The suicide of Aaron Swartz, the Internet pioneer and free-information activist, touched off accusations that federal prosecutors abused their power by seeking a long sentence and stiff fine against him for hacking into the MIT network. But the case may say as much about problems with federal cybercrime law as it does prosecutorial judgment, according to those familiar with the law.
The cybercrime statutes are broad — critics would say disproportionately so — subjecting even minor offenders to heavy criminal penalties, specialists say. That fact, coupled with sentencing guidelines that encourage prosecutors to take advantage of the tough sanctions, can give rise to overreaching prosecutions, they say.
“If there’s a statute that allows for 13 felonies and decades in prison to flow from what he was accused of doing, there’s a problem with the statute,” said Zoe Lofgren, a California congresswoman who is seeking to amend the law. “Aaron’s activity was not for personal gain, which is a very different situation from other crimes.”
Boston lawyer Martin Weinberg, who was one of Swartz’s lawyers, said the sentencing guidelines that federal courts rely on are “Draconian and dehumanizing’’ because in white-collar cases – including computer fraud – sentences hinge largely on the amount of financial loss.
“The starting place for a federal sentence for a corrupt hedge fund manager, a Ponzi schemer, a corrupt banker who betrays his oath and somebody that entered a computer without authorization is all the same,” Weinberg said. “And it’s all driven by the potential loss to the person who owns the data or the person who owns the money.”
Weinberg said the government alleged that JSTOR, which provides access to its online archive system to the Massachusetts Institute of Technology and other users for a subscription fee, estimated its potential loss would have been millions of dollars if Swartz had posted the articles on the Internet.
While critics say prosecutors have used the expansive law to cast a wide net, subjecting minor offenders to disproportionate punishment, other legal specialists note that prosecutors in the Swartz case have stayed well within the legal sanctions provided by the law. While prosecutors have the discretion to recommend lesser sanctions, they typically rely on strict sentencing guidelines, many specialists say.
In the Swartz case, that financial calculation led to a sentencing guideline range of about five to seven years, even though he had no criminal record and did not profit from the downloaded documents.
“That’s the institutional problem,” said Marc Zwillinger, a former federal cybercrime prosecutor who founded a law firm that works with companies on computer crime issues. “Everything in the sentencing process is guideline-driven, which warps the perspective of all the participants. The focus is on how the sentence compares to the guidelines, instead of what is the right outcome for this individual.”
As a result, many defendants are pressured to strike a deal with prosecutors and plead guilty to avoid the prospect of lengthy prison sentences, legal specialists say.
Legal specialists, including former federal prosecutors, say the Swartz case is highly unusual and has no obvious precedents. Most people who steal data, they say, do so in hopes of financial profit, which prosecutors acknowledge was not Swartz’s motive.
Prosecutors alleged that Swartz, while a fellow at Harvard University’s Safra Center for Ethics, downloaded millions of documents from JSTOR between September 2010 and January 2011, using different computers and IP addresses as MIT Police, Cambridge police, and Secret Service agents were trying to block his access and identify him.
They alleged he broke into a basement closet at MIT — using a bicycle helmet to obscure his face — and hard-wired his laptop to the network to download more articles.
Swartz was initially arrested on state charges in January 2011, then US Attorney Carmen Ortiz’s office indicted him six months later on charges of wire fraud, computer fraud, unlawfully obtaining information from a protected computer, and recklessly damaging a protected computer. In September 2012, federal prosecutors increased the number of counts against Swartz from four to 13. Ortiz’s office would not comment on why.
The charges against Swartz carried a maximum sentence of 35 years in prison, but in plea negotiations, prosecutors said they would recommend a six-month jail sentence if Swartz pleaded guilty to all 13 felony charges, according to Elliot Peters, the lawyer who took over Swartz’s case in the fall. The judge would ultimately decide whether to accept it. But Swartz, who had battled depression, rejected the deal and was awaiting trial when he hung himself in his Brooklyn apartment Jan. 11.Continued...