MIT released details and logs of Aaron Swartz’s use of the MIT network to law enforcement without a warrant or subpoena, according to court documents filed on Friday, Oct. 5.
The release violates MIT’s written policy on network information disclosure, Swartz’s filings say, but MIT Information Services & Technology disagrees. Swartz’s motion asserts MIT’s policy permits disclosure “only” in the face of a “court order or valid subpoena,” but the policy does not contain the word “only.”
The details of MIT’s disclosure of this information are important to students because the same policies govern the release of information for other kinds of activities, such as illegal downloading and filesharing.
MIT has defended its actions as necessary to “protect its network,” but has refused to explain that comment further.
Swartz is accused of downloading millions of documents from JSTOR, an online journal archive, by hiding a computer in a network closet in the Building 16 basement. He has pleaded not guilty to 13 counts of federal law violations, and a jury trial is scheduled for Feb. 4, 2013.
On Jan. 4, 2011, the day after MIT was notified about Swartz’s third episode of JSTOR downloads, “the Secret Service assumed control of the investigation,” according to the filings.
MIT provided the Secret Service with “network flow data” and DHCP log information for Swartz from the prior 18 days, and packet capture of traffic to and from Swartz’s hidden laptop.
Network flow data is collected by the MIT network in an automated fashion, and consists of timestamped records summarizing source and destination Internet addresses, timestamps, number of bytes and packets, and network protocol. That information is sufficient to identify the kind of network use associated with a computer on the network. The information can translate to a list of the websites a person visits, whether they are engaging in peer-to-peer downloading through means such as BitTorrent, whether a computer is running a webserver, and similar activities.
DHCP log data, on the other hand, identifies the hardware address of a particular computer, and records the Internet IP address that the computer is automatically assigned by the network.
Packet capture data is actual real copies of the information sent over the network; it is not summarized or aggregated like network flow data, but it is not collected automatically and requires a lot of space to store. It’s not practical for MIT to collect packet capture data for more than a handful of computers on the network; but network flow data is much smaller and more manageable and can be collected for all machines on the network.
Because this data is so sensitive, MIT does not disclose it lightly. IS&T has a written policy that covers DHCP data, but does not explicitly mention network flow data or packet capture data.
The filing that provided this information was a 21-page motion to suppress MIT’s disclosures. It was the first of five motions to suppress evidence filed on Oct. 5. But it is not typical for courts to suppress DHCP logs and similar network information.
Martin G. Weinberg, Swartz’s attorney, wrote in an email that while some of the motions raise traditional Fourth Amendment challenges, “certain of the motions raise novel” Fourth Amendment challenges with respect to “new technologies.”
When asked about MIT’s disclosure of network data without a subpoena, Marilyn T. Smith, head of IS&T told The Tech in a prepared statement last week that “MIT acted responsibly in unique circumstances to protect its network and ensure the ability of members of the MIT community to access important scientific journals.”
Smith was unable to explain how MIT’s decision not to wait for a subpoena before disclosing the information “protected” the MIT network, or affected “ability to access” scientific journals. Smith repeatedly declined to add more information, saying that MIT does not comment on matters related to active criminal proceedings.
Smith did say that MIT “has not changed its historical practice around the disclosure of personal information to law enforcement.”
But how might MIT’s actions here differ if the party was a student engaged in illegal file sharing? If MIT’s choice to disclose Swartz’s network usage without a warrant is consistent with the policy, then disclosure of a student’s filesharing activities would seem to be as well.
Did Swartz break in?
The indictments against Swartz charge him with “break[ing] into a restricted-access computer wiring closet” in Building 16.
But in Swartz’s second motion to suppress evidence filed on Oct. 5, Swartz claimed not to be a trespasser, and claimed not to have forfeited his expectation of privacy in his laptop because he did not “abandon” the laptop in a legal sense.
Swartz’s motion describes the network closet as within a network of hallways which are used by people to travel between MIT buildings.
“There were no signs ordering people to keep out, … and the door to the data room opened readily with a ‘quick jerk,’” the motion said.
Swartz also argues that to find abandonment, “there must be ‘clear and unequivocal evidence’” that he intended to abandon the laptop. The fact that law enforcement expected him to return — and that they set up video surveillance in anticipation of that — means that he did not abandon the laptop, the defense claims.
Swartz’s saga with MIT and JSTOR began in September 2010. He began mass downloading JSTOR documents on or around Sept. 24, and JSTOR first blocked his access on Sept. 26. He resumed his downloading on Oct. 2 and was blocked again on Oct. 9. Another episode occurred on Dec. 26, and again on Jan. 4. He was spotted and apprehended on Jan. 6.
Swartz was originally indicted on four counts on July 11, 2011. The indictment was superceded on Sept. 12, 2012, and the revised indictment is for thirteen counts. He appeared in court and pleaded not guilty on Sept. 24, 2012.
His trial is currently set for Feb. 4, 2013 in United States Federal Court before Judge Nathaniel M. Gorton at the Moakley Courthouse on the Boston waterfront.