Today, MIT released a report to President L. Rafael Reif called “MIT and the Prosecution of Aaron Swartz,” compiled by Professor Hal Abelson and a Review Panel he led. This set of FAQs, which was prepared by the MIT News Office in close consultation with the Review Panel, offers information from the 180-page report on MIT’s involvement in the Aaron Swartz case from 2010 to 2013, as well as a summary of the report’s key findings.
BACKGROUND ON THE REPORT
What are the origins of this report?
On Jan. 13, 2013, MIT President L. Rafael Reif asked Professor Hal Abelson to review the Institute’s actions arising from Aaron Swartz’s use of the MIT computer network to download more than 4 million articles from JSTOR, a repository of research journals.
Reif’s request for a thorough analysis of MIT’s activities followed, by two days, Swartz’s suicide at his apartment in Brooklyn, N.Y. He had been facing 13 felony counts stemming from his downloading of JSTOR documents, and was scheduled to go to trial in April 2013.
The report covers the period from September 2010, when a then-unknown person began the downloading of what would eventually be millions of JSTOR files via MIT’s network, to Swartz’s death in January 2013.
In presenting the review’s formal charge on Jan. 22, 2013, Reif told Abelson: “I trust that the MIT community, including those involved in these events, always acts with high professional integrity and a strong sense of responsibility to MIT. However, MIT tries continuously to improve and to meet its highest aspirations. It is in that spirit that I ask you to help MIT learn from these events.”
Who is Hal Abelson? What expertise does he bring to this report?
Hal Abelson, the Class of 1922 Professor of Computer Science and Engineering at MIT, is a leader in the worldwide movement toward openness and democratization of cultural and intellectual resources. He is a founding director of Creative Commons, Public Knowledge and the Free Software Foundation, and a former director of the Center for Democracy and Technology — organizations devoted to strengthening the global intellectual commons. As co-chair of the MIT Council on Educational Technology, Abelson has played a key role in fostering several of the Institute’s educational technology initiatives, including MIT OpenCourseWare and DSpace@MIT, an open-access repository of scholarly articles.
In his own letter to the MIT community on Jan. 22, 2013, Abelson described himself as “a faculty member strongly identified with the ideals of free and open access to information on the Net, the same ideals that Aaron championed so passionately.”
Why was Professor Abelson chosen to compile this report?
MIT typically assigns responsibility for internal reviews to members of its community who were not directly involved in the events under review, and who MIT believes will make a thorough and impartial review.
Who else was involved in the preparation of this report?
Professor Abelson led a Review Panel that included three other individuals:
- Peter Diamond, Institute Professor emeritus at MIT: An economist and a member of the MIT faculty since 1966, Diamond has served as president of the American Economic Association, the Econometric Society and the National Academy of Social Insurance. Since 1974, he has served on a number of government panels on social security; he has also served as a consultant to the World Bank on this topic. Diamond was a 2010 recipient of the Nobel Memorial Prize in Economic Sciences.
- Andrew Grosso, principal attorney at Andrew Grosso & Associates, a law firm in Washington: An expert on computer law, Grosso has no affiliation with MIT. He holds graduate degrees in physics and computer science, in addition to his law degree. Grosso has chaired the American Bar Association’s Committee on Science, Technology and Forensics, as well as its National Institute on CyberLaw, and he is the current chair of the Law Committee for the Association for Computing Machinery (ACM). From 1983 to 1994, he served as an assistant U.S. attorney in Florida and in Massachusetts
- Douglas Pfeiffer, assistant provost for administration at MIT: Pfeiffer provided staff support for the Review Panel.
What was Professor Abelson’s charge in compiling this report?
In his Jan. 22 letter to Professor Abelson, President Reif asked him to complete three tasks:
- “describe MIT’s actions and decisions during the period beginning when MIT first became aware of unusual JSTOR-related activity of its network by a then-unidentified person, until the death of Aaron Swartz on Jan. 11, 2013”;
- “review the context of these decisions and the options that MIT considered”; and
- “identify the issues that warrant further analysis in order to learn from these events.”
