owned by the federal government or large financial institutions, but it was amended in 1996 to include any unauthorized computer access.

Clarification: This post originally suggested Swartz participated in hacking such as DDoS or Doxing, when we meant to describe general tactics. We have updated this post accordingly.

 

Comments   

We are concerned about a recent drift towards vitriol in the RSN Reader comments section. There is a fine line between moderation and censorship. No one likes a harsh or confrontational forum atmosphere. At the same time everyone wants to be able to express themselves freely. We'll start by encouraging good judgment. If that doesn't work we'll have to ramp up the moderation.

General guidelines: Avoid personal attacks on other forum members; Avoid remarks that are ethnically derogatory; Do not advocate violence, or any illegal activity.

Remember that making the world better begins with responsible action.

- The RSN Team

 
+39 # DaveM 2013-01-19 12:00
Attempts were made by the FBI and possibly other organizations to hound Martin Luther King to death. He was subjected to extensive surveillance and wiretapping, then received phone calls referring to the material thus acquired. He was told he should kill himself to avoid embarrassment.

I have often wondered how many others have received similar mistreatment and "listened to the voices".
 
 
+21 # wantrealdemocracy 2013-01-19 13:16
Martin Luther King was killed by governmental forces. People who act against the interests of the top 1% often are assisted by the government in dying or committing suicide. Lots of 'lone crazed gunmen' are involved in these activities that cause death of a person who speaks out against our 'leaders'. I doubt the suicide 'official story' as a do the events of 9/11 and the death of the Kennedy brothers.
 
 
+40 # Andrew Hansen 2013-01-19 12:06
The JSTOR case needs more exposure as the tragic outcome exposes, yet again, the now openly two-tiered justice here in the US.

One need look no further than to compare the HSBC and JSTOR cases.
 
 
-9 # Vess Pah 2013-01-19 12:47
The headline on this article is, at best, obscene. That someone would attempt to compare Martin Luther King Jr. with Aaron Swarz is proof that the writer knows virtually nothing about King, what he accomplished, how he accomplished it, and what his legacy is. Among other things, King specifically wrote that those who would commit acts of civil disobedience must be prepared to serve jail time for breaking what they see as unconstitutiona l and oppressive laws. Aaron Swarz not only was not prepared to do the time for his crime, he was unwilling even to admit that he had violated the law he was protesting. Are there problems with internet regulation as it now stands, and are the penalties out of proportion to the alleged crimes? Absolutely. But that does not mean that someone who violates those laws, however "pure" his or her motives, is not a law breaker. Just as the fact that Bradly Manning clearly was subjected to harsh, illegal treatment while in military confinement does not mean that he did not violate espionage acts by giving classified material to Wikileaks, nor does it mean that he does not meet the most basic definition of a traitor.

Swarz suicide was tragic, because the death of any young person is tragic, and because he so obviously was an incredibly talented young man. But Martin Luther King? Who was repeatedly jailed,who risked his life and finally was murdered for his beliefs and actions? Are you serious?
 
 
0 # fliteshare 2013-02-19 23:25
Your conviction doesn't make the question obscene. Your answer is simply NO, not by a longshot.
 
 
+5 # mike/ 2013-01-19 12:55
i'm sorry - the blog heading is very misleading & dubious. there is no mention of MLK in the article nor any reference to him - especially this weekend. as much as i sympathize with what Aaron Swartz was doing, he did nothing that was world changing; he did not engage in any sort of civil disobedience; nor did he act on anything he did. plus, suicide is completely different than martyrdom. he chose not to fight, mental illness or not.

the reference to Bradley Manning i find totally valid though & it was the first thing i thought of.
 
 
+27 # giraffee2012 2013-01-19 13:38
Our "justice" system has NO TROUBLE prosecuting the laws against poor people (as in this case and Bradley Manning) - but has SO MUCH TROUBLE enforcing laws against the banksters and anybody with $$.

