One of the most frustrating aspects of this report is the role of “neutrality” — especially in light of the criticism MIT makes of the prosecutors reported in the post below.
"Neutrality" is one of those empty words that somehow has achieved sacred and context-free acceptance — like "transparency," but don’t get me started on that again. But there are obviously plenty of contexts in which to be “neutral” is simply to be wrong.
For example, this context: The point the report makes in criticizing the prosecutors is that they were at a minimum negligent in not recognizing that under MIT’s open access policies, Aaron’s access was likely not “unauthorized.” As the report states (at 139):
As far as the Review Panel could determine, MIT was never asked by either the prosecution or the defense whether Aaron Swartz’s access to the MIT network was authorized or unauthorized—nor did MIT ask this of itself. Given that (1) MIT was the alleged victim of counts 9 and 12, (2) the MIT access policy, its Rules of Use, and its own interpretation of those Rules of Use (including the significance or “materiality” of any violation of those terms) were at the heart of the government’s CFAA allegations in counts in both indictments, and (3) this policy and these rules were written, interpreted, and applied by MIT for MIT’s own mission and goals—not those of the Government— the Review Panel wonders why. (p139)
But that criticism goes both ways — if indeed MIT recognized this, and didn’t explicitly say either privately or publicly that Aaron was likely not guilty of the crime charged, then that failure to speak can’t be defended by the concept of “neutrality.”
Indeed, the criticism of MIT could be stronger: At most, the prosecutor was negligent. But MIT was more than negligent: The issue was explicitly flagged for it, by a senior member of the MIT administration. As the report indicates, Joi Ito, in the summer of 2011, explicitly raised the point:
One particularly pertinent moment was in June 2011 when the Media Lab Director [Joi Ito] informed the administration that Aaron Swartz was charged with “unauthorized access” and suggested that MIT would be in a position to cast doubt on this charge if so desired (see section III.B.1). …
A charge of “accessing [the MIT network] without authorization or in excess of authorized access” deeply involves MIT, since MIT provides the authorization and sets the rules of authorization. Thus MIT set rules that played a key role in determining what constituted a felony in the Aaron Swartz case. In the 1994 prosecution of David LaMacchia, MIT communicated to the USAO that, as a student, LaMacchia was authorized to accessthe computer as he had done. There was no reflection on the LaMacchia case during Swartz’s prosecution: institutional memory had been lost. Part V, Question 1, in considering the need for greater expertise at MIT relating to computer crime, also asks about ways to help preserve institutional memory.
MIT has justified intervening in the LaMacchia case and defended not intervening in the Swartz case on the basis that LaMacchia was a student and Aaron was not.
But that defense is absurd: If MIT knows that a human is being prosecuted on the basis of a false interpretation of MIT’s rules, what possible difference does it make whether that human is a student or not? If a MIT official sees someone bleeding on the Mass Ave, do they decide whether to call 911 only after checking for a student card? MIT knew something here that at a minimum could have cut short a prosecution, and which, it turns out, could also have saved someone’s life.
"Neutrality" does not justify failing to pick up the phone, and telling the prosecutor, "hey, in fact, his access was authorized." Maybe it wouldn’t have mattered. Maybe the prosecutor would have stayed the course. But then that would have been (yet another) failure of the prosecution, not MIT’s.