Why has it taken six months to compile this report?
President Reif’s Jan. 22 letter asked Professor Abelson “to conduct your review as rapidly as you can do so responsibly.” In its report issued today, the Review Panel notes, “Since that time, we have received no further instruction from the MIT administration other than several public indicators that we should take as much time as we needed.”
The Review Panel examined some 10,000 pages of documents in preparing its 180-page report. These included legal documents; electronic messages among individuals at MIT; and correspondence with JSTOR, Aaron Swartz’s attorneys, and the U.S. Attorney’s Office in Boston.
The Review Panel also interviewed approximately 50 people as part of its fact-finding, some of them on multiple occasions. These individuals offered, as the report notes, “multiple (and sometimes divergent) perspectives.” Interviewees included Aaron Swartz’s father, partner and friends; various attorneys who represented Aaron Swartz; the current and former president of MIT; MIT’s provost, chancellor and executive vice president; and MIT staff members who were involved in the events pertaining to Swartz.
Did the MIT administration have any role in shaping the Report?
No. Neither President Reif nor members of his administration have exerted any pressure on the Review Panel in its work. The president received the final report from Professor Abelson last Friday, July 26.
BACKGROUND ON AARON SWARTZ
Who was Aaron Swartz?
At the time of his death by suicide on Jan. 11, 2013, Aaron Swartz was a 26-year-old computer programmer. He was a former child prodigy who as a young teenager had worked alongside the leaders of the World Wide Web to create some of its basic technology for sharing information; an entrepreneur whose startup company became a key piece in a major news and entertainment service; and an activist who co-founded an advocacy organization with more than a million members that organized petition drives for civil liberties and against censorship. When he was arrested in 2011, Swartz was a fellow at Harvard University’s Edmond J. Safra Center for Ethics, and was living in both Cambridge, Mass., and Brooklyn, N.Y.
Was Aaron Swartz an MIT student or a member of the MIT community?
Aaron Swartz was not an MIT student or alumnus, and had never been an employee or faculty member at MIT.
However, as the report notes, Swartz had connections to the Institute: “He was a regular visitor to the MIT campus and interacted with MIT people and groups both on campus and off. … He was a member of MIT’s Free Culture Group, a regular visitor at MIT’s Student Information Processing Board (SIPB), and an active participant in the annual MIT International Puzzle Mystery Hunt Competition. Aaron Swartz’s father, Robert Swartz, was (and is) a consultant at the MIT Media Lab. Aaron frequently visited his father there, and his two younger brothers had been Media Lab interns.”
Why was Aaron Swartz arrested?
Starting in fall 2010, Aaron Swartz, whose identity was then unknown to MIT, used MIT’s computer network to download massive quantities of scholarly journal articles from the JSTOR digital library — eventually downloading some 4.8 million articles, or 80 percent of JSTOR’s database. The report documents that Swartz engaged in this activity on at least three separate occasions in late 2010: on Sept. 25-26, on Oct. 9, and over an extended period from late November to Jan. 6, 2011.
On Jan. 6, 2011, Swartz was arrested by the MIT Police and an agent of the U.S. Secret Service. He was accused initially of breaking and entering with the intent to commit a felony.
What specific charges did Aaron Swartz face?
The initial indictment by a federal grand jury on July 14, 2011, charged Aaron Swartz on four felony counts: one count of wire fraud and three counts of violating the Computer Fraud and Abuse Act. A superseding indictment was returned by a second grand jury on Sept. 12, 2012, and charged Swartz with 13 felony counts: two counts of wire fraud and 11 counts of violating the Computer Fraud and Abuse Act.
As the report notes, “for the final 24 months of his life, [Swartz] was the subject of a vigorous investigation and prosecution by the U.S. Department of Justice, with an indictment and then a superseding indictment that could have resulted in years in prison.”
Over time there were several possible plea deals offered by the prosecution. None of these guaranteed that Swartz would serve no jail time, although one alternative would have permitted him to argue for no jail time and various alternatives could have capped required jail time between three and six months. They included additional conditions such as a type of post-release probation and prohibitions on his use of a computer.
