Stephen Heymann

Stephen Heymann Involved in Swartz Investigation before Arrest

Ryan Reilly reports that Aaron Swartz’s last attorney, Elliot Peters, filed an Office of Professional Responsibility complaint against Swartz prosecutor Stephen Heymann in January. The complaint covers three things:

  • Delaying the disclosure of an email showing the Secret Service was involved in the investigation from the start and therefore should have gotten a warrant for Swartz’s computer before a month had elapsed
  • Pressuring Swartz to plead guilty with threats of inflated prison time
  • Delaying the disclosure of when Heymann first got involved in the prosecution and hiding other pertinent emails and reports

Reilly discusses the substance of the first item — which pertains to issues I covered in this post on Secret Service’s belatedly disclosed early involvement in the investigation and this post on the six week delay before actually searching Swartz’s computer.

Peters argued that the government failed by waiting more than a month to obtain the warrant. Heymann countered that he couldn’t get a warrant because he didn’t have access to the equipment. But an email in Heymann’s possession, which was written to Heymann himself, showed that assertion to be untrue.

In an email that was not provided to the defense team until the last minute, Michael Picket, a Secret Service agent, wrote to Heymann on Jan. 7, “I am prepared to take custody of the laptop anytime after it has been process for prints or whenever you feel is appropriate.

Reilly’s report (and the complaint) provide more substantiation for Peters’ claim that Heymann waited until after a status conference on whether or not the judge would hold a hearing on the suppression issues to hand over the email. The key complaint against Heymann, then, is that he didn’t turn over a key document until he knew the judge would actually investigate the issues around that document.

But I’m just more interested in the part of the complaint that is current hidden, the context of which is provided in the complaint.

Meanwhile, on December 21, 2012, AUSA Heymann produced yet another, much larger set of documents relevant to Mr. Swartz’s motion to suppress. This voluminous, disorganized production consisted of hundreds of previously-undisclosed emails, as well as hundreds of other documents, including undisclosed investigative reports, photographs, spreadsheets, and screen captures. Many of the newly-disclosed emails and reports further illustrated that the Secret Service was in control of investigating Mr. Swartz, and that AUSA Heymann was himself involved in the investigation even before Mr. Swartz was arrested on January 6, 2011. See, e.g.,

[paragraph-long redaction]

Upon review of the December 21 discovery, it became apparent to use that AUSA Heymann was well aware of the Secret Service’s investigation of Mr. Swartz’s case from its inception. This made AUSA Heymann’s misrepresentation about the Secret Service’s involvement in the seizure of Mr. Swartz’s electronic devices all the more troubling, because the misrepresentation could not have been made accidentally. Rather, because the December 21 documents had never before been disclosed to the defense, Mr. Swartz and his attorneys did not have the opportunity to consider and argue their relevance in Mr. Swartz’s motions to suppress, which had been filed months prior to disclosure.

While DOJ is clearly hiding the most interesting part of this, even this passage is telling. It reveals that:

  • Heymann was involved before January 6
  • DOJ withheld emails, documents, investigative reports, photographs, spreadsheets, and screen captures
  • Heymann was aware of Secret Service’s investigation “from its inception”

The least damning potential issue here is that Heymann was brought into the investigation on January 4, along with the Cambridge police and Secret Service, and that the belatedly disclosed reports showed a great deal of Secret Service investigation that had not been turned over. Given the language used in the complaint and the fact that the Secret Service technically handcuffed Swartz, it also seems to suggest that Secret Service was not just brought into the investigation (as suggested by what we’ve seen so far), but what the lead from the very start.

But there are other far more interesting possibilities which, if true, would explain a lot of questions I’ve had about the investigation. Here are some possibilities — and note, these are just wildarsed guesses:

  • Was Secret Service involved before MIT called the Cambridge police on January 4? Did they (or a contractor like Carnegie Mellon’s CERT team) provide the data flow reports that first identified the location of Swartz’s computer? Are those data flow reports included in the late discovery? Did Secret Service know the identity of Swartz before they conducted the flow, or before they caught him in the network closet? 
  • Did MIT call Secret Service before they called CPD? Did they call Secret Service before January 4, 2011? Did Secret Service call MIT first?
  • Did the photos in the belated discovery include photos of Swartz used to stake out Swartz’s apartment the day he was arrested? Had they already been staking out his apartment?
  • Peters has said DOJ subpoenaed Internet Archive for multiple versions of the Guerilla Open Access Manifesto. That seems to contradict what DOJ told the defense in earlier discovery motions. Were those subpoenaed reports part of the belated discovery?

