MIT can probably claim there were no rights violations because it is a
'private' entity. The reality with major research institutions is that
they are so dependent on Federal funding and research contracts that
they become a de facto extension of the government & generally do as
they are told. So, yes, I can easily believe MIT was 'strongly
encouraged' to pursue one course of action over another. And, I
believe the 'freewheeling culture' is only freewheeling to a point.
When people try to go past that point, they are stopped in one way or
another.
On Jan 21, 2013, at 11:27 AM, Ray Harrell wrote:
What do you think?
REH
From: [email protected] [mailto:[email protected]
] On Behalf Of Arthur Cordell
Sent: Monday, January 21, 2013 9:11 AM
To: 'RE-DESIGNING WORK, INCOME DISTRIBUTION, EDUCATION'
Subject: [Futurework] FW: How M.I.T. Ensnared a Hacker
Subject: How M.I.T. Ensnared a Hacker
How M.I.T. Ensnared a Hacker, Bucking a Freewheeling Culture
· by NOAM COHEN NY TIMES
· JAN. 20, 2013
•
In the early days of 2011, the Massachusetts Institute of
Technology1 learned that it had an intruder. Worse, it believed the
intruder had been there before.
Months earlier, the mysterious visitor had used the school’s
computer network to begin copying millions of research articles
belonging to Jstor, the nonprofit organization that sells
subscription access to universities.
The visitor was clever — switching identifications to avoid being
blocked by M.I.T.’s security system — but eventually the university
believed it had shut down the intrusion, then spent weeks reassuring
furious officials at Jstor that the downloading had been stopped.
However, on Jan. 3, 2011, according to internal M.I.T. documents
obtained by The New York Times, the university was informed that the
intruder was back — this time downloading documents very slowly,
with a new method of access, so as not to alert the university’s
security experts.
“The user was now not using any of the typical methods to access
MITnet to avoid all usual methods of being disabled,” concluded Mike
Halsall, a senior security analyst at M.I.T., referring to the
university’s computer network.
What the university officials did not know at the time was that the
intruder was Aaron Swartz, one of the shining lights of the
technology world and a leading advocate for open access to
information, with a fellowship down the road at Harvard.
Mr. Swartz’s actions presented M.I.T. with a crucial choice: the
university could try to plug the weak spot in its network or it
could try to catch the hacker, then unknown.
The decision — to treat the downloading as a continuing crime to be
investigated rather than a security threat that had been stopped —
led to a two-day cat-and-mouse game with Mr. Swartz and, ultimately,
to charges of computer and wire fraud. Mr. Swartz, 26, who faced a
potentially lengthy prison term and whose trial was to begin in
April, was found dead of an apparent suicide in his Brooklyn
apartment on Jan. 11.
Mr. Swartz’s supporters called M.I.T.’s decision a striking step for
an institution that prides itself on operating an open computer
network and open campus — the home of a freewheeling programming
culture. M.I.T.’s defenders viewed the intrusion as a computer crime
that needed to be taken seriously.
M.I.T. declined to confirm any of these details or comment on its
actions during the investigation. The university’s president, L.
Rafael Reif, said last week, “It pains me to think that M.I.T.
played any role in a series of events that have ended in tragedy.”
He appointed a professor2, Hal Abelson, to analyze M.I.T.’s conduct
in the investigation. To comment now, a spokeswoman for the
university said, would be “to get ahead of that investigation.”
Early on Jan. 4, at 8:08 a.m., according to Mr. Halsall’s detailed
internal timeline of the events, a security expert was able to
locate that new method of access precisely — the wiring in a network
closet in the basement of Building 16, a nondescript rectangular
structure full of classrooms and labs that, like many buildings on
campus, is kept unlocked.
In the closet, Mr. Halsall wrote, there was a netbook, or small
portable computer, “hidden under a box,” connected to an external
hard drive that was receiving the downloaded documents.
At 9:44 a.m. the M.I.T. police were called in; by 10:30 a.m., the
Cambridge police were en route, and by 11 a.m., Michael Pickett, a
Secret Service agent and expert on computer crime, was on the scene.
On his recommendation, a surveillance camera was installed in the
closet and a second laptop was connected to the network switch to
track the traffic.
There may have been a reason for the university’s response.
According to the timeline, the tech team detected brief activity
from China on the netbook — something that occurs all the time but
still represents potential trouble.
E-mails among M.I.T. officials that Tuesday in January 2011
highlight the pressures university officials felt over a problem
they thought they had solved. Ann J. Wolpert, the director of
libraries, wrote to Ellen Finnie Duranceau, the official who was
receiving Jstor’s complaints: “Has there ever been a situation
similar to this when we brought in campus police? The magnitude,
systematic and careful nature of the abuses could be construed as
approaching criminal action. Certainly, that’s how Jstor views it.”
Some of Mr. Swartz’s defenders argue that collecting and providing
evidence to the government without a warrant may have violated
federal and state wiretapping statutes.
“This was a pivotal moment,” said Elliot Peters, Mr. Swartz’s
lawyer. “They could have decided, we’re going to unplug this
computer, take it off the network and tell the police to get a
warrant.”