MIT’S ACTIONS IN THE INVESTIGATION
When did MIT learn that Aaron Swartz was behind the JSTOR downloads?
The report finds that until Swartz’s arrest on Jan. 6, 2011, MIT was unaware that he was the person who had used its network to download large volumes of JSTOR data. At the time, MIT’s primary concern was to stop the use of its network, by an unknown person or persons, to download massive numbers of articles from the JSTOR database. This activity was in violation of MIT’s licensing agreement with JSTOR, and its scale threatened JSTOR’s network so profoundly that JSTOR blocked all MIT access for three days in October 2010.
Why did MIT initially involve the police?
On the morning of Jan. 4, 2011, MIT’s network personnel located a laptop — covered by a cardboard box and plugged into a router in a basement data closet in Building 16 — that was automatically downloading JSTOR articles. They were not sure with whom or with what kind of situation they were dealing, so they contacted the MIT Police. For the same reasons, the MIT Police contacted a detective in the Cambridge Police Department who had expertise in computer crime and with whom they had worked in the past. When the Cambridge detective responded to that call, he was accompanied by an agent of the U.S. Secret Service.
Did MIT notify federal authorities?
No. The Secret Service agent was introduced to the case by the Cambridge Police Department. As the report describes it: “We note that no one from MIT called the Secret Service. MIT Campus Police contacted the Cambridge detective by calling him on his individual cell phone. The [Secret Service] special agent became involved because he accompanied the Cambridge detective.”
The U.S. Attorney’s Office in Boston became involved in the case in response to reports from the Secret Service agent. The report finds “that MIT did not intentionally ‘call in the feds’ to take over the investigation,” although the possibility that someone from the federal government might arrive with the Cambridge detective was known.
Did MIT provide materials to the Secret Service without a subpoena?
Yes. According to the report, at the request of law enforcement authorities, MIT provided federal authorities with information, including some computer logs and captured packets documenting the laptop’s activity. This was prior to MIT receiving its first grand jury subpoena on Jan. 27, 2011.
Why did MIT provide these materials without a subpoena?
MIT officials determined that it was appropriate to provide information to law enforcement officers, who were conducting an investigation into what initially was potentially ongoing criminal activity of an unknown scope. For more about MIT’s document production in the case, see, below, “Does the report prescribe changes in MIT policy or procedures?”
Was this provision of materials illegal?
No. The report’s analysis is that the Institute’s production of documents without a subpoena did not violate federal or Massachusetts laws.
MIT’S ACTIONS IN THE PROSECUTION
Did MIT urge the U.S. Attorney’s Office to prosecute Aaron Swartz?
No. The report finds that MIT never requested that a federal criminal prosecution be brought against Aaron Swartz. The decision to prosecute Swartz was made solely by the U.S. Attorney’s Office in Boston. MIT was not consulted by the prosecution about the charges, nor asked whether a prosecution should be pursued. Early in the prosecution by the U.S. Attorney’s Office, MIT adopted a position of neutrality between the prosecution and the defense.
Was MIT involved in plea negotiations between the government and Aaron Swartz?
No. While the U.S. Attorney’s Office and Aaron Swartz’s legal team held extensive plea discussions during 2011 and 2012, the report finds that “MIT was never involved in any plea negotiation, and was never asked — by either the prosecution or the defense — to approve or disapprove any plea agreement.”
Did MIT make public statements about the prosecution of Aaron Swartz?
No. The report determines that in keeping with its stance of neutrality, MIT never issued a public statement about Aaron Swartz’s prosecution or advocated publicly on his behalf. MIT was urged to make a public statement by Swartz’s family and attorneys and by two members of the MIT faculty.
Did MIT make private statements about the prosecution of Aaron Swartz?
Yes. The report determined that MIT, through both its inside and outside counsel, privately communicated to the U.S. Attorney’s Office its position of neutrality. Its outside counsel also communicated that MIT was not advocating jail time for Aaron Swartz, and that consistent with its overall mission, MIT did not focus on punishment or retribution but rather education. (The report also notes that “MIT did not say it was actually opposed to jail time.”)
