2. Swartz’s objective?
nothing/tbd | corpus analysis | limited works distribution
limited geography distribution| total distribution | commercial distribution
3.
4. Sept. 2010 - Downloading began using Python script
•25 Sept. 2010 - JSTOR blocked 18.55.6.215
•26 Sept. 2010 - Swartz to 18.55.6.216
•26 Sept. 2010 - JSTOR blocked 18.55.*.* (later alleged to
have blocked 18.55.6.*)
•27 Sept. 2010 - JSTOR contacts MIT, MIT denies MAC
address 0:23:5a:73:5f:fb a network connection.
•2 Oct. 2010 - Swartz changed MAC address to 0:23:5a:
73:5f:fc
•
5. 9 Oct. 2010 – JSTOR blocks all of MIT (restored few
days later)
•Nov. & Dec. 2010 - Swartz hard wires into MIT via
closet in Bldg. 16. Hid laptop. Obtains and begins using
a second laptop.
•4 Jan 2011 – MIT sysadmin traced IP address to network
switch in closet of MIT Bldg. 16.
•Cambridge Police, MIT Police, & Secret Service.
•External forensics, network monitoring, and video
surveillance.
•
6. 4 Jan 2011 – Swartz observed entering closet.
•6 Jan 2011 – Swartz observed entering closet second
time.
•MIT Police ID’d Swartz on street, arrested, seized
USB device in backpack.
•Computer later recovered from the student center.
•In February, search warrants executed by USSS of
apartment, office, laptop, external hard drive, and
USB storage device (the latter 3 had been seized at
arrest).
•
7. Spring/Summer 2011: Resolved civil claims with
JSTOR; returned corpus.
•Same time: grand jury investigation
•First indictment issued on 14 July 2011
•
8. Superseding Indictment (12 Sept. 2012)
Two counts of wire fraud (18 U.S.C. § 1343)
•Fives counts of computer fraud (18 U.S.C. § 1030(a)(4))
•Five counts of unlawful access to protected computer
(§ 1030(a)(2))
•One count of reckless damage to protected computer
(§1030(a)(5))
•
9. Wire Fraud
18 U.S.C. § 1343 – “Whoever, having devised or intending to devise any scheme or artifice to
defraud, or for obtaining money or property by means of false or fraudulent pretenses,
representations, or promises, transmits or causes to be transmitted by means of wire, radio, or
television communication in interstate or foreign commerce, any writings, signs, signals, pictures,
or sounds for the purpose of executing such scheme or artifice, shall be fined under this title or
imprisoned not more than 20 years, or both. […]”
Scheme to defraud a person out of money or property (can be
intangible).
•
Uses a false pretense.
•
Must be material (Neder v. United States (SCOTUS))
•
Employs use of a wire communication
•
10. Wire Fraud
Four theories:
1. appearing to JSTOR that he was affiliated with MIT.
2. changing IP and MAC address to conceal identity.
3. using python script to appear as though he was multiple users
4. concealing physical location
11. Wire Fraud
Four theories:
1. appearing to JSTOR that he was affiliated with MIT.
2. changing IP and MAC address to conceal identity. (doubtful)
3. using python script to appear as though he was multiple users.
(maybe)
4. concealing physical location
12. CFAA Claims
§ 1030(a)(4)
“exceeds authorized
access”
Computer fraud
§ 1030(a)(2)
Unauthorized access of
protected computer
§ 1030(a)(5)(B)
Computer damage
“without
authorization”
- intent to defraud
- accessed computer
to further
- obtained a thing of
value
- obtained
“information”
- felony if value >
$5000
- recklessly cause
damage
- felony if “loss” >
$5000
13. CFAA Claims
§ 1030(a)(4)
“exceeds authorized
access”
Computer fraud
§ 1030(a)(2)
Unauthorized access of
protected computer
§ 1030(a)(5)(B)
Computer damage
“without
authorization”
- intent to defraud
- accessed computer
to further
- obtained a thing of
value
- obtained
“information”
- felony if value >
$5000
- recklessly cause
damage
- felony if “loss” >
$5000
14. CFAA Claims
§ 1030(a)(4)
“exceeds authorized
access”
Computer fraud
§ 1030(a)(2)
Unauthorized access of
protected computer
§ 1030(a)(5)(B)
“without
authorization”
- “outsider” required?
Computer damage
Compare LVRC Holdings v. Brekka (9th Cir.);
with Int’l Airport Centers v. Citrin (7th Cir.)
1st Cir. has split D. Ct. authority.
