In 2008, Swartz started to get sick of San Francisco. He had been there for about 18 months, and increasingly found the city shallow. “When I go to coffee shops or restaurants I can’t avoid people talking about load balancers or databases,” he wrote. “The conversations are boring and obsessed with technical trivia, or worse, business antics. I don’t see people reading books—even at the library, all the people are in line for the computer terminals or the DVD rack—and people at parties seem uninterested in intellectual conversation.” At the end of spring, Swartz left the city for good and moved back to Cambridge, Mass., which he described as “the only place that’s ever felt like home.”
He spent much of his time working out of a rickety Harvard Square building called Democracy Center, which housed various liberal activists. His upstairs office had a broken balcony and a hole in the wall, which meant Swartz could hear everything going on next door. His neighbor was Ben Wikler, a political organizer and former Onion contributor who was working for a global activist organization called Avaaz. The two became friends. “I knew all these people in online activism and organizing, and I read tech blogs constantly, but I didn’t know anybody in that world. And Aaron knew all the tech bloggers,” says Wikler. “So we were each other’s tickets into the other world.”
Swartz deepened his involvement in politics, attending meetings of online activists that Wikler convened above the Hong Kong Restaurant in Harvard Square. He started experimenting with weird sleep arrangements, deciding he would start waking up at 5 a.m. (The experiment didn’t last.) He became a fellow at Harvard’s Safra Center for Ethics, studying the ways in which money influenced politics, the media, and academic and industrial research. And on Sept. 24, 2010, he purchased an Acer laptop computer, brought it over to MIT, and got ready to download some documents from the academic journal database JSTOR.
Swartz’s JSTOR scheme was different from his PACER escapade in several crucial ways. First, JSTOR is not a repository of non-copyrightable government documents. Though users with subscription access to JSTOR can grab its contents for free, it is a paid service—major research institutions pony up as much as $50,000 annually for access—that houses journal articles that are mostly under copyright. Second, Swartz wasn’t spurred by an easily identifiable, information-liberating call to action along the lines of Carl Malamud’s PACER push. There was one potential precedent: A couple of years prior, Swartz had collaborated with a Stanford law student named Shireen Barday on a project that involved downloading almost 450,000 articles from the Westlaw database and analyzing them to see who, exactly, was funding legal research. While it’s possible that Swartz was going to post his JSTOR cache on the Web, it’s also plausible that he simply planned to use the articles for research along the lines of the Shireen Barday project. We can’t be sure.
Third, Swartz seems to have made an effort to conceal his connection to the JSTOR downloads—an understandable decision, given the FBI’s interest in his PACER project. This is probably why, instead of just using Harvard’s network (where he would’ve had JSTOR access), Swartz went down the road to MIT. Once there, he connected to the MIT wireless network as a guest and ran a script on his machine that allowed him to grab a huge amount of articles. While authorized users can theoretically download as much as they want from JSTOR for free, its terms of service prohibit the use of programs to abet bulk downloading. Swartz must have known that his script would catch JSTOR’s attention, and engender suspicions that he wanted the articles for something other than personal use.
He was right. According to the government’s indictment against Swartz, these “rapid and massive downloads and download requests impaired computers used by JSTOR to provide articles to client research institutions.” JSTOR detected something was amiss and blocked Swartz’s IP address. He acquired a new one and began again. JSTOR then went ahead and blocked a range of MIT IP addresses. They also got in touch with MIT, which took steps to ban Swartz’s computer from its network. The indictment claims that Swartz again evaded their security and also got another computer, using both to download more JSTOR articles. This allegedly crashed some of JSTOR’s servers; in response, around Oct. 9, 2010, JSTOR blocked access to its database for everyone at MIT.
Around that time, Swartz ceased his downloading for about a month, most likely because he had traveled to Washington, D.C., with Wikler to volunteer with the DNC in the lead-up to the 2010 midterm elections. When he returned to Cambridge in November, he got back to downloading. This time, he decided to pre-empt any wireless IP bans by hard-wiring his Acer laptop directly into MIT’s network.
As is perhaps fitting, the buildings at MIT are known by numbers instead of names. Students take classes in Building 3 (mechanical engineering) and take their meals in Building W20 (the student center). Building 16 is one of the least essential structures on campus. It’s a connector, containing the Foreign Languages & Literatures Resource Center, the Division of Comparative Medicine, and, in the basement, a wiring and telephony closet that’s directly across from a pair of double doors emblazoned with a warning sign.
When Aaron Swartz first accessed Room 16-004t in late 2010, both the building and the closet door were unlocked. This wasn’t unusual. MIT is one of the country’s most open universities. Its signal building, the majestic Building 7, is always open to visitors. From there, you have unimpeded access to almost any part of the central campus via a labyrinthine network of hallways. It isn’t just students who come and go as they please. For years, local drama troupes used vacant classrooms as rehearsal space.