Aside from these WAGs about what the hidden material might include, there are larger questions about whether they piggy backed an investigation into Swartz onto larger investigations of Cambridge hackers and/or other open access activists. Remember: past statements by the government left open the distinct possibility that they had emails “not relevant to this case.” I wonder whether those were among the emails turned over after DOJ learned the judge would hold a hearing into improprieties of the searches into Swartz.

Those are questions DOJ doesn’t want to answer.

Who Turned over the Google Group Conversations Involving Aaron Swartz?

The legal documents on the investigation into Aaron Swartz show three signs of witnesses cooperating with the prosecution.

Most of the public attention has focused on this detail, which in September 2011 publicly indicated Quinn Norton had been provided immunity to testify before the grand jury.

Promises, rewards, or inducements have been given to witness Erin Quinn Norton. Copies of the letter agreement with her and order of immunity with respect to her grand jury testimony are enclosed on Disk 3.

Norton’s account of her testimony is here.

That same motion to compel discovery reveals that an MIT student IDed Swartz in a photo lineup.

Defendant Aaron Swartz was a subject of an investigative identification procedure used with a witness the government anticipates calling in its case-in-chief involving a photospread documented by MIT Police Detective Boulter. Relevant portions of the police report of Detective Boulter and a copy of the photospread used in the identification procedure are enclosed on Disk 3. In both instances, the name of the identifying MIT student has been redacted to protect the student’s continuing right to privacy at this initial stage of the case.

There are hints elsewhere that an MIT student gave Swartz some tips on how to get around MIT (someone must have told him about the accessible network closet, after all); I’ve wondered whether this student, or someone else, is who IDed Swartz.

Finally, a discovery motion dating to June 2012 reveals there are personal communications involving him, including both emails and Googlegroup conversations.

Swartz has received in discovery internet memoranda and chats purporting to be from him. For example, the discovery contains a number of chats on which contain entries which facially indicate that Swartz was a participant in the communications. The discovery also contains a number of emails which on their faces indicate that they were either to or from Swartz. Swartz requires the additional information requested – the source of these statements and the procedure used by the government to obtain them – to enable him to move to suppress such statements if grounds exist to do so, which he cannot determine without the requested information.

And in response to Swartz’ motion for the source of the communications involving him, the government said everything was either turned over willingly or accessed from a public site. It also said it would not turn over the identity of the people who had turned it over because that would identify its witnesses before it had to. Continue reading

Quinn Norton’s Testimony

The docket of Aaron Swartz’ prosecution made it clear that Quinn Norton, Swartz’ ex-girlfriend, testified with immunity. It also made it clear that someone — or some people — handed over communications, including LISTSERVs, to DOJ. [See update]

In the Atlantic, she provides her side of the story. While it includes a range of useful details, the most significant revelation is that — she believes — she was the first to alert Prosecutor Stephen Heymann to the Guerilla Open Manifesto.

Steve asked if there was anything I knew of to suggest why Aaron would do this, or what he thought about academic journals. I cast around trying to think of something, something that made sense to them, when Aaron had just gathered these datasets for years, the way some people collect coins or cards or stamps.

I mentioned a blog post. It was a two-year-old public post on Raw Thought, Aaron’s blog. It had been fairly widely picked up by other blogs. I couldn’t imagine that these people who had just claimed to have read everything I’d ever written had never looked at their target’s blog, which appeared in his FBI file, or searched for what he thought about “open access” They hadn’t.

So this is where I was profoundly foolish. I told them about the Guerrilla Open Access Manifesto. And in doing so, Aaron would explain to me later (and reporters would confirm), I made everything worse. This is what I must live with.

