The Secret Service set up task forces around the country following President George W. Bush's signing of the Patriot Act in the aftermath of the Sept. 11 terror attacks. In 2009, the Secret Service announced the formation of three additional task forces in St. Louis, Kansas City and New Orleans "to identify, investigate, disrupt and dismantle individuals and criminal enterprises who are engaged in financial crimes."
The Swartz case wasn't the first brought by Boston-based federal prosecutors to make big news. In March 2010, Boston judges hit master hacker Albert Gonzalez with three concurrent two-decade sentences to prison for hacking several retailers' networks to steal customers' credit and debit card information. Gonzalez¹s victims included a wide range of retailers, including 7-Eleven Inc., shoe seller DSW Inc. and discount retailer The TJX Cos. Inc., which owns T.J.Maxx.
The district's continued aggressive prosecution of computer crimes also yielded an 82-month sentence in February 2011 against Asa Pala, who had pleaded guilty to one count of conspiracy to commit computer fraud and five counts of failure to file an income tax return. His scheme caused German citizens' computer telephone modems to call premium telephone numbers rented from German telephone companies by Pala's conspirators from 2003 through 2007.
In the Swartz case, prosecutors on Jan. 14 asked the presiding judge to dismiss the prosecution. Swartz was charged with crimes that included wire fraud, computer fraud and unlawfully obtaining information from a protected computer. Charging documents said he did not steal any personal identifying information. JSTOR did not pursue a civil case against Swartz.
Government lawyers alleged that Swartz, without permission, used the networks of the Massachusetts Institute of Technology to download millions of JSTOR articles. In court papers, Heymann described as "incredible" the argument that Swartz did not know his conduct was wrongful.
"Swartz took great pains to hide his identity, to hide his laptop and its identifiers, and to hide his face by a bicycle helmet when he believed he could be seen leaving and entering the closet," Heymann said in a court filing in November. The university and JSTOR, Heymann said, "had blocked his communications repeatedly." Swartz, the prosecutor said, circumvented JSTOR's restrictions that limit the number of downloads.
In a lengthy piece published Monday on the legal blog The Volokh Conspiracy, Orin Kerr, who teaches computer crime law at George Washington University Law School, concluded that the charges against Swartz were "based on a fair reading of the law."
"None of the charges involved aggressive readings of the law or any apparent prosecutorial overreach," Kerr wrote. "Indeed, once the decision to charge the case had been made, the charges brought here were pretty much what any good federal prosecutor would have charged."
Kerr has long fought the overly broad reading of "unauthorized access" under the Computer Fraud and Abuse Act, the law Swartz allegedly violated. "This is not merely a case of breaching a written policy," Kerr wrote. "Rather, this is a case of circumventing code-based restrictions by circumventing identification restrictions. I don't see how that is particularly different from using someone else's password, which is the quintessential access without authorization."
Marcia Hofmann, a lawyer with the advocacy group Electronic Frontier Foundation, said in a blog post on Monday that "some extremely problematic elements of the law"including vagueness of languagemade it possible for prosecutors to pursue Swartz in the first place. The law, for instance, doesn't clearly explain the scope of "lack of authorization" when it comes to a person accessing a protected computer, Hofmann said.