We must call this out - over and over and over. Our banks are stealing our assets ($$, Houses, etc) and other big money companies are taking too as well as the uneven taxation (including allowing a cap on the rich's contributions to Social Security) ---

If we keep letting the justice system follow the money we will be back in the times of "Oliver Twist" where there wer the Rothchild-kinds and poor slumdogs.

Do we want America to be there after we fought so hard for our democracy.

Start with the Supremes - get rid of the RATS -- i.e. Scalia should be forced out by any means. There is work to do and it is NOW or NEVER
 
 
+4 # RobertMStahl 2013-01-19 13:41
How does one resolve the whistle blower problem? Ever Google "Dead Scientists" ?Glenn Greenwald talks about this Hunger, this insanity of judges in the pocket of the prosecution: http://readersupportednews.org/opinion2/277-75/15575-aaron-swartz-prosecutors-need-to-be-held-accountable. Then, today, there is the inimitable Paul Craig Roberts and this needs to be handed out in the streets for the air space it should Occupy: http://www.paulcraigroberts.org/2013/01/18/the-institutionalization-of-tyranny-paul-craig-roberts/

It it the end of the nation-state via treasuries creating the derivative environment they were to usurp: http://www.silverseek.com/article/gatas-bill-murphy-chris-powell-call-out-gold-and-silver-market-manipulation-conspiracy-criti
 
 
0 # NAVYVET 2013-01-19 15:27
Was this hacked? It's incoherent.
 
 
0 # bobby t. 2013-01-19 14:20
The Manning case reminds me of the Lance Armstrong deal. His defense is that all the bike riders doped. It is still wrong. With Manning he was tortured. All the other countries do it. Both wrong.
Years ago, students took over buildings in Columbia University protesting either the Viet Nam war, or the investments of the University in South Africa (not sure of that one) or something else. When the white kids were taken out there was a ruckus. The black kids who were in another building came down with their heads held high, and let the police handcuff them. They accepted and understood the deal. Ellsberg was lucky with the timing of his trial and got off. Manning not so much. Aye, there's the rub.
 
 
+15 # rolandjames 2013-01-19 14:44
Bradley Manning is not a traitor for trying to expose how the U.S. was conducting war in Iraq, specifically a case of a 'copter firing on and killing journalists and children from long distance. Nuremberg prosecutor Benjamin Fercenz has said that the U.S could be charged with war crimes in Iraq, just as another Nuremberg prosecutor, Telford Taylor, said about Vietnam in a 1970 book, 'Nuremberg and Vietnam: An American Tragedy.'
 
 
+14 # Third_stone 2013-01-19 14:57
I want to know how I can become a "protected computer" under the law. I suppose it is related to how much money I have, but I would welcome the opportunity to prosecute when the government snoops in my computer, or when an Amazon type intrudes by setting tracking cookies.
 
 
+1 # AReber 2013-01-19 15:32
There's another element in the Swartz case and it's closer to copyright law than any of the other legal issues raised. JSTOR's data base was put together at considerable expense and effort as a resource for scholars and libraries. Virtually every academic discipline has these and all have a user fee to cover the costs of building and maintaining the data. JSTOR and the others are almost universally non-profits run by universities and academic organizations.

Hacking and releasing publicly the information undercuts the right of the organizers to income, just like book piracy robs the author of royalties.

Now there is a solution here, of course, and it's to increase government subsidies and grants to support the building of these data bases which could then be kept in the public domain.

Don't hold your breath waiting for this to happen -- not in today's political climate.
 
 
+10 # Vegan_Girl 2013-01-19 16:14
These people were making good profits while the authors of these academic articles never saw a dime. I think that is wrong, and so Shwartz did not rob the authors.

I also think it is wrong to deny people free access to academic information. I am on board with your solution, and yes, it's not going to happen soon.....
 
 
0 # Texan 4 Peace 2013-01-19 17:29
"These people" being who? Authors of academic articles don't get paid per article, but they (we) earn a nice middle or upper-middle-cl ass income in part due to our research and publication record.
 