MIT’s open-door policy descends from the culture that Richard Stallman and the AI Lab created. Back when there were very few computers at MIT, some professors and administrators had a habit of locking the rooms that housed the precious terminals. Stallman and his fellow hackers, who believed the computers belonged to everyone who worked on them, considered a locked door a personal affront. As Steven Levy describes in Hackers, they went to great lengths to access the terminals—picking locks, crawling through ceilings, even employing brute force to open a door.
Three decades hence, MIT has enthusiastically co-opted the hacker legend, selling the idea that there should be no barriers to progress and innovation. This ethic is a crucial part of the university’s culture, and legendary “hacks”—elaborate pranks that date back to the 1860s—are celebrated on MIT’s admissions site and alumni pages. The “best of” list on the site hacks.mit.edu includes the time in 1994 that students “changed the inscription on the inside of Lobby 7 from ‘Established for advancement and development of science and its application to industry arts agriculture and commerce’ to ‘Established for advancement and development of science and its application to industry arts entertainment and hacking.’ ”
But while MIT students and alums relish the school’s devil-may-care image, the university has long ceased to be “open” in the way AI Lab's hackers understood the term. The communal, socialistic beliefs of Stallman's crew are anathema to MIT, which exists in large measure to perform research for government and industry groups. The university’s website boasts that MIT “ranks first in industry-financed research and development and development expenditures among all universities and colleges without a medical school.”
Given its reliance on government and corporate funding, MIT has an interest in appointing administrators who can speak that language. The school’s president at the time of Swartz’s JSTOR hack was Susan Hockfield, a neuroscientist by training who had shown herself willing to take a hard line—and who seemed uninterested in maintaining the university’s façade of openness. “When you'd go up to the second floor at MIT, you would pass the president's office, and the door would be closed; you'd pass the chancellor's office, and the door would be open,” remembers Aaron’s father Robert Swartz, who has done consulting work for the MIT Media Lab. “After [current MIT president L. Rafael] Reif took over the president’s office, the door was open. I think that was intentional symbolism.”
Multiple sources suggest that, under Hockfield, the university became much less tolerant of the kinds of incidents that, however harmless, might nonetheless damage its image. In 2007, for example, an undergraduate named Star Simpson was arrested at Logan Airport after TSA officers mistook a circuit board on her sweatshirt for a bomb. Simpson meant no harm, but the event had the potential to affect MIT’s standing with the public and with industry. MIT issued a press release decrying Simpson’s “reckless” actions, and offered her no assistance during her subsequent legal ordeal. (Hockfield later expressed regret at how the situation had been handled.)
This was MIT as of late 2010: an institution that keeps its doors unlocked, but looks askance at anyone who goes where they’re not supposed to. When MIT police learned that someone had jacked into the school’s computer system, it’s no surprise that they set up a sting operation to catch the culprit. And it wasn’t particularly surprising that the culprit turned out to be Aaron Swartz.
* * *
At 12:30 p.m. on Jan. 6, 2011, Aaron Swartz entered Room 16-004t to retrieve his laptop and external hard drive, which he had hidden beneath a box. By that point, the closet was under surveillance. Less than two hours later, according to the Cambridge Police Department arrest report, an officer located Swartz riding his bicycle. Swartz tried to get away from the cops, jumping off his bike, but he was quickly apprehended. Six months later, a federal indictment against him was unsealed, alleging that Swartz had downloaded approximately 4.8 million articles from the JSTOR database. A superseding indictment filed in 2012 would eventually ratchet up the charges, increasing the number of felony counts from four to 13.
Since childhood, Swartz had advocated for free, open access to information. This was the promise of the Semantic Web and Creative Commons. This was the ethic that drove his work with Open Library and PACER—that there was unquestioned value in making data easier to acquire and study.
In 2008, Swartz wrote something he called the Guerilla Open Access Manifesto:
Forcing academics to pay money to read the work of their colleagues? Scanning entire libraries but only allowing the folks at Google to read them? Providing scientific articles to those at elite universities in the First World, but not to children in the Global South? It's outrageous and unacceptable.
"I agree," many say, "but what can we do? The companies hold the copyrights, they make enormous amounts of money by charging for access, and it's perfectly legal—there's nothing we can do to stop them." But there is something we can, something that's already being done: we can fight back.
Those with access to these resources—students, librarians, scientists—you have been given a privilege. You get to feed at this banquet of knowledge while the rest of the world is locked out. But you need not—indeed, morally, you cannot—keep this privilege for yourselves. You have a duty to share it with the world.
This might not have seemed like much at the time it was written. Swartz had a habit of making provocative arguments that he may or may not have taken seriously. As a teenager, he questioned the “absurd logic” of laws that banned the distribution and possession of child pornography. In 2006, he expressed his belief that music was getting objectively better, and that Bach’s Well-Tempered Clavier may well be musically inferior to Aimee Mann’s 2005 album The Forgotten Arm.
But after his JSTOR hack, the Guerilla Open Access Manifesto became invested with meaning—the prosecutors entered the manifesto as evidence of Swartz’s intent to redistribute the downloaded articles. The government’s indictment alleges that Swartz “stole a major portion of the total archive in which JSTOR had invested” and “intended to distribute these articles through one or more file-sharing sites.” Swartz’s friends and family unanimously dispute that allegation.
