JSTOR

The December 2010 Black Hole in the Network Interface Closet

As I’ve suggested, I’m very interested in pinpointing when and how the Federal government first got involved in the investigation of the JSTOR downloading and what role MIT had in the Feds getting involved. While Swartz’ lawyers put together a timeline of the investigation, it constitutes grand jury material that is currently sealed (though you can be sure the content of it would have been aired during Swartz’ trial).

And while we can get a pretty good idea of how the investigation proceeded from court documents, there two periods about which I have questions: December 2010, and the day of January 4, 2011.

The timeline below shows how Swartz allegedly accessed JSTOR documents, along with the response that JSTOR, MIT, and the government took. As you can see, the investigative narrative sort of fades out for the entire month of December 2010, when Swartz had a computer hooked right into MIT’s network. And then–due to what gets vaguely described as new tools to track flows on MIT’s own network–they found Swartz’ computer. But there’s a weird lapse in time, too: JSTOR notes that Swartz is downloading again around Christmas. But MIT doesn’t go find the computer–which it has recently acquired the ability to do–until January 4. Note, too, that the indictment treats the downloads from November 29 to December 26 as one charge, and those from December 27 to January 4, as another.

That leads to January 4, 2011, when according to the public fillings, the Cambridge cops and Secret Service got brought in and–almost immediately–SS takes over the case and MIT hands over data flow materials to SS without demanding a warrant. HuffPo explained that process this way:

According to the source close to the investigation, when MIT employees found the laptop, they contacted MIT police, who called Cambridge police, where the call was then routed to a detective assigned to the New England Electronic Crimes Task Force. That detective contacted another member of the task force, Michael Pickett, a special agent with the U.S. Secret Service, who helped lead the investigation.

In addition, MIT allows SS to get Carnegie Mellon’s CERT to collect the signals from Swartz’ laptop in a dropbox; when Swartz’ lawyers first asked for CERT’s notes on that data flow, the government refused to turn it over, saying that since they would not call any CERT experts to testify they didn’t have to.

I’m wondering several things. First, what were the new tools MIT used to analyze their networks in December 2010? Where did they come from? When did they get them? Was the JSTOR download the reason they did?

And also, what kind of legal analysis did MIT go through before they just let the government into their networks?

Finally, what obligations was MIT under to file Suspicious Activity Reports to the government regarding the JSTOR downloads and when did those obligations kick in? Did MIT comply with those obligations? Did the government know MIT’s network was compromised as early as September, or not until Cambridge brought in SS in January?

To be clear: I’m not suggesting anything nefarious about this–though I am mindful of this, from the scope of the investigation MIT President Rafael Reif has ordered: “I have asked that this analysis describe the options MIT had and the decisions MIT made, in order to understand and to learn from the actions MIT took.” That is, Reif now wants to know which of the decisions MIT pursued they had legal choices to avoid.

The government’s consolidated response to Swartz’ suppression motion claims that “neither local nor federal law enforcement officers were investigating Swartz’s downloading action before January 4, 2011, when MIT first found the laptop.” Note, they refer just to Swartz’ downloading action, not Swartz (though that may just be legal particularity), so it is possible though unlikely that federal law enforcement officers were investigating other activities of Swartz before then (we know the FBI had investigated his PACER downloads the previous year).

Note: the following timeline depends on the assertions of both the government and Swartz’ lawyers. It represents alleged facts as presented by self-interested parties, not uncontested facts. Documents used include the hardware search warrant affidavit,  superseding indictment, motion for discoverypre January 4 suppression motion, January 4-6 suppression motionconsolidated response to motion to suppress, and exhibit to supplement to motion to suppress. I’ve also included Swartz’ FOIAs, as described in this Jason Leopold story, because I find some of the coincidences intriguing (see especially the timing of his request for Secret Service access to encrypted files and CERT, which I’ll return to in a later post). Continue reading

Emptywheel Twitterverse
bmaz @cocktailhag @lrozen But, hey, I am only 50+ years old+not an international sage who has called for intervention over years. Whatta I know?
2hreplyretweetfavorite
bmaz @cocktailhag @lrozen No, inspire of all the war drum bangers, I have, per long history, no respect, and only contempt.
2hreplyretweetfavorite
bmaz @cocktailhag Well, my original indoctrination to the principle was: "Long arm for taking, and a short arm for giving". About 30 years ago.
2hreplyretweetfavorite
bmaz Whats scary pathetic is that half wit "experts" in "press" are again agitating, just like Vietnam, Iraq, Libya etc for war in Syria+Ukraine
2hreplyretweetfavorite
bmaz I am not sure you geniuses on the east coast with long arm for asking, and short arm for answering, actually give a shit about Sep of Pwrs.
3hreplyretweetfavorite
bmaz I KNOW all you DC Press Peoples are all up on everything, but after weeks of telling you, now @lawfareblog says so, can you pay attention?
3hreplyretweetfavorite
bmaz Maybe the war drum bangers for Syria, Iraq, Ukraine, Somalia+all the other asinine places in world are right; history says no. cc: @lrozen
3hreplyretweetfavorite
bmaz .@nicholsong Ooops, yeah, I fell for that BS back in the day, see: http://t.co/zj45YfdKlZ But turned out to be total bullshit. cc: @lrozen
3hreplyretweetfavorite
bmaz .@nicholsong You have something that says the current, apparent, Obama Admin. rolling desecration of the WPR is fine and dandy? Really?
3hreplyretweetfavorite
bmaz So, sorry, hope I didn't insult any of high holy 30 somethings over petty little thing like Sep of Pwrs. Cause, you know #PoliticalBullshit
3hreplyretweetfavorite
bmaz Lawdy, I JUST CAN'T WAIT for some nubes at @TNR to tell me how freakin OK+normal it is for Obama to be desecrating WPR Separation of Powers.
3hreplyretweetfavorite
bmaz @timmathews Really, that is a great location, right in the heart of New Orleans. #BonusPointsForFalseCheer?
4hreplyretweetfavorite
September 2014
S M T W T F S
« Aug    
 123456
78910111213
14151617181920
21222324252627
282930