MIT has just released its report on the university’s role in the investigation into Aaron Swartz.
Part of it explains how the Secret Service came to be involved in the investigation.
The MIT Police decided that the situation required expertise in computer crime and forensics, which they did not have. They therefore telephoned the Cambridge Police Department detective who is their normal contact for assistance with computer-related crime activity.19 The Cambridge detective they contacted was a member of the New England Electronic Crimes Task Force.20 When he received the call for assistance from the MIT Police, the detective was working at the Task Force field office in a federal building in Boston, together with other law enforcement officers whose agencies participate in the Task Force. He responded to the call, accompanied by two other Task Force members: a special agent21 of the U.S. Secret Service; and a detective from the Boston Police Department. They arrived at the Building 16 closet around 11:00 a.m.
We note that no one from MIT called the Secret Service. The MIT Police contacted the Cambridge detective by calling him on his individual cell phone. The special agent became involved because he accompanied the Cambridge detective. As a Task Force member, the detective would sometimes respond to calls alone, and sometimes respond in the company of other members of the Task Force. The MIT Police were aware that other members of the Task Force might accompany the detective, and that Task Force members included Secret Service agents.
During the morning’s activities in the basement closet, the special agent had asked for whatever electronic records MIT might have on the matter. As it is IS&T’s protocol to obtain approval from MIT’s Office of the General Counsel (OGC) before releasing information or materials to outside law enforcement agencies, IS&T contacted the OGC, which responded that it was appropriate to comply with the agent’s request in view of the fact that law enforcement was conducting an investigation into what was potentially ongoing criminal activity of unknown scope, and it did not appear to OGC that such information would disclose personally identifiable information.
The report also provides this far less convincing description of how an MIT cop just happened to see Swartz close to his home and the Secret Service Agent just happened to be present at the time.
At approximately 2:00 p.m. an MIT Police officer was driving to the Stata garage after his shift in an unmarked police cruiser. He was familiar with the investigation and had been informed by radio that the laptop had been removed from the basement closet. He had seen the January 4 video of the suspect, as well as stills made from the video, and he had a still with him in his cruiser. On Vassar Street, near Massachusetts Avenue, he saw a cyclist pass him heading in the opposite direction. Based upon the stills and video, and given the backpack and clothes the cyclist was wearing, the officer observed that the cyclist matched the description of the suspect from the basement closet. He made a U-turn to follow the cyclist, who turned onto Massachusetts Avenue and proceeded north towards Harvard Square. When the officer reached the cyclist and pulled alongside, he rechecked the still photos that he had in his car and concluded that the cyclist was in fact the person in the photos. He immediately called his department for backup. A second MIT Police officer, accompanied by the special agent, responded by car from the MIT Police station.
This may well be how the federal investigation into Aaron Swartz started and how it happened that the Secret Service immediately took the lead.
But I do find the timing of MIT’s report release rather interesting. After all, just 12 days ago, they successfully moved to prevent the imminent disclosure of the Secret Service’s own reports on the investigation to Wired’s Kevin Poulsen.
As I’ve suggested, I’m very interested in pinpointing when and how the Federal government first got involved in the investigation of the JSTOR downloading and what role MIT had in the Feds getting involved. While Swartz’ lawyers put together a timeline of the investigation, it constitutes grand jury material that is currently sealed (though you can be sure the content of it would have been aired during Swartz’ trial).
And while we can get a pretty good idea of how the investigation proceeded from court documents, there two periods about which I have questions: December 2010, and the day of January 4, 2011.
The timeline below shows how Swartz allegedly accessed JSTOR documents, along with the response that JSTOR, MIT, and the government took. As you can see, the investigative narrative sort of fades out for the entire month of December 2010, when Swartz had a computer hooked right into MIT’s network. And then–due to what gets vaguely described as new tools to track flows on MIT’s own network–they found Swartz’ computer. But there’s a weird lapse in time, too: JSTOR notes that Swartz is downloading again around Christmas. But MIT doesn’t go find the computer–which it has recently acquired the ability to do–until January 4. Note, too, that the indictment treats the downloads from November 29 to December 26 as one charge, and those from December 27 to January 4, as another.