The lead prosecutor was Stephen Heymann, a man who was not inclined to look kindly on Swartz’s case. In 1997, Heymann had written an article for the Harvard Journal on Legislation called “Legislating Computer Crime,” in which he argued that Congress needed to take action to address the unique challenges posed by digital-age scofflaws. “The ability of computers to perform a task millions of times in the period that it takes a human to perform the same task only once dramatically increases the harm that a particular action can cause,” Heymann wrote.
Swartz was charged under Section 1030, Title 18 of the U.S. Code, otherwise known as the Computer Fraud and Abuse Act of 1984. (He was also charged under sections 2, 981, 982, 1343, and 2461.) In that 1997 article, Heymann cited the CFAA as model legislation, calling it “a computer crime law at its purest.”
Not everyone shares Heymann’s enthusiasm for Section 1030. The law is “notoriously capacious,” Slate’s Emily Bazelon wrote earlier this year. “Prosecutors can stretch it to cover misdeeds that would otherwise barely qualify as illegal.” In 2006, for instance, a Missouri woman named Lori Drew bullied her young neighbor online; the girl, Megan Meier, ultimately committed suicide. Drew was charged by federal prosecutors under Section 1030 for violating MySpace’s terms and conditions. In an amicus brief, the Electronic Frontier Foundation argued that, though Meier’s suicide was sad and horrific, charging Drew in this manner made no sense—that this was “a dangerously overbroad construction of the CFAA,” one that “would criminalize the everyday conduct of millions of internet users.” (Drew was convicted of a misdemeanor violation of the CFAA, but the verdict was later set aside.)
Around the time of his own indictment, Aaron Swartz became interested in another law Web activists thought was out of touch with reality: the Stop Online Piracy Act. As it was being formulated in the House of Representatives, SOPA was promoted as a bill that would protect intellectual property by empowering law enforcement to shut down (and possibly arrest the proprietors of) websites that streamed or hosted copyrighted material without authorization. Big media organizations had been lobbying Congress to address copyright infringement for years. SOPA was a direct descendant of the Combating Online Infringement and Counterfeits Act, which was making its way through the Senate in 2010 before Sen. Ron Wyden killed the bill in committee. That bill was rewritten and resubmitted to the Senate in 2011 under a different name: the PROTECT IP Act, or PIPA—the sister legislation to SOPA.
When it was first introduced in October 2011, SOPA had the backing of media conglomerates and the U.S. Chamber of Commerce. But online activists quickly seized on the legislation as a dull-witted attack on the Internet at large, a broadside against online culture that would stifle creativity, favor big business at the expense of independent operators, and effectively kill the free, open, non-commercial Internet.
The protests against SOPA and PIPA cried out for Swartz’s involvement. This was the culmination of everything he had worked on and believed in: copyright reform, collaborative culture, open access to data, political activism. Despite the case against him—or perhaps because of it—Swartz decided to go on the attack.
Before his arrest, Swartz had gone to Providence, R.I., to volunteer on the congressional campaign of a young city councilman named David Segal. They lost the election but forged a friendship. Now, Segal and Swartz joined to create Demand Progress, an organization designed to “win progressive policy changes for ordinary people through organizing, and grassroots lobbying.” Swartz made speeches, brought other organizations into the fight, and built tools that made it easy for citizens to contact lawmakers and register their opposition to SOPA and PIPA.
Facing tremendous external pressure, Congress backed down in January 2012. SOPA and PIPA were dead.
Several people close to the SOPA protests believe that, without Swartz’s involvement, the bills might have passed. Holmes Wilson, whose organization Fight for the Future was instrumental in orchestrating a blackout of Wikipedia and other prominent websites, credits Swartz and his organization with spreading the anti-SOPA message to a larger audience. “Demand Progress was the first organization to build campaigns that connected those bills to entire new audiences of people who cared about tech policy just because of how much they lived on the Internet, and not because of any previous kind of commitment to the ideals of liberty online,” Wilson says.
A few months after the bills had been defeated, Swartz spoke at a conference in Washington, D.C., about the lessons of the SOPA fight.
Bills like SOPA and PIPA would return, he said:
Sure, it will have yet another name, and maybe a different excuse, and probably do its damage in a different way. But make no mistake: The enemies of the freedom to connect have not disappeared. The fire in those politicians’ eyes hasn’t been put out. There are a lot of people, a lot of powerful people, who want to clamp down on the Internet. And to be honest, there aren’t a whole lot who have a vested interest in protecting it from all of that. Even some of the biggest companies, some of the biggest Internet companies, to put it frankly, would benefit from a world in which their little competitors could get censored. We can’t let that happen.
The victory against SOPA and PIPA was real, but the end of the campaign brought Swartz back to reality. His friends had been subpoenaed. And although JSTOR had declined to prosecute, the government—with MIT’s tacit backing—continued to pursue charges against Swartz. “Stealing is stealing,” U.S. Attorney Carmen Ortiz said in a statement in July 2011, “whether you use a computer command or a crowbar, and whether you take documents, data or dollars.”
* * *