Channels ▼

Web Development

The Crying Need To Punish Cyber Crime Fairly

Last weekend, Aaron Swartz, 26, hanged himself in his apartment in Brooklyn, New York. If his name is not familiar to you, let me fill in the pieces: Swartz was a programming prodigy. At the age of 14, he was a contributor to the RSS 1.0 standard. He later founded a company, Infogami, that was merged with several others to become Reddit, one of the most visited websites on the Web, and one of the favorite destinations of developers today. By all accounts, Swartz was a kind, thoughtful fellow, who was well liked by colleagues. His writings demonstrate a remarkable maturity lacking in the braggadocio, snarkiness, or animus often associated with young, very talented programmers. Instead, Swartz was inclined to give back: He founded the Open Library project, which helped make books more widely available, especially to disabled readers. And he also wrote, one of the most popular Python Web frameworks.

More Insights

White Papers

More >>


More >>


More >>

In addition to these activities, Swartz was heavily involved in various campaigns to make information more freely available. One target of particular concern to him is one that resonates with many researchers; namely, the high cost of access to articles whose research was paid for by taxpayers. I'm not here talking about the ACM or the IEEE, which charge for access but make that access comparatively inexpensive at $199 per year; but rather, organizations like the one that Swartz focused on, JSTOR, which charges thousands of dollars per year for access to articles within a single discipline. In 2009, Swartz walked into a network closet at MIT, hooked his laptop to the network, and had it run a variety of scripts that downloaded hundreds of thousands of articles from JSTOR via the university's access. He was arrested shortly after retrieving his laptop.

Swartz's initial goal was to make the downloaded articles freely available on the Web. But he never got to put this dissemination into action, and JSTOR's content remained safely behind its paywall. Over the next two years, JSTOR and Swartz came to resolution and JSTOR removed itself from any role in prosecution or claims against him. MIT, however, was not quite so ready to forgive the stunt. The university's hesitation is all the office of the U.S. Attorney in Massachusetts — one widely known for its tough stance on cybercrime — needed. The office filed charges against Swartz that carried a maximum sentence of 35 years in jail and a $1 million fine. Although Swartz left no suicide note, comments from both friends and family were unequivocal that the Attorney General's aggressive pursuit of the case was a frequent source of deep concern to him and almost certainly the key motivation in his suicide.

It is tempting perhaps to recite the old line, "if you can't do the time, don't do the crime." But such a viewpoint overlooks a gross inadequacy in this particular situation: the extraordinary disproportion between the offense and the punishment. Assault in Massachusetts garners a maximum sentence of 2½ years, non-statutory rape of a child garners a minimum of 15 years. So by what stretch of the imagination can it be that Swartz's crime should trigger such excess punishment?

The answer is that our laws against cybercrime give prosecutors very wide leeway in the penalties they can seek. In their maximum term, the laws are nothing but draconian. Alas, this phenomenon occurs at a predictable point in the cycle of punishment for new kinds of crimes. The lifecycle consists of initial tolerance and mild punishment, followed by a protracted period of seeing a grave threat, which is answered with stern, ham-fisted measures. Finally, there is recognition of the true, more nuanced nature of the threat and the punishments are pulled back to be proportional to the crime.

To wit, the 1988 worm by Robert Morris that brought down much of the then-nascent Internet was met with three years' probation, community service, and a $10,000 fine. Today, we're at the summit of disproportion (at least, one hopes) with the charges filed in Massachusetts against Swartz. And sometime soon, perhaps, we'll see a more measured and balanced code that recognizes the differences between various activities and mandates proportional punishments.

I should note that such a cycle played out with recreational drugs, which were legal in the U.S. in many forms at the beginning of the century. Drugs were later viewed as being the source of much inner-city crime and, as such, were gravely punished. The height came with the Rockefeller laws of 1973, which specified 15 years to life for possession of two ounces of marijuana. Today, however, marijuana is fast heading towards decriminalization.

In the meantime, victims of excessive legal penalties — whether small-time dope dealers locked up for decades or activists like Swartz who were broken by the threat of such punishment — bear the terrible price as we await brighter, fairer minds to prevail.

— Andrew Binstock
Editor in Chief
Twitter: platypusguy

More on JSTOR

Swartz Suicide Puts JSTOR Academic Database In Spotlight

Related Reading

Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.



I think the article said that the maximum penalty for the computing offense was 35 years while the minimum for the rape was 15. These two do not equate as it isn't stated what the minimum computing penalty was nor what the maximum rape penalty could be.


Disagree; too many judges in the past abused that discretion. It's one of the reasons for the "Get Tough On Crime" hysteria, because too many judges in high-profile cases abused their discretion to let dangerous criminals out of prison.
Maybe they need more discretion, but not like they once had. But we definitely need better legislation, clearer definition of crimes and proportionate sentences, and mostly to get rid of this hysteria over crimes against imaginary property.


But Mr. Swartz did not steal anything. If I steal your car, you no longer have it. Copying information without a license is a completely different kind of act called "copyright infringement". So on the scale of kinds of theft, well, it is not even on the scale, much less "beyond grand theft".


Reply to 1:
The relevance of expount Swartz's character is that it bases that Swartz made its "theft" for a protest. As a way of an activism. Not to get unfair advantage over others.

Reply to 5:
As you said: it *seems to you* that the harm of Swartz's act would be immense. But this is higly controversial.
It would indeed harm those publishes who get money with the arcticles JSTOR manages. But in the opinion of some people ( or many ) this business is unfair.
For some people even, Swartz's act would actually be good thing for society in general.


