Policy

Aaron Swartz: The Punishment Did Not Fit the Crime

As long as prosecutors have the option to put first-time computer trespassers behind bars for decades, we will continue to see such clear injustices.

|

Aaron Swartz, a 26-year-old computer prodigy and Internet activist, was facing decades in prison for violating federal hacking laws when he took his own life earlier this month. Many commentators, including Lawrence Lessig and Glenn Greenwald, have argued that prosecutorial zeal drove Swartz to hang himself. They're certainly right. Yet prosecutorial discretion would not have mattered much if the possibility of such draconian punishment did not exist.

Swartz was arrested essentially for electronic trespass. He went into an unlocked maintenance closet in a building on MIT's campus and hooked up a laptop that he'd programmed to automatically download millions of academic articles from the JSTOR archive. In no sense was he stealing. As a fellow at Harvard, Swartz had legal access to the articles. And because he was copying the articles—not taking them—JSTOR continued to have them.

It's true that Swartz violated JSTOR's terms of service by downloading the articles in bulk rather than one-by-one, but that should have been dealt with as a breach of contract, not as a criminal matter. As a Swartz supporter has put it, "it's like trying to put someone in jail for allegedly checking too many books out of the library."

Nevertheless Swartz was facing 13 felony counts under the federal Computer Fraud and Abuse Act. "If convicted on these charges," a press release from the U.S. Attorney's office at the time stated, "Swartz faces up to 35 years in prison, to be followed by three years of supervised release, restitution, forfeiture and a fine of up to $1 million." As Tim Lee has pointed out, that's a far cry from the $100 fine and up to 30 days in prison one would face for simple trespass in Massachusetts.

The problem, therefore, is not just that federal prosecutors in this case refused to engage sober prosecutorial discretion, it's that they had the option to seek—and to threaten with—a punishment so out of proportion to the crime. How can such severe punishments be justified for computer crimes?

Nobel laureate Gary Becker's work on crime and punishment suggests one reason. The more difficult a crime is to detect, Becker has pointed out, the more costly society should want the attendant punishments to be. Consider a pick-pocket who faces a 50–50 chance of getting caught snatching $100 from a man on the street. If the punishment for his crime is a $100 fine, he won't be deterred. He could continue to pick-pocket and the worst that would happen to him is that he'd break even.

In Becker's view, there are two ways to increase deterrence: Spend more on policing so that the chance of getting caught increases, or raise the cost of the punishment so that the crime won't pay. In order to conserve public resources, it makes sense to opt for the latter option, so that's often what happens.

This might explain why computer crimes, which are notoriously difficult to attribute to a particular perpetrator, often carry outsized penalties. The problem with this, of course, is that when a hacker is caught and is made to face a massive punishment for a trivial crime the punishment seems incredibly unjust.

If it seems unjust, as it did in Swartz's case, that's because it is unjust. As a result, such punishments engender not greater compliance, but contempt for the law. Why respect a law that is so obviously unjust, a hacker might wonder—especially one as idealistic as Swartz.

The work of another Nobel laureate in economics, Elinor Ostrom, suggests what might be a more sustainable approach to punishment: a series of graduated sanctions beginning with a light punishment for first-time offenders.

Under such a system, getting caught committing a crime would have three effects: 1) it would stop the crime in question from continuing, 2) it would let the criminal and other potential criminals know that they can get caught, and 3) it would allow the criminal to pay a price but be able to mend his ways and return to the fold of productive society. That, after all, is the ideal outcome.

The "crime pays" problem is solved by making it increasingly more costly for repeat offenders. Recidivists would face harsher and harsher penalties, which would be seen as just, but there would be room for someone like Swartz to learn their lesson and mend their ways. A system of outsized punishments for trivial crimes that are difficult to detect works only by making unjust examples of first-time offenders.

Indeed this is almost the way it worked. A new report reveals that immediately after he was arrested, Swartz was charged by the Middlesex County district attorney's office simply with breaking and entering. According to the report, the district attorney did not plan to seek jail time, "with Swartz duly admonished and then returned to civil society to continue his pioneering electronic work in a less legally questionable manner."

Sadly, once the U.S. Attorney's office decided to take over and bring federal charges it became virtually impossible for Swartz to ever return to society "duly admonished" and without a felony conviction. As long as prosecutors have the option to put first-time computer trespassers behind bars for decades, we will continue to see such clear injustices.