Prosecuting Hackers with ‘Good Intentions’


Aaron Swartz

U.S. Attorney Carmen Ortiz defended her office's handling of the prosecution of Internet pioneer Aaron Swartz this morning at the 9th Annual Harry Frank Guggenheim Symposium on Crime in America, at John Jay College in New York City.

Before Swartz committed suicide in 2013, the 26-year-old who helped develop RSS feeds and Creative Commons faced possible prison time for illegally downloading a trove of academic papers, and other related charges.

His death became a rallying point for activists who argue that prosecutors use the United States' primary federal cyber crime statute, the Computer Fraud and Abuse Act (CFAA), to penalize low-level offenders too harshly.

Ortiz, who called Swartz's death “tragic,” argued that while such cases are prosecuted under the same laws as major cyber attacks, prosecutors use discretion in sentencing recommendations.

“I may not be dealing with a scary hacker, but I'm dealing with someone who, for example, downloaded a tremendous amount of information that affected my educational institution or hospital that I'm running and perhaps had good intentions,” Ortiz said in one of her first public statements since Swartz's death.

“It may not be scary, it may not be as egregious, for example, as what happened at Target, but it's still a problem,” she added, referring to the massive security breach at the chain retailer.

Ortiz was among a panel of cyber crime law enforcement experts at the conference, which brings together top practitioners, academics, private-sector leaders and journalists for two days of candid discussion on the lingering failures and inequities of the criminal justice system and the economic impact those failures have had.

She noted that while the maximum penalty Swartz faced was 35 years, “In that particular case, the individuals involved, including the lawyers that were involved, knew that they were not looking at any significant period.”

“The offer from the government was about 6 months or so,” Ortiz said.

Participants in the panel argued that it wouldn't be easy to create laws that treat cyber crimes like Swartz's and routine cyber trespassing differently than high-level malicious attacks.

Tim Ryan, who served as head of the Federal Bureau of Investigation cybercrime unit, said that hackers tend to start small and build toward more disruptive attacks.

“There is this continuum of criminality in hackers,” said Ryan, who is now managing director of Kroll Advisory Solutions, a private cybercrime investigations company. “I can almost guarantee you, that if you don't do something meaningful to intervene, and this doesn't have to be incarceration, you'll have a problem down the road.”

For the Department of Justice, Ortiz noted, that “continuum” concept also applies to the kinds of intellectual property issues and trespasses that Swartz was accused of.

“This is a very significant problem because intellectual property is one of the biggest and primary assets of the United States,” she said. “Our creativity, the amount of time that goes into intellectual development, is valuable.”

Graham Kates is deputy managing editor of The Crime Report. He welcomes comments from readers. He can be found on Twitter @GrahamKates.

Comments are closed.