I opened up a new front for their cruelty. Four months into the investigation, they had finally found their reason to do it. The manifesto, the prosecutors claimed, showed Aaron’s intent to distribute the JSTOR documents widely. And I had told them about it. It was beyond my understanding that these people could pick through his life, threaten his friends, tear through our digital history together, raid his house, surveil him, and never actually read his blog. But that seemed to be the fact of it.

I’ll come back to this Manifesto; I think people keep forgetting that almost all of what it espouses is legal. That while the government treated it as a Rosetta Stone, it didn’t do all they claimed it did.

But before I do that, consider the terms of Norton’s testimony. She was first interviewed without counsel, then served a subpoena, in San Francisco.

They said they were from the Secret Service and that they wanted to ask me a few questions. Shocked and unsure of myself, I let them in to talk to me. One should never, ever do this.

They asked about Aaron, I told them I didn’t know anything. They pointed out that he’d called me, and asked what he told me. I told them I hadn’t asked anything about his arrest, and they were incredulous.

Eventually I ran out of things to tell them, and they produced the real reason for their visit: a subpoena.

At this point, Norton would have been locked into the testimony she gave the Secret Service — including her claim that when Swartz called her to help arrange bail after he was arrested, he didn’t tell her why he had been arrested — or risk false statement charges. (I’m not saying she didn’t tell the truth, just that interviews without counsel can prove sticky going forward.)

In addition, in the guise of seeking her communications with Swartz, the Feds were getting close to her computer, with all her reporting on it.

As strange as it seems now, when I was first subpoenaed, Aaron was more worried about me than him, and both of us were worried about Ada, my seven-year-old daughter. She was the light of both of our lives, and we wanted to make sure none of this would touch her. The problem was my computer. It contained interviews and communications with confidential sources for stories going back five years. The subpoena didn’t actually call for my computer, but materials on my computer. Jose and Adam implied that if the prosecutor didn’t think I was being honest, he might move against me, seize things.

And if the prosecutor took my computer, I would have to go to jail rather than turn over my password.

Norton had been reporting on a range of hacker culture, including Anonymous and WikiLeaks. So while the subpoena only mentioned CFAA and wire fraud violations (see page 4), I can see why she — and the lawyers she first got, who didn’t challenge the subpoena as a violation of DOJ’s rules on subpoenaing journalists — might have been worried. I can see why Swartz would have been worried: by going after Norton, DOJ was going after someone who might have real evidence on the other more serious crimes they were trying to investigate. And by going after her, they may well have been trying to tie Swartz, by association, to that blacker hat hacker culture.

They eventually talked her into taking an immunity deal.

They told me Steve wanted to meet me, and they wanted me to meet him. They wanted to set up something called a proffer — a kind of chat with the prosecution. Steve offered me a “Queen for a day” letter, granting me immunity so that the government couldn’t use anything I said during the session against me in a criminal prosecution.


I was outraged and disturbed. I didn’t want a deal, I didn’t want immunity, I just wanted to sit down and talk about the whole terrible business, to tell them why this case wasn’t worth their time, and Aaron didn’t deserve their attention. I didn’t need a deal, and in fact, given that I had nothing to offer the government’s case, I didn’t think I even qualified for it.

I asked my lawyers to refuse, and we fought about it, repeatedly. They brought up things from my past that could be used against me; not criminal behavior per se, even they admitted, but they wanted me to have immunity. I had a terrible headache, and eventually gave in.

And in fact, that appears to have been how Heymann looked at Norton. In the proffer session, they described Norton as “being connected to hackers.”

They said I must have known something because I was connected with hackers. They knew this, they told me, because they’d read everything I’d ever written online.

This, then, is the background to why she testified. She was a broke single mother, relying on pro bono lawyers who had probably been warned about Norton’s purported ties with hackers, under a tremendous amount of stress.

I’ve long noted that Swartz’ story, awful as it is, is in some ways far better than what most people experience with prosecution, because he had the financial wherewithal, at least at first, to fight back. Norton did not.

One thing that’s not clear is what would have happened if these first lawyers had complained about what amounted to a very broad subpoena to a journalist.

I found out it was DOJ policy to subpoena journalists last, yet I had been subpoenaed first. Jose didn’t seem to know that the journalist rules might apply to my hard drive, despite being a former federal prosecutor.

