THIS STORY HAS BEEN FORMATTED FOR EASY PRINTING
Globe Editorial

Hacker should face charges, but 35 years is too much

Aaron Swartz has a working lunch outside in Cambridge in 2007. Aaron Swartz has a working lunch outside in Cambridge in 2007. (File 2007/Wendy Maeda/Globe Staff)
July 25, 2011

E-mail this article

Invalid E-mail address
Invalid E-mail address

Sending your article

Your article has been sent.

Text size +

IF COMPUTER-HACKING virtuoso Aaron Swartz did what federal prosecutors say he did, his actions weren’t just foolish and illegal; they’re also deeply damaging for an open-data movement that he helped create.

Swartz, 24, was indicted Tuesday on federal charges of wire fraud, computer fraud, unlawfully obtaining information from a protected computer, and recklessly damaging a protected computer. The charges involve the theft of millions of files from an online database of academic papers. In an ironic twist, Swartz was a fellow at Harvard University’s Edmond J. Safra Center for Ethics when the alleged hacking took place last year. (He was studying government corruption.)

The case makes it clear that the legal system hasn’t fully worked out how to deal with file theft and other breaches of cybersecurity. The government has taken a hard line; as US Attorney Carmen Ortiz put it, “Stealing is stealing, whether you use a computer command or a crowbar, and whether you take documents, data, or dollars.’’ Yet the penalties Swartz faces are stiff - a maximum sentence of $1 million in fines and 35 years in prison. There are murderers who don’t serve 35 years.

Swartz wasn’t stealing secret government files or valuable troves of corporate data for espionage purposes; rather, the files he stole were all from JSTOR, a nonprofit repository of academic papers that charges subscription fees to view them. Though some have speculated Swartz intended to analyze the papers for some research purpose or another, prosecutors allege that he planned to post them online en masse - which would be in keeping with Swartz’s past efforts to make restricted information open to all.

Swartz is extremely intelligent - from his pioneering work in building the RSS system of blog feeds still in use today to his co-founding of the popular social networking site reddit, millions of web users have felt his imprint. But none of this gave him the right to take a store of documents that didn’t belong to him, as prosecutors allege, or to break into a basement room in MIT to thwart attempts to block his downloads.

Federal law needs to promote both the free exchange of ideas and the ability of JSTOR and others to charge for the services they provide, and how to balance those competing needs is a matter of debate. But massive data theft isn’t an argument. If Swartz has indeed engaged in it, he should be punished. And he will have made it that much harder for open-access activists to make their case.