Mr. Peters had persuaded a judge to hear his arguments that the
evidence collected from the netbook be excluded from the trial,
asserting that Mr. Swartz’s Fourth Amendment protections from
unlawful search and seizure had been violated. (All charges against
Mr. Swartz were dropped after his death.)
Investigators first caught sight of Mr. Swartz on camera the day it
was installed. At 3:26 p.m., the timeline notes, the “suspect is
seen on camera entering network closet, noticeably unaware of what
had occurred all morning.”
But Mr. Swartz managed to leave before the police could arrive.
Also, “on his way out, the suspect shuts off the lights,” the
timeline reports, which “will hurt video quality and possibly work
against the motion activation of the camera.” A technician quickly
turned them back on.
Mr. Swartz certainly knew his way around the M.I.T. campus — as his
defense pointed out in court, he had given a guest lecture there, he
had many friends on campus, and his father, Bob Swartz, remains as a
consultant at the university’s Media Lab.
Two days later, the timeline notes that Aaron Swartz “enters network
closet while covering his face with bike helmet, presumably thinking
video cameras may be in hallway.” More seriously for the M.I.T.
investigation, “once inside and with the door closed, he hurriedly
removes his netbook, hard drive and network cable and stows them in
his backpack.” He was gone within two minutes, too quickly for the
police to catch him.
Perhaps suspecting he was being watched, Mr. Swartz moved the
computer. But M.I.T.’s tech team believed it had tracked it to the
fourth floor of the same Building 16. The university called for
“police presence.”
A little after 2 p.m., according to the government, Mr. Swartz was
spotted heading down Massachusetts Avenue within a mile of M.I.T.
After being questioned by an M.I.T. police officer, he dropped his
bike and ran (according to the M.I.T. timeline, he was stopped by an
M.I.T. police captain and Mr. Pickett). He was carrying a data
storage device with a program on it, the government says, that tied
him to the netbook.
The arrest shocked friends of Mr. Swartz, as well as M.I.T. alumni.
Brewster Kahle, an M.I.T. graduate and founder of the digital
library Internet Archive, where Mr. Swartz gave programming
assistance, wrote: “When I was at M.I.T., if someone went to hack
the system, say by downloading databases to play with them, might be
called a hero, get a degree, and start a company. But they called
the cops on him. Cops.”
Mr. Swartz turned over his hard drives with 4.8 million documents,
and Jstor declined to pursue the case. But Carmen M. Ortiz, the
United States attorney in Boston, decided to press on. The
government has defended M.I.T.’s decision to “collaborate” with the
federal investigation and argued there was no need for a warrant
because, as a trespasser on M.I.T.’s campus, Mr. Swartz had no
reasonable expectation of privacy for his netbook. And M.I.T.’s
officials were rightfully concerned, the government argued, by the
threat they faced.
“M.I.T. had to identify the hacker and assist with his apprehension
in order to prevent further abuse,” the government argued in court.
Michael Sussmann, a Washington lawyer and a former federal
prosecutor of computer crime, said that M.I.T. was the victim and
that, without more information, it had to assume any hackers were
“the Chinese, even though it’s a 16-year-old with acne.” Once the
police were called in, the university could not back away from the
investigation. “After there’s a referral, victims don’t have the
opportunity to change their mind.”
Mr. Swartz’s father, in a telephone interview, described himself as
“devastated” by M.I.T.’s conduct during the investigation of his
son. “M.I.T. claimed they were neutral — but we don’t believe they
acted in a neutral way,” he said, adding, “My belief is they put
their institutional concerns first.”
He described attending two meetings with the chancellor of M.I.T.,
Eric Grimson. Each time there also was a representative of the
general counsel’s office. At both meetings, he said, members of
M.I.T.’s legal team assured him and the chancellor that the
government had compelled M.I.T. to collect and hand over the
material. In that first meeting, he recalled, “I said to the
chancellor, ‘Why are you destroying my son?’ He said, ‘We are not.’ ”
References
^Massachusetts Institute of Technology (topics.nytimes.com:80) (http://topics.nytimes.com/top/reference/timestopics/organizations/m/massachusetts_institute_of_technology/index.html?inline=nyt-org
)
^appointed a professor (www.nytimes.com:80) ( http://www.nytimes.com/2013/01/14/technology/aaron-swartz-a-data-crusader-and-now-a-cause.html?hpw
)
Original URL:
http://www.nytimes.com/2013/01/21/technology/how-mit-ensnared-a-hacker-bucking-a-freewheeling-culture.html?nl=todaysheadlines&emc=edit_th_20130121&_r=0
Facebook
Twitter
Email
Unarchive
Tags
Did this article display correctly? Yes No
We ran into trouble. Mind trying again?
Submitting your feedback…
Thank you for your feedback
Thank you! Your feedback greatly helps us improve Readability.
Describe the issue:
Tags:
_______________________________________________
Futurework mailing list
[email protected]
https://lists.uwaterloo.ca/mailman/listinfo/futurework
_______________________________________________
Futurework mailing list
[email protected]
https://lists.uwaterloo.ca/mailman/listinfo/futurework