I always find your articles thoughtful and well written.

This is no exception so please ignore the negative comments.

There will always be those who choose to willfully ignore reason.


I'd rather you stick with technology and skip the lectures on law, ethics, and justice.

1. However wonderful Swartz was, that is beside the point. Mentioning it serves only to bias your readers in considering what is just.
2. Swartz chose to commit suicide, but this does not factor in deciding what is just. Or, should we lessen the punishment on other crimes so that murderers and other violent criminals will less often turn the gun on themselves?
3. As I understand it, JSTOR collects papers from many different publishers and makes those available to its subscribers. No one has to go to JSTOR to get those documents, as far as I know (presumably, they could go directly to the publisher). If this is so, comparing JSTOR to IEEE of ACM seems completely unfair, as JSTOR is providing "one stop shopping".
4. Swartz essentially stole from JSTOR and the publishers on a grand scale. That he didn't get to disseminate the works seems beside the point: he took them into his possession, fully intending to disseminate them. We don't wait for a burglar to sell his stolen goods to say that he is a thief.
5. Nowhere do you attempt to quantity the harm Swartz did. Yet, you call the prospective punishment draconian. Surely, in deciding whether a punishment is just, one must consider the harm that was being done. The harm that he in the act of doing, it seems to me, was immense.
6. The minimum penalty for non-statutory rape of a child, according to the link provided, is 15 years. The maximum is life! It reads "shall be punished by imprisonment in the state prison *for life* or for any term of years, but not less than 15 years" Your comparison of these penalties, where Swartz faced a *maximum* of 35 years is misleading at best and irresponsible at worst.


I don't think the prosecutors intended to induce his suicide anymore than some parents don't intend to kill their children when they refuse to take them to the hospital because of belief reasons.

Going out of your way to purposefully cause a stressful situation that causes someone to commit suicide should be criminal.


The "product" he was stealing was access to public domain articles that were paid for by tax payers.

He was allowed to access and download and share anything on the site. The only difference is how much he was attempting to access, download, and share.

The only reason it was noticed was because it effectively DoS'd the servers.


I think in this comparison it's not that the cyber crime penalty is too harsh. The rape penalty is just way too lenient.


But it IS what 'capitalism' has become in the USA.

Crony capitalism.

And unfortunately, it is what always happens to capitalism in the end. Which is why it is so evil.


You're exactly right.

I just failed to put my 'being facetious' flag up on that comment.


"But hey, that's capitalism for you."

NO, that's not capitalism. With capitalism the market sets the price through competition. IN this case the government does not allow competition so the price is indirectly fixed by the government.


That "product" was already paid for by the taxpayers. For that matter, he didn't succeed in distributing the documents, so JSTOR and MIT lost nothing but some bandwidth. I agree he should be punished, but 35 years in prison is ludicrous.


Documents created at taxpayer expense and the authors will never get a dime of the money.

But hey, that's capitalism for you.


Excellent article!

It's worth pointing out that although JSTOR stands to make quite a bit of money by selling these articles, the authors will never get a dime of it.

And since nothing ever left the premises, Mr. Swartz's only real crime was simple trespass.

What this incident really points out is just how critical the corporate/governmental apparatus sees as its right to put a stranglehold on the information available to the public - and just how vicious it can be in protecting this perceived right.

Currently our 'justice' system protects the most egregious criminal acts if perpetrated by members of the power elite, but comes down with merciless ferociousness on those that challenge their power even in the most minor way.

Carmen Ortiz, Obama and Holder may as well have put a gun to Mr. Swartz's head and pulled the trigger. They are no doubt toasting their victory as we read.


Or was he trying to steal back a product that was paid for by millions of taxpayers? This is not the same cybercrime as spreading a virus that disables people's computers and productivity.


I don't think anyone thinks that the prosecutors intended to induce Mr. Swartz to kill himself, but the question remains whether the sentence the prosecution was seeking fit the alleged offense. I think 35 years is excessive; perhaps you don't.

The real solution is to return to judges and juries the sentencing discretion they once had.



I think you're comments are 100% on the money. As a (former) researcher who has published a dozen or so refereed research articles, I completely sympathize with what he was trying to do.

In fact, a lot of math journals already are starting to distribute older articles free of charge. ( MATHEMATICA SCANDINAVICA, and AMS already do this.

It is ridiculous for publishers to charge what they do. Essentially the only value add is paying for servers. Referees and editors are typically unpaid, as are authors.

Moreover, if anxiety over having to pay a $1M fine or spend a huge time in prison triggered his depression, then the people throwing the book at him for trivial crimes are morally culpable. Its not a lot different than if a car thief caused his victim excessive stress which caused him/her to have a heart attack. Just because penalties are provided for in the law doesn't mean they should be enforced. Prosecutors have discretion for a reason.

keep up the good work.



Twice the penalty for rape? Really?


He tried to steal a product that was being sold for thousands of dollars a person and planning on giving it to millions of people. This is beyond grand theft. Are we supposed to compare it with punching someone? Really?


It's unfair to hold prosecutors responsible for a suicide - we have due process for a reason, he had the opportunity to defend himself in a court of law. It's presumtuous to assume he would have been found guilty, given the maximum sentence, or not have been given an opportunity to plea bargain to something much less. Suicide rarely has a single cause, let's not over-simplify.

Dr. Dobb's TV