Norton started to pursue these questions only after she had gotten new counsel. It’s not clear it would have made any difference. Aside from the fact that they were demanding stuff partly outside of her journalistic work (the LISTSERVs presumably would overlap her personal relationship with Swartz and her work), by the end of the year DOJ would formalize a policy that offered freelance journalists and bloggers almost zero protection as journalists. Norton didn’t have — and still doesn’t — the institutional affiliation and the  million dollars to fight a subpoena that association with the NYT would have brought.

I am, however, curious whether her first lawyers discussed this, because it’s pretty clear DOJ doesn’t believe any journalist with ties to hacker culture, as Norton has, counts as a journalist. It would have been nice to test that belief legally.

Also note: the very first thing the subpoena asked for was any computers Swartz may have given Norton.

All computers, hard drives, USB drives, DVDs, CDs and other electronic and optical Storage devices currently or previously owned 0r possessed by Aaron Swartz at any time from  September l, 2010 to the present. These shall include, without limitation, all computers and hard drives transferred to you by Aaron Swartz, loaned by you to Aaron Swartz, loaned to you by Aaron Swartz, or stored by or on behalf of Aaron Swartz at any premises over which you have custody or control.

Remember, by that point of the investigation (and to this day, as far as I’ve been able to tell from the public record), DOJ had not found the Macintosh Swartz had used remotely in some of the earlier downloads. I’ve long assumed that Mac was one of Swartz’ personal computers, with a mix of JSTOR files and his personal business (including, just as an example, records from Demand Progress and the SOPA/PIPA fight), though for all we know it could have been someone else’s computer. It appears they believed Norton might have that computer.

So rather than call his lawyer after getting arrested, Swartz called his girlfriend, who just happened to have extensive professional ties to the hackers DOJ would love to nail. The fact that he used his one call to call her made DOJ believe that she could verify Swartz’ motive. And they clearly suspected he had given her the Mac that might tie the JSTOR downloads to larger issues.

I’m still not convinced the focus on the Manifesto is evidence of anything so much as DOJ’s criminalization of open source culture. It incriminates DOJ more than it ever did Swartz.

But (presumably though not definitely in addition to personal communications), that’s what they got by hammering on someone far more vulnerable than Swartz.

Update: Via Twitter, Norton says she did not turn over any LISTSERV material. Someone else must have.

Our Government’s UnPATRIOTic Investigation of Aaron Swartz

As I noted back in December 2010, as soon as Eric Holder declared WikiLeaks’ purported crime to be Espionage, it opened up a whole slew of investigative methods associated with the PATRIOT Act. It allowed the government to use National Security Letters to get financial and call records. It allowed them to use Section 215 orders to get “any tangible thing.” And all that’s after FISA Amendments Act, which permits the government to bulk collect “foreign intelligence” on a target overseas–whether or not that foreign target is suspected of Espionage–that includes that target’s communications with Americans. The government may well be using Section 215 to later access the US person communications that have been collected under an FAA order, though that detail is one the government refuses to share with the American people.

At no point would a judge have the opportunity to challenge Holder’s assertion that a website publishing documents offered up anonymously is engaged in Espionage. All it would take is Holder’s assertion that it was, and those investigative powers would become available.

No matter how many Americans got sucked up into that investigation.

Which is why I find it interesting that Aaron Swartz’ lawyers were asking, last summer–but got only indirect answers–about how the government had collected some of the evidence, particularly emails, turned over to the grand jury.

This paragraph asked the government to “identify the origin of any and all statements of Aaron Swartz including but not limited to emails, text messages, chats, documents, memoranda or letters, i.e., to identify the source from which each statement was received and the legal procedure used to obtain each such statement of the defendant.” Swartz has received in discovery internet memoranda and chats purporting to be from him. For example, the discovery contains a number of chats on which contain entries which facially indicate that Swartz was a participant in the communications. The discovery also contains a number of emails which on their faces indicate that they were either to or from Swartz. Swartz requires the additional information requested – the source of these statements and the procedure used by the government to obtain them – to enable him to move to suppress such statements if grounds exist to do so, which he cannot determine without the requested information.

The government offered this explanation.