 
+7 # Texan 4 Peace 2013-01-19 17:28
AReber, I think you're correct that copyright law seems more relevant here. However, one can also argue that much (most?) of published scholarly research in the U.S. is funded by taxpayer dollars (NSF, NIH, NEA, DoE), so it should be publicly accessible.
 
 
+2 # Kootenay Coyote 2013-01-19 21:38
No: the material was assembled at taxpayers' expense, & then taxpayers were charged to see it.
 
 
+9 # lisamoskow 2013-01-19 15:33
Yes giraffee2012--o ut with Scalia, the
quintessential rat And onward.....
 
 
+10 # Texan 4 Peace 2013-01-19 17:30
The law speaks of "intentional damage... to a protected computer." Did Swartz actually cause any damage? I've seen no mention of such.
 
 
+7 # maroon1 2013-01-19 19:55
Probably the comparison to MLK goes more like this. If MLK was considered by J.Edgar Hoover to be "The Most Dangerous Negro in America", then what action would the government take against such a person, that it wouldn't take against known church bombers, lynchers, and other murderers of Civil Rights activists at the time. Hoover had notes sent to MLK suggesting he kill himself. My thought was did Swartz actually kill himself, or was he killed and it made to look like a suicide? Were his actions going to bring down the banking system, cost millions of jobs, put lives in jeopardy? Would his actions be a sufficiently justifiable threat, that if they were emulated, it could constitute a movement, a civil rights movement? What is the government's experience with dealing with civil rights movements in the past? After all why kill yourself before you even go to trial. Plenty of time to do that...if you get convicted...aft er appeals...etc. If you are going to do that. And what kind of time are you going to do anyway? It would seem a better play to set an example, call it a suicide, and the message is sent. So then only people who are willing to die, will emulate the same act. MLK was willing to die, and knew he was going to die.
 
 
+1 # LML 2013-01-21 20:07
"After all why kill yourself before you even go to trial. Plenty of time to do that...if you get convicted...aft er appeals...etc...."

Do you know how much it costs to go to trial? Much less pursue an appeal?

When you are aware of how much money you would need to go up against the government and prosecutors who have a hard-on for you, maybe you would kill yourself....if someone else didn;t beat you to it....
 
 
+7 # maroon1 2013-01-19 19:57
“On the evening of April 4, 1968, Martin Luther King was in Memphis supporting a workers’ strike. By the end of the day, top-level army snipers were in position to knock him out of ordered. Two military officers were in place on the roof of a fire station near the Lorraine Motel, to photograph the events. Two black firemen had been ordered not to report to duty that day and a black Memphis Police Department detective on surveillance duty in the fire station was physically removed from his post and taken home. Dr King’s room at the motel was changed from a secluded ground-floor to number 306 on the balcony. Loyd Jowers, owner of Jim’s Grill which backed on to the motel from the other side of the street, had already received $100,000 in cash for his agreement to participate in the assassination. He was to go out into the brush area behind the grill with the shooter and take possession of the gun immediately after the fatal shot was fired. When the dust settled, King had been hit, and a clean-up procedure was immediately set in motion. James Earl Ray was effectively framed, the snipers dispersed, any witnesses who could not be controlled were killed, and the crime scene was destroyed. “
 
 
-4 # America 2013-01-20 06:32
This article heading tragically creates a nasty spin on the real facts.

I enjoy being part of this blog because members think seriously about the issues and write accordingly if you read all of it you will not get carried away.

Writing as a Technology Professional, Here are the facts. Hacking is a despicable crime. Just think of the damage.
Malicious computer use such as virus writing and hacking cost businesses globally more than $1 trillion each year, according to a study from computer security company McAfee.
The projection is based on responses to a survey of more than 800 chief information officers of companies around the world.
The respondents estimated that in 2010 they lost data worth a total of $4.6bn and spent about $600 million cleaning up after breaches

The cost of hacking is turned over to YOU: consumers and businesses. The impact is even more far reaching but there is not enough space for me to list them.
How many different 'strong' passwords do you have to access your credit cards, banks accounts etc. How convenient is that. Do you ever worry about identity theft?
Let's take the spin off the political side of this article. Swartz was a super talented criminal that knowingly violated the system. Do you know how many other hacks he performed?