- intent to defraud
- accessed computer
to further
- obtained a thing of
value
- obtained
“information”
- felony if value >
$5000
- recklessly cause
damage
- felony if “loss” >
$5000
15. CFAA Claims
§ 1030(a)(4)
“exceeds authorized
access”
Computer fraud
§ 1030(a)(2)
Unauthorized access of
protected computer
§ 1030(a)(5)(B)
Computer damage
“without
authorization”
- intent to defraud
- accessed computer
to further
- obtained a thing of
value
- obtained
“information”
- felony if value >
$5000
- recklessly cause
damage
- felony if “loss” >
$5000
16. CFAA Claims
§ 1030(a)(4)
“exceeds authorized
access”
Computer fraud
§ 1030(a)(2)
Unauthorized access of
protected computer
§ 1030(a)(5)(B)
Computer damage
“without
authorization”
- intent to defraud
- accessed computer
to further
- obtained a thing of
value
- obtained
“information”
- felony if value >
$5000
- recklessly cause
damage
- felony if “loss” >
$5000
17. CFAA Claims
§ 1030(a)(4)
Computer fraud
§ 1030(a)(2)
Unauthorized access of
protected computer
§ 1030(a)(5)(B)
Computer damage
“exceeds authorized
access”
Code | Contract | Norms
“without
authorization”
- intent to defraud
- accessed computer
to further
- obtained a thing of
value
- obtained
“information”
- felony if value >
$5000
- recklessly cause
damage
- felony if “loss” >
$5000
18. CFAA Claims
§ 1030(a)(4)
Computer fraud
§ 1030(a)(2)
Unauthorized access of
protected computer
§ 1030(a)(5)(B)
Computer damage
“exceeds authorized
access”
Code | Contract | Norms
- intent to defraud
- accessed computer
to further
- obtained a thing of
value
- obtained
- United States v. Drew (C.D. Cal.)
“information”
“without
- felony if value >
$5000
authorization”
- recklessly cause
damage
- felony if “loss” >
$5000
19. CFAA Claims
§ 1030(a)(4)
Computer fraud
§ 1030(a)(2)
Unauthorized access of
protected computer
§ 1030(a)(5)(B)
Computer damage
“exceeds authorized
access”
Code | Contract | Norms
- intent to defraud
- accessed computer
to further
- obtained a thing of
value
- obtained
- United States v. Drew (C.D. Cal.)
- JSTOR’s terms
“information”
- MIT’s terms
“without
- felony if value >
- but see United States v. Nosal (9th Cir.
$5000
authorization”
en banc)
- recklessly cause
damage
- felony if “loss” >
$5000
20. CFAA Claims
§ 1030(a)(4)
Computer fraud
“exceeds authorized
access”
Code | Contract | Norms
- JSTOR’s restrictions?
- MIT’s restrictions?
- “cat-and-mouse”
Unauthorized access of
protected computer IP
- with
- with MAC
§ 1030(a)(5)(B) use of
- through
Computer damage
script
§ 1030(a)(2)
- intent to defraud
- accessed computer
to further
- obtained a thing of
value
- obtained
- United States v. Drew (C.D. Cal.)
- JSTOR’s terms
“information”
- MIT’s terms
“without
- felony if value >
- but see United States v. Nosal (9th Cir.
$5000
authorization”
en banc)
- recklessly cause
damage
- felony if “loss” >
$5000
21. CFAA Claims
§ 1030(a)(4)
Computer fraud
“exceeds authorized
access”
Code | Contract | Norms
- JSTOR’s restrictions?
- MIT’s restrictions?
- “cat-and-mouse”
Unauthorized access of
protected computer IP
- with
- with MAC
§ 1030(a)(5)(B) use of
- through
Computer damage
script
§ 1030(a)(2)
- intent to defraud
- accessed computer
to further
- obtained a thing of
value
- obtained
- United States v. Drew (C.D. Cal.)
- JSTOR’s terms
“information”
- MIT’s terms
“without
- felony if value >
- but see United States v. Nosal (9th Cir.
$5000
authorization”
en banc)
- recklessly cause
damage
- felony if “loss” >
$5000
22. CFAA Claims
§ 1030(a)(4)
Computer fraud
“exceeds authorized
access”
Code | Contract | Norms | Physical?
- JSTOR’s restrictions?
- MIT’s restrictions?
- “cat-and-mouse”
Unauthorized access of
protected computer IP
- with
- with MAC
§ 1030(a)(5)(B) use of
- through
Computer damage
script
§ 1030(a)(2)
- intent to defraud
- accessed computer
to further
- obtained a thing of
value
- obtained
- United States v. Drew (C.D. Cal.)
- JSTOR’s terms
“information”
- MIT’s terms
“without
- felony if value >
- but see United States v. Nosal (9th Cir.
$5000
authorization”
en banc)
- recklessly cause
damage
- felony if “loss” >
$5000
23. CFAA Claims
§ 1030(a)(4)
“exceeds authorized
access”
Computer fraud
§ 1030(a)(2)
Unauthorized access of
protected computer
§ 1030(a)(5)(B)
Computer damage
“without
authorization”
- intent to defraud
- accessed computer
to further
- obtained a thing of
value
- obtained
“information”
- felony if value >
$5000
- recklessly cause
damage
- felony if “loss” >
$5000
24. CFAA Claims
§ 1030(a)(4)
“exceeds authorized
access”
Computer fraud
§ 1030(a)(2)
Unauthorized access of
protected computer
§ 1030(a)(5)(B)
Computer damage
“without
authorization”
- intent to defraud
- accessed computer
to further
- obtained a thing
of value
- obtained
“information”
- felony if value >
$5000
- recklessly cause
damage
- felony if “loss” >
$5000
25. CFAA Claims
§ 1030(a)(4)
“exceeds authorized
access”
Computer fraud
§ 1030(a)(2)
Unauthorized access of
protected computer
§ 1030(a)(5)(B)
Computer damage
“without
authorization”
- intent to defraud
- accessed computer
to further
- obtained a thing
of value
- obtained
“information”
- felony if value >
$5000
- recklessly cause
damage
- felony if “loss” >
$5000