That leads to January 4, 2011, when according to the public fillings, the Cambridge cops and Secret Service got brought in and–almost immediately–SS takes over the case and MIT hands over data flow materials to SS without demanding a warrant. HuffPo explained that process this way:
According to the source close to the investigation, when MIT employees found the laptop, they contacted MIT police, who called Cambridge police, where the call was then routed to a detective assigned to the New England Electronic Crimes Task Force. That detective contacted another member of the task force, Michael Pickett, a special agent with the U.S. Secret Service, who helped lead the investigation.
In addition, MIT allows SS to get Carnegie Mellon’s CERT to collect the signals from Swartz’ laptop in a dropbox; when Swartz’ lawyers first asked for CERT’s notes on that data flow, the government refused to turn it over, saying that since they would not call any CERT experts to testify they didn’t have to.
I’m wondering several things. First, what were the new tools MIT used to analyze their networks in December 2010? Where did they come from? When did they get them? Was the JSTOR download the reason they did?
And also, what kind of legal analysis did MIT go through before they just let the government into their networks?
Finally, what obligations was MIT under to file Suspicious Activity Reports to the government regarding the JSTOR downloads and when did those obligations kick in? Did MIT comply with those obligations? Did the government know MIT’s network was compromised as early as September, or not until Cambridge brought in SS in January?
To be clear: I’m not suggesting anything nefarious about this–though I am mindful of this, from the scope of the investigation MIT President Rafael Reif has ordered: “I have asked that this analysis describe the options MIT had and the decisions MIT made, in order to understand and to learn from the actions MIT took.” That is, Reif now wants to know which of the decisions MIT pursued they had legal choices to avoid.
The government’s consolidated response to Swartz’ suppression motion claims that “neither local nor federal law enforcement officers were investigating Swartz’s downloading action before January 4, 2011, when MIT first found the laptop.” Note, they refer just to Swartz’ downloading action, not Swartz (though that may just be legal particularity), so it is possible though unlikely that federal law enforcement officers were investigating other activities of Swartz before then (we know the FBI had investigated his PACER downloads the previous year).
Note: the following timeline depends on the assertions of both the government and Swartz’ lawyers. It represents alleged facts as presented by self-interested parties, not uncontested facts. Documents used include the hardware search warrant affidavit, superseding indictment, motion for discovery, pre January 4 suppression motion, January 4-6 suppression motion, consolidated response to motion to suppress, and exhibit to supplement to motion to suppress. I’ve also included Swartz’ FOIAs, as described in this Jason Leopold story, because I find some of the coincidences intriguing (see especially the timing of his request for Secret Service access to encrypted files and CERT, which I’ll return to in a later post). Continue reading
MIT health economist Jonathan Gruber has been the go-to source that all the health care bill apologists point to to defend otherwise dubious arguments. But he has consistently failed to disclose that he has had a sole-source contract with the Department of Health and Human Services since June 19, 2009 to consult on the “President’s health reform proposal.”
He is one source for the claim that the excise tax will result in raises for workers (though his underlying study is in-apt to the excise tax question). He is the basis for the argument that the Senate bill reduces families’ risk–even if it remains totally unaffordable. Even Politico stenographer Mike Allen points to Gruber’s research.
a technical memorandum on the estimated changes in health insurance coverage and associated costs and impacts to the government under alternative specifications of health system reform. The requirement includes developing estimates of various health reform proposals on health insurance coverage and cost. The alternative specifications to be considered will be derived from the President’s health reform proposal. [my emphasis]
(h/t Mote Dai)
The President’s health reform proposal? But I thought this was the Senate’s health reform proposal?!?!? (wink!)
Now, HHS says they had to put Dr. Gruber in charge of evaluating health care reform proposals because he’s got,
a proven micro-simulation model with the flexibility to ascertain the distribution of changes in health care spending and public and private sector health care costs due to a large variety of changes in health insurance benefit design, public program eligibility criteria, and tax policy.
Even assuming that Gruber is the only one in the world who can run these simulations, don’t you think it’s rather, um, dubious that the guy evaluating the heath care reform–for $300,000–is also the package’s single biggest champion?
And no one has been transparent about this contract?
Update: Actually, Gruber failed to disclose his $392,600 contracts with HSS. The reference to ongoing work in the bigger, second one refers to a $95,000 contract he had from March 25, 2009 to July 25, 2009.