No amount of technology can ever overcome hacking as the methodology morphs just like a real virus.

Hackers on third offense should get life. The reference to MLK is flat-out obnoxious!!
 
 
0 # maroon1 2013-01-21 11:40
As a current "victim" of identity theft, committed I imagine more by drug addicts than activists, I of course make a distinction between hacking for personal profit, or hacking in the public interest, particularly when my government or a corporation person is acting in a way that would earn a private citizen incarceration or a death sentence. They simply are not going to be forthcoming, even when the law requires them to be forthcoming. As an academic, I already had access to JSTOR. Wikileaks and An Act of State, confirmed what I suspected from other evidence. Our governments interests, and our interests, are not always aligned. If I ask nicely for information which as a citizen is my right to know (is my government breaking its laws), and my government refuses, in effect breaking the law, I will not vilify anyone seeking to publish the truth. I'm not entirely certain that Swartz rises to that level, or even the level of MLK. But I'm of the opinion, is that you don't take your own life, you let your enemies kill you if it comes to that. You must remain in the fight, if you choose that path.
 
 
0 # fliteshare 2013-02-19 23:53
So the taxpayer pays for the creation of the information on JSTOR after which the taxpayer is again required to pay for accessing the information he already paid for because when the information gets hacked the taxpayer is going to get the bill anyways.

And your point was: When taxpayers don't pay 3 times over the sale is null and void ?

I call it, giving "We The People" their rightful property back. A job that was supposed to be carried out by the police. (who, BTW also have their salaries paid by the taxpayer).

No wonder IT professionals make triple digit salaries. They are almost as corrupt as banksters.
 
 
-5 # elmont 2013-01-20 11:50
Bring on the red thumbs-downs. I see them coming. If this guy had decided that all information on the web should be freely shared, including, say, your credit card information, might you then acknowledge that maybe some hacking is harmful?? Had he broken into my house and set up a device to download all my computer
info, frankly, I would have been a little upset. The prosecutors here have taken a lot of flak because someone with a previous history of serious depression took his own life. Hmmm. Call me a jerk if you like, but I'm glad that FINALLY, somewhere, a prosecutor took computer crime seriously. This guy was no Robin Hood. He was someone who wanted to use criminal methods, including (alledgedly) burglary, to impose his view of the world on the rest of us. History is full of proof of the perfidy of such behavior.
 
 
+2 # Kratoklastes 2013-01-20 16:02
"Are activists like Swartz committing civil disobedience, or online crimes?" - false dichotomy: the answer, as usual for journalistic false dichotomies, is "both".

A 'crime' is just a set of actions that is proscribed by a group of geriatric megalomaniac sociopaths who claim the right to rule (i.e., Massah). There is nothing inherently right or wrong about most of what those parasitic clowns decree.

Sheesh... it's like a thousand years since Spooner and Thoreau: nobody is, or ought to be, under any obligation to obey unjust laws. An unjust law is a law that violates standard Paretian norms (i.e., that makes any individual who is not imposing quantifiable, tangible direct costs on others, worse off).

So... yeah. BOTH, silly. One matters (civil disobedience) and one doesn't (obeying the decrees of sociopaths... i.e., being a "house negro" in Malcolm X's taxonomy).
 
 
+2 # mdhome 2013-01-20 17:12
Just last night I watched a "TED" presentation by Richard Baraniuk about "conneXion" putting educational material on line for FREE. Everyone should watch this, kinda sounds like Eric was trying to do. I am in sympathy with the Bradley Mannings and Eric Swartzs of the world, may we always have those who believe information should be available.
 

THE NEW STREAMLINED RSN LOGIN PROCESS: Register once, then login and you are ready to comment. All you need is a Username and a Password of your choosing and you are free to comment whenever you like! Welcome to the Reader Supported News community.

RSNRSN