Saturday, March 16, 2013

Waiting for the RedState ban hammer


I have at present a diary over at RedState, a conservative site that publishes some pretty vocal support for the prosecution of Aaron Swartz. I'm of the opposite opinion and after getting banned from a thread (and getting called a hippie, natch), I published my own diary entry below. Now I get to see whether the post will survive and it is worth investing in writing for RedState. 

In my career as a network administrator, I've been asked to break into three e-mail boxes of existing employees (entering into departed employees e-mail is routine and I've lost count of how many of those I've done). Twice I did so after verifying that it would be legal to do so, the third time, I regretfully told my bosses boss that company policies were so incoherent on the subject of notice that it didn't meet the legal standard and I wouldn't break in to find out if an employee was fielding recruiter e-mails. This lack of notice was a real accomplishment on the part of the employee handbook writers for the firm as the standard for notice is absurdly low. You can find cookie cutter notice templates for notice of lack of privacy in company e-mails all over the Internet. I still expected to get fired for that action, but didn't. No doubt a lawyer was consulted but nothing more was ever said to me. The lesson is this. While an authority may intend something, if it doesn't actually go through the action of properly saying so, it is an abuse to just go along with the flow. 
Aaron Swartz could have been given meaningful notice that what he was doing was in violation of the terms of the JSTOR license using the same technology that Panera and Starbucks use to notify you about doing naughty things with their free wi-fi. MIT chose not to do so. Instead, they treated Aaron Swartz's computer as if it was technically misbehaving (which it was) and issued a MAC block on the use of their DHCP server. Which, as they knew themselves, was trivial to defeat and was promptly defeated. But a MAC block on DHCP says nothing about JSTOR access. What Swartz did was incredibly rude, a brazen kick between JSTOR's metaphorical legs begging for attention. That doesn't mean that it was illegal or that the MAC block provided any sort of legally meaningful notice. 
JSTOR could have said that MIT was in violation of its license and pulled JSTOR access until they fixed it or they could have throttled the connections from MIT to reduce the number of downloads to tolerable levels. What the situation wasn't was wire fraud or computer fraud. It was abusing the special MIT JSTOR license until it sat up and begged. 
MIT's JSTOR license has all the integrity of an Obamacare waiver for a labor union. Mere mortals have to pay for downloads to access publicly financed scientific research papers but people who wander onto the hallowed campus of MIT get to download for free. JSTOR sets up a multi-tier access system, which is their right, but they have to do it carefully otherwise you get leakage to the little people who don't rate. JSTOR didn't do it carefully enough and Aaron Swartz exploited their licensing carelessness. It's not like he didn't already have access to JSTOR via Harvard as a research fellow at that institution. If all he had wanted to do was to get the articles, he could have smurfed out his requests via the Harvard network to be below detection thresholds and we all would have woken up one day with a giant torrent sitting out there on the Internet, similar to what happened with Climategate. He did his actions at an institution where he did not have special rights on purpose and very likely looked forward to ending up in civil court to hammer home his points and if he lost, perhaps pay a fine. 
Instead he ended up charged with multiple felonies and the prospect of losing some of his civil rights for the rest of his life. This was a turn of events that even JSTOR did not want. 
However, Attorney General Eric Holder thinks that charging thirteen felony counts for accessing information you have rights to from the wrong network was ok, if the plea deal is sweet enough. "I think what those prosecutors did in offering three, four, zero-to-six [month prison term plea term offers] was consistent with that conduct." That seems to miss the point. A civil matter was escalated to criminal status. That's the line that was crossed. Senator Cornyn (R-TX) seems to get it "I’m concerned that average citizens, if you can call them that, like Aaron Swartz, people who don’t have status and power, perhaps, in dealing with the federal government, could be bullied." Representative Issa (R-CA) is looking into the matter too, seeking to gather evidence of the affair. I don't think these Republican politicians are just taking up the Swartz case because they don't like Holder or Obama. There are real issues at stake that should concern americans of all political persuasions but especially conservatives. Overcharging is not a conservative value. Using the machinery of the criminal system to hammer out what should have been a civil matter is not a conservative value. High disparities between plea offerings and sentence at trial are a dubious tactic that may run afoul of ethics rules and, you guessed it, not a conservative value. 
But the biggest reason to have a bit of sympathy for Swartz's cause of openness is that it will, on balance, benefit conservatives. Big government thrives on confusing people and hiding the truth of its venality, idiocy, and incompetence. Automated scripts accessing information need to be kept legal in the widest possible variety of circumstances because downloading information and data mining it to figure out where the hidden truths are is our best tool for keeping serious oversight over the whole complex mess. We are not doing enough of that, and prosecutions like Swartz's discourage their use. 

3 comments:

  1. Ummm ... why would you need to "break into" a mail account you administer? I just can read any mail I administer, I don't but it's my network if I administer it.

    ReplyDelete
  2. I'm guessing you don't work for a publicly traded firm. If your mail system allows you to just read mail without leaving a trail, you can do insider trading with impunity. That leaves you a bit out on a limb if the regulators come calling.

    ReplyDelete
  3. I guess you run some kind of windows server setup. I know little about that stuff.

    Any *nix system I am root on is mine, lock stock and two smoking barrels. Now I do leave a trail in the logs, but they are mine too so ....

    ReplyDelete