How did the MIT community respond to the prosecution of Aaron Swartz?
Before Aaron Swartz’s suicide, according to the report, the MIT community paid scant attention to the matter, other than during the period immediately following his arrest. Few students, faculty or alumni expressed concerns to the administration. The report finds that during the two years between Swartz’s arrest and his death, only two professors suggested to members of the MIT administration that the Institute should advocate on his behalf.
Does the report find that MIT missed an opportunity to provide leadership to the Internet community?
The report does fault MIT’s limited involvement and position of neutrality as a missed chance for leadership on the difficult issues raised in this case. In the words of the report: “MIT is respected for world-class work in information technology, for promoting open access to online information, and for dealing wisely with the risks of computer abuse. The world looks to MIT to be at the forefront of these areas. … [B]y responding as it did, MIT missed an opportunity to demonstrate the leadership that we pride ourselves on.”
COMPLIANCE WITH MIT POLICY
Did anyone at MIT violate MIT policies, either knowingly or unknowingly?
For the most part, no. The report says: “The Review Panel did not find instances where anyone at MIT acted outside the boundaries of specific policies.” But the Review Panel did find that certain electronic records (specifically, DHCP logs) were retained longer than MIT’s retention policy permits without prior permission from the Office of the General Counsel.
Does the report prescribe changes in MIT policy or procedures?
Yes. The report states: “The Review Panel did identify areas of policy that might be reviewed and clarified going forward. For example, MIT’s provision of records … reveals some gaps in its policies and practices around electronic records. Records were given to the Secret Service and the USAO [U.S. Attorney’s Office] with the approval of OGC [MIT’s Office of General Counsel], but there seems to have been lack of clarity between OGC and IS&T [MIT Information Systems and Technology] over exactly what had been approved, and how long that approval lasted. Some records were turned over prior to subpoenas being issued. Some records were retained longer than MIT’s retention policy called for, and for some of kinds of records there seems to be no explicit retention policy at all.”
Has MIT restricted access to JSTOR in the wake of the Aaron Swartz case?
Yes. Prior to January 2011, any computer connected to MIT’s open wireless network could access JSTOR. As a direct result of the Oct. 9, 2010, downloading incident, MIT developed an authorization system to more narrowly restrict access to certain electronic databases. Under this system, implemented on Jan. 10, 2011, only MIT faculty, students, or staff — not guests — can freely access JSTOR. Guests seeking access to JSTOR must now use certain workstations located in MIT’s libraries.
MIT RESPONSE TO THE REPORT
What issues does the report suggest MIT consider following the Swartz case?
The report presents what the Review Panel sees as eight key questions for consideration and discussion by the entire MIT community:
- Should MIT develop additional on-campus expertise for handling potential computer crime incidents, thus giving the Institute more flexibility in formulating its responses?
- Should MIT policies on the collection, provision, and retention of electronic records be reviewed?
- Should an MIT education address the personal ethics and legal obligations of technology empowerment?
- Should MIT increase its efforts to bring its considerable technical expertise and leadership to bear on the study of legal, policy, and societal impact of information and communications technology?
- What are MIT’s institutional interests in the debate over reforming the Computer Fraud and Abuse Act?
- Should MIT strengthen its activities in support of open access to scholarly publications?
- What are MIT’s obligations to members of our extended community?
- How can MIT draw lessons for its hacker culture from this experience?
Does the report suggest a role for MIT in the current debate over the Computer Fraud and Abuse Act (CFAA)?
Yes. The Review Panel gives careful consideration to issues surrounding CFAA, and concludes: “There are many voices currently weighing in on the debate over CFAA reform, and MIT’s role as a technology leader gives it special status to explain the impacts of the CFAA on research and academic exploration. MIT can press for change without necessarily taking sides in all facets of the debate on alternative ways to do reform.”
What is MIT President Rafael Reif’s response to the Report?
President Reif wrote a letter to the MIT community expressing his initial thoughts.