[betterunix]

Aaron had every right to access JSTOR and did not bypass any paywall (I have the same access). He also had every right to access MIT's network, just like any other member of the general public does. The one thing you mentioned that might have been a crime was to enter a closet without permission, but he was not even prosecuted for that one.

[pyre]

1. He used the network closet because they booted him off of the wireless network.

2. He changed his MAC address because they blocked his old one.

I don't think that this alone should be enough for a conviction though. For instance, he wasn't privy to the reason that his network connection wasn't working anymore (so far as the MAC address was concerned). The prosecutors wanted to argue that changing the MAC address was a purposeful attempt to thwart restrictions, but from the outside he couldn't have known why the old MAC was no longer working.

3. Instead of using Harvard's network and signing up with his own name, he used MIT's network (which is open to the public) and signed up for access with a fake name. The prosecutors would have argued that this was his way of hiding his identity because he knew what he was doing was wrong.

4. The US Department of Justice has had a hard-on to expand the hacking statutes to cover "any crime with a computer." See the case about the MySpace/Facebook mother that drove her daughter's classmate to suicide. They tried to go after her for 'hacking' into the website because she signed up with a fake name which is against the Terms of Service (i.e. "unauthorized access" to the website).

[derekp7]

For your point #4, I don't think the prosecutors were specifically trying to go after another _hacking_ conviction (to expand the statutes), but they were reaching for any law that could apply, since what the woman did (emotionally harassing a minor until driving her to suicide [allegedly]) was considered to be abhorrent but not in itself illegal -- just like the prosecutor's conduct with Arron. And in our society, any time something tragic happens people feel that someone has to be held accountable.

[dkl]

Problem is, once a law is used for a new use, no matter how virtuous it is, it will now be seen as one of the tools in the toolbox for prosecutors to punish people. Many of those new uses will not be looked on favorably, either.

[pyre]

There would be significant fallout from setting a precedent that violation of a website's Terms of Service constituted a Federal crime with punishment up to 35 years in prison, no matter how much we dislike the person being prosecuted.

[raldi]

> He also had every right to access MIT's network, just like any other member of the general public does.

You're conflating two networks. He had every right to access the public wifi network at MIT, which has numerous security and bandwidth-control mechanisms in effect.

He did not have every right to connect directly to MIT's core network infrastructure, which bypasses most of the above.

[cma]

Was it properly labeled? Presumably some ports (outside of closets) don't go into the core; did he actually try and fail with one of those before going to the closet?

If an MIT professor left his laptop plugged into one of the public ports downloading a linux tarball unattended over night, is he liable under CFAA? What the professor left it in the unlocked closet instead, to minimize the risk of getting his laptop stolen?

[rayiner]

I don't even know what to make of this. You think you need a label to tell you that you shouldn't open up random network closets at MIT (a billion dollar a year defense contractor) and plug in your laptop?

[cma]

Then charge him with trespassing. To charge him under CFAA due to him getting on the privileged part of the network, I think you should have to show he knew it was the privileged prat of the network. Maybe they had evidence that he did, but just connecting his laptop in a closet after covering his face with a bike helmet isn't evidence of hit.

He could have covered his face after his experience with PACER where he was legally in the right, but still got hounded by the FBI.

[rayiner]

> To charge him under CFAA due to him getting on the privileged part of the network, I think you should have to show he knew it was the privileged prat of the network. Maybe they had evidence that he did, but just connecting his laptop in a closet after covering his face with a bike helmet isn't evidence of hit.

To indict someone, you don't have to prove your interpretation of the facts. You have to present evidence that supports your interpretation of the facts. The fact that he hid is face is perfectly reasonable evidence to suggest he knew he was accessing MIT resources he should not have, sufficient to support an indictment.

Now, maybe he could have argued that he nonetheless didn't know it wasn't meant for public access. I doubt the prosecutor would have believed that claim, or a jury. I don't believe it, and I honestly don't think you believe it either. So why drag us both down this ridiculous hypothetical?

The miscarriage of justice here is that they dropped the trespassing charge because the CFAA charge was so much more lucrative. There is no reason a minor network intrusion should carry a firmer penalty than an equivalent physical trespass. I wholeheartedly agree on that point. But to make the stronger argument that Aaron did nothing wrong, you have to put aside common sense to the point where you're arguing that a grown man didn't know he wasn't supposed to be doing something when even a child could have parsed the situation correctly.

[cma]

Not being supposed to do something is different than legally not being supposed to do something.

[tzs]

> He also had every right to access MIT's network, just like any other member of the general public does.

The general public does not have a right to access MIT's network. MIT generously ALLOWS the general public some access to their network.