In Paragraph 15, the defendant would require the government to identify the origin of any and all statements of Aaron Swartz in its possession and the legal procedure used to obtain the statements. All of the emails, text messages, chat sessions, and documents containing statements provided by the defendant relevant to this case were obtained either from individuals with whom the defendant communicated or from publicly available websites stored on the Internet. No emails, texts messages, chat logs, or documents were obtained from Internet service providers using orders under 18 U.S.C. 2703(d). As previously represented to defense counsel, there was no court-authorized electronic surveillance in this case. [my emphasis]

The government admits the defense has asked for the content and origin of all Aaron’s statement in its possession. In response, it described how it had gotten Aaron’s statements relevant to this case–which may well be just a subset of Aaron’s statements in their possession. It also says that it did not obtain any of his statements (presumably referring to the larger potential universe) using 18 USC 2703(d), which is how DOJ demanded Twitter information on four WikiLeaks figures in late 2010 to early 2011. It suggests everything it got relevant to this case was either willingly from people involved in private conversations with him–though it didn’t say whether it asked for them specifically or not–or from publicly available places. And it alludes to an earlier representation to the defense about whether or not it had intercepted Aaron’s communications in this case.

I believe these are the representations in question, which comes from early discovery discussions in August 2011.

C. Electronic Surveillance under Local Rule 1 16.1 (C)(l)(c)

No oral, wire, or electronic communications of the defendant as defined in 18 U.S.C. § 2510 were intercepted relating to the charges in the indictment.

D. Consensual Interceptions under Local Rule 1 16.1 (C)(l)(d)

There were no interceptions (as the term “intercept” is defined in 18 U.S.C. § 2510(4)) of wire, oral, or electronic communications relating to the charges contained in the indictment, made with the consent of one of the parties to the communication in which the defendant was intercepted or which the government intends to offer as evidence in its case-in-chief.

As you can see, in this statement the government made in August 2011 anticipated some of the same dodges the government was making in June 2012.

But in the earlier statement, the limitation on its assertions are even narrower than the later one. Whereas by June 2012 they were making assertions about “this case” in general, when they first discussed the issue, they discussed only the communications related to “the charges contained in the indictment” (though presumably they may have still been considering other charges).

Also, the second paragraph makes it very clear it is discussing intercepts only as defined under the Title III definition for intercept, which pertains to communications collected in transit. I’m not sure what the government considers communications collected under FISA and stored, though I would not be surprised, given all the discussions about the government yoking Section 215 onto FAA if they had some creative treatment of those US person communications.

None of that is proof that they had accessed Swartz’ communications via other means or, indeed, that they have any communications outside those pertaining directly to JSTOR downloads.

But their very careful hedges sure seem to leave that possibility open.


The Fishing Expedition into WikiLeaks

If, as WikiLeaks claims, Aaron Swartz:

  • Assisted WikiLeaks
  • Communicated with Julian Assange in 2010 and 2011
  • May have contributed material to WikiLeaks

Then it strongly indicates the US government used the grand jury investigation into Aaron’s JSTOR downloads as a premise to investigate WikiLeaks. And they did so, apparently, only after the main grand jury investigation into WikiLeaks had stalled.

(See this Verge article on the ways these tweets appear to violate WikiLeaks’ promises of confidentiality.)

As I noted in this post, when Aaron’s lawyer requested discovery last June, he wanted material that had been subpoenaed or otherwise collected but not turned over in discovery–material that does not have an obvious tie to Aaron’s relatively simple alleged crime of downloading journal articles from JSTOR.

These paragraphs request information relating to grand jury subpoenas. Paragraph 1 requested that the government provide “[a]ny and all grand jury subpoenas – and any and all information resulting from their service – seeking information from third parties including but not limited to Twitter. MIT, JSTOR, Internet Archive that would constitute a communication from or to Aaron Swartz or any computer associated with him.” Paragraph 4 requested “[a]ny and all SCA applications, orders or subpoenas to MIT, JSTOR, Twitter, Google, Amazon, Internet Archive or any other entity seeking information regarding Aaron Swartz, any account associated with Swartz, or any information regarding communications to and from Swartz and any and all information resulting from their service.” Paragraph 20 requested “[a]ny and all paper, documents, materials, information and data of any kind received by the Government as a result of the service of any grand jury subpoena on any person or entity relating to this investigation.”

