Aaron's Law: The Necessary Legacy of Information Activist Aaron Swartz
Aaron Swartz was a brilliant, young mind who had some incredible accomplishments in this short life. He helped write the RSS 1.0 specification, unofficially co-founded Reddit, and worked feverishly as an activist for the freedom of information. Sadly, mainstream media made him notorious for using the MIT network to hack into the non-profit JSTOR and "liberating" millions of scientific and academic papers. He subsequently returned the papers to JSTOR, who sought not to pursue him and actually changed their rules to open access to their research. But he was still charged with 13 counts of network and computer fraud-related offenses, punishable with up to 35 years in prison and $1 Million in fines. A little more than a week ago, Aaron committed suicide, cutting short his brilliant existence and leaving the tech world reeling.
There has been much speculation as to why Aaron chose this path: his depression and the case being the most referenced. His family and friends spoke adamantly against his treatment by the legal system during his memorial service. His lawyer stated that when he first met Swartz, he realised that Aaron was "something very valuable to protect" and expressed remorse for not protecting him sufficiently. [Aside: You really should take the time to read this moving recap of the service at ReadWrite.]
Now, let's be clear: Aaron did sneak into MIT. And he did hack into their network. And he did download a bunch of files he wasn't supposed to, with the intention of sharing them openly. He took something that didn't belong to him. The consequence was that the people he affected retrieved the files and then opened them up to the public. There were no financial consequences, no one was hurt. Yes, he illegally accessed a network and a database, and that is against the law. Unfortunately, it goes against a law that is so outdated, his actions were punishable by consequences that are severe and extreme. Murderers and drunk drivers don't get punished this severely. So why should a hacker get treated this way for causing virtually no impact on a non-profit and a university?
Here are a few things I believe:
- Information should be free. I think that research and content are made to be shared openly and built on by others. (Which is why I do pro bono work, share my presentation scripts and slides with Creative Commons attributions and give my time and experience away without request for retribution)
- The punishment should fit the crime. For example, if a person violates a private company's terms of service, should they be prosecuted under civil or criminal law? In this case, JSTOR and Aaron came to an understanding, but due to outdated laws, he was brought up on criminal charges. Which means that...
- Laws and policies around networks and computers need to be updated. I think that people who break laws should be punished but that there are many outdated laws (especially with respect to technological crime) whose consequences are just too severe for the context.
In this case, if the changes specified in Aaron's law were already in effect in the US, Aaron's actions wouldn't necessarily have led to prosecution — especially with such strong penalties. And he might still be here to help change the world in other ways.
FYI: I’m this month's speaker at Girl Geek Dinner Ottawa. Join me on Wednesday, January 30th for some IRL geeky goodness. For more info, check out the event details and a sneak peek at my talk.