The Massachusetts Institute of Technology on Tuesday released its report to the president regarding MIT's involvement in the prosecution of Aaron Swartz. Some, like MIT's president, L. Rafael Reif, have glossed the report as a vindication of the institution's "right position" at the time. Swartz's former partner, Taren Stinebrickner-Kauffman, has characterized it as a "whitewash." Others, like Salon's Andrew Leonard, have viewed it as evidence MIT has betrayed its hacker culture.
Which is it? None of the above. In fact, the report is a stinging indictment of the broader MIT community's failure to develop the necessary interest and critical-thinking tools required to engage with important issues at the nexus of technology, law, and social policy.
In January 2011, Aaron Swartz was arrested after using his visitor's access to MIT's Ethernet network to download several million pages of documents from JSTOR, a nonprofit journal archive. Federal prosecutors charged him with a number of crimes, but principally with violating the Computer Fraud and Abuse Act (CFAA).
All told, the charges could have put Swartz in jail for over 30 years. He subsequently committed suicide—many believe because of the burden of his legal battles.
When Swartz was a target of federal prosecutors, MIT assumed a position of "neutrality" toward the case; it would support neither the defense nor the prosecution. The problem with MIT's pretense of being a neutral bystander was that the charges related to the CFAA. This law makes it a crime to, among other things, gain unauthorized access to a computer network. But was Swartz's access "unauthorized"? The report argues that, given current law, the answer appears to be no.
Furthermore, the report says, MIT did not "ask of itself" whether its access policy had actually been violated. The question is important because "... this policy and these rules were written, interpreted, and applied by MIT for MIT's own mission and goals—not those of the government." In other words, MIT was in a position to judge and the government was not. It should not have been the government's call.
The report also makes it clear that MIT was at best neutral in a technical sense: "In consequence of the differences in the powers, timing, and goals of the two parties in the case, neutrality in responses was not consistent with neutrality in outcomes." For example, the report argues that MIT "could have automatically supplied the defense with a copy of every document supplied to the prosecution, rather than waiting for a defense subpoena. Similarly, it could have offered a defense interview with every employee interviewed by the prosecution." It failed to do so.
The report also notes that MIT turned over a number of intercepted electronic communications to the prosecution without subpoena, a step that the defense argued was "in violation of the Fourth Amendment and the Stored Communications Act." One can argue about whether MIT violated the law in intercepting and turning over the documents, but it is plainly Orwellian to characterize such actions as "neutral."
However, as I said before, the criticism of the report goes much deeper than problems it has with the administrators. And the core issue begins with the following amazing paragraph:
"In considering whether to maintain MIT's neutrality position, OGC [MIT's Office of General Counsel], and the faculty members and others it questioned about this, began by asking whether Aaron Swartz was an MIT student. Upon learning that he was not, most of the people consulted agreed that staying neutral was appropriate. Similarly, Aaron Swartz's arrest and prosecution sparked little reaction from the MIT community, including students."
In other words, the actions of the administration reflected the views of the broader community. But now we get into a much deeper problem. How is it that the students and faculty at MIT could not understand that this case affected their lives in crucial ways? All of them could potentially be tripped up by the CFAA in their professional and personal online activities. (For example, it is arguably a violation of the CFAA to lie about your age on Match.com, and the U.S. Department of Justice has contended in its case against Andrew Auernheimer that it is a violation of the CFAA to retrieve Web pages that are unprotected on the Internet if their owner does not intend that they be viewed.)
How could those students fail to see that the case was about them? In a subsequent interview, Hal Abelson, the principal author of the report, was even more clear on this point: "One of the things that really struck me is that there was almost nothing from MIT students in this. There was almost nothing from MIT faculty."
And so the report ends with several questions that suggest the MIT community is in need of some consciousness raising. One group of questions that stands out is the following:
"Does MIT have a responsibility to better prepare our students to grapple with the ethics of the decisions they will face as they go on to design new technologies to be used in the world? Should MIT provide opportunities for students to better understand how to deal with the consequences of their decisions, as part of their technology education?"
One assumes the questions are rhetorical and are being asked as a way to say that MIT is not adequately preparing students to deal with those issues. In other words, it suggests that MIT is failing in some of its fundamental educational responsibilities—failures that were subsequently reflected in the poor decision making of MIT's administrators.
Of course the rhetorical questions raised in the report are not just questions for MIT; they are questions for every educational institution. Would our students have been engaged? Would they have understood that the case affected their lives in significant ways? Are they prepared to tackle such complex issues in the future? If not, can we expect any more from our broader university communities?
Peter Ludlow is a professor of philosophy at Northwestern University.