UNITED STATES DISTRICT COURT DISTRICT OF MASSACHUSETTS UNITED STATES OF AMERICA

1. UNITED STATES DISTRICT COURT DISTRICT OF MASSACHUSETTS UNITED STATES OF AMERICA v. AARON SWARTZ, Defendant Crim. No. VIOLATIONS: 18 U.S.C. § 1343 (Wire Fraud) 18 U.S.C. § 1030(a)(4) (Computer Fraud) 18 U.S.C. § 1030(a)(2), (c)(2)(B)(iii) (Unlawfully Obtaining Information from a Protected Computer) 18 U.S.C. § 1030(a)(5)(B), (c)(4)(A)(i)(I),(VI) (Recklessly Damaging a Protected Computer) 18 U.S.C. § 2 (Aiding and Abetting) 18 U.S.C. § 981(a)(1)(C), 28 U.S.C. § 2461(c), and 18 U.S.C. §982(a)(2)(B) (Criminal Forfeiture)
2.  
3. INDICTMENT The Grand Jury charges that at all relevant times: PARTIES 1. The Massachusetts Institute of Technology ("