Writing in Slate, Justin Peters has a puzzling article on the CFAA charges brought against Aaron Swartz. Peters appears to think that the basis of the Swartz prosecution was violating the Terms of Service at JSTOR, the service that hosted the database that Swartz tried to copy. Peters then discusses whether Swartz should be held criminally liable for violating JSTOR’s Terms of Service, and he then points out that this would not be a crime in the Ninth Circuit under its en banc opinion in United States v. Nosal.
This misunderstanding of the Swartz prosecution has become popular in some circles, fueled in part by the writings of Larry Lessig . But I’m not sure why Peters, Lessig, and some others think that the Swartz prosecution was based on a TOS violation. True, Swartz violated JSTOR’s terms of Service — and MIT’s, for that matter. But the government’s strongest case for Swartz accessing computers without authorization was Swartz’s entering the MIT closet to hard wire his laptop into MIT’s network after he had been blocked twice by sysadmins when Swartz accessed the the network from a wireless connection. To argue that Swartz did not violate the CFAA, you need to argue that entering the MIT closet and connecting directly to its network was an authorized access. You need to argue that MIT had an “open closets” policy, so that everyone was welcome to go into closets at MIT and connect to any switches they liked when inside. You also need to argue that Swartz was authorized to use the network after MIT’s system administrators tried to block him from doing so. That is, you need to argue that even though MIT’s employees were trying to keep Swartz off the network, there was a distinct entity of MIT beyond its employees that authorized Swartz to go around its agents and access the network anyway. I think that’s a hard argument to make. Not impossible, perhaps, but very tough. But that’s what the argument needs tp be to engage with the facts of the Swartz prosecution. In contrast, I don’t think it helps to imagine that the government was prosecuting Swartz for violating Terms of Service.
As regular readers know, I have publicly opposed CFAA liability for violating Terms of Service ever since I left DOJ in 2001. I’ve written articles and op-eds opposing it, I’ve testified against it, and I’ve litigated cases against it. If Swartz had been prosecuted for violating TOS, I would have been working for him pro bono just like I did for Lori Drew. But the government didn’t need to rely on that possible theory in the Swartz case, as Swartz’s conduct gave the government pretty secure ground to argue that Swartz had committed an unauthorized access.
One final thought: Peters seems to miss an inside joke when he quotes me as saying that the Nosal opinion is “superb and extremely insightful.” In my post that he quotes, the quoted phrase was hyperlinked to my 2010 post Brilliant People Agree With Me, about how folks often call writing “superb” and “extremely insightful” when it happens to match their view. Perhaps this was too subtle, but I was trying to say that I liked Nosal in part because it closely mirrored my own writings on the CFAA.