Swartz requests this information because some grand jury subpoenas used in this case contained directives to the recipients which Swartz contends were in conflict with Rule 6(e)(2)(A), see United States v. Kramer, 864 F.2d 99, 101 (11th Cir. 1988), and others sought certification of the produced documents so that they could be offered into evidence under Fed. R. Evid. 803(6), 901. Swartz requires the requested materials to determine whether there is a further basis for moving to exclude evidence under the Fourth Amendment (even though the SCA has no independent suppression remedy).


Moreover, defendant believes that the items would not have been subpoenaed by the experienced and respected senior prosecutor, nor would evidentiary certifications have been requested, were the subpoenaed items not material to either the prosecution or the defense. Defendant’s viewing of any undisclosed subpoenaed materials would not be burdensome, and disclosure of the subpoenas would not intrude upon the government’s work product privilege, as the subpoenas were served on third parties, thus waiving any confidentiality or privilege protections. [my emphasis]

Given that this material (I’m particularly interested in the material Amazon returned to the grand jury, though also the Twitter and Google material, which after all, the main WikiLeaks grand jury requested for public WikiLeaks figures) had not been turned over to Aaron’s defense almost a full year after he was indicted, it’s fairly clear it did not pertain to (or certainly was not necessary to prove) the charges against him, which related to JSTOR.

Yet prosecutor Stephen Heymann had used a grand jury he was using to investigate that JSTOR download–a grand jury that appears not to have gotten started in earnest until the main WikiLeaks grand jury had stalled–to collect information that appears directly relevant to the WikiLeaks grand jury. And he collected it in a form such that could be directly entered as evidence into that WikiLeaks grand jury.

Let me clear about two things. First, I think this is perfectly within the range of what grand juries do. If the government suspected–and they appear to have–that Aaron’s JSTOR downloads were part of a larger effort, then it’s not surprising they investigated broadly to determine whether it was. That’s part of the significant power of grand juries–they can expand in secret to fish for other crimes. As judge Judith Dein said when rejecting Aaron’s effort to see what the government had gotten from these subpoenas, citing US v. Dionisio, “A grand jury’s investigation is not fully carried out until every available clue has been run down and all witnesses examined in every proper way to find if a crime has been committed.”

But even after this fishing expedition (and I hope to show in a later post just how broad it appears to have been), Heymann apparently came up with no evidence that Aaron had broken any laws related to whatever he did with and for WikiLeaks (again, assuming WikiLeaks’ assertions are correct). After investigating for over a year, Heymann added no charges pertaining to WikiLeaks.

He just ratcheted up the charges related to JSTOR.

It appears the government tried–and failed–to establish a criminal connection between Aaron and WikiLeaks. And when they failed to do that, they increased their hardline stance on the JSTOR charges.

Emptywheel Twitterverse
emptywheel @matthewstoller Since when has a lack of unique technology been an impediment to a patent, or 7 of them? @csoghoian @shaneharris
emptywheel @p2wy See, I'd be halfway to your house by now, deciding which sewer construction project to take in along the way.
emptywheel @p2wy Bet I could walk to your house more quickly.
emptywheel @nickmanes1 Yeah. I have a sort of open-air greenhouse effect so I think I'll get some okra. Ah well, at least they're beautiful plants.
emptywheel @nickmanes1 I've planted okra 2X. Both times summers like this. But I'm getting (a few) pods anyway.
emptywheel @nickmanes1 You appear to have missed my twitpothesis that as soon as I put okra seeds in MI ground we get chilly weather.
emptywheel @nickmanes1 But I will only get 10 okra pods!
emptywheel Or does Alexander's new approach to hackers depend on privatization he set in motion while still DIRNSA?
emptywheel So Alexander was holding out on "new kind of technology for countering hackers" even while America was getting pwned?
bmaz @JasonLeopold Well, I know it's early and all, but Merry Christmas! I have ordered a gift subscription for you!
bmaz @Sherry_Reson @JayAckroyd Wait....birthday?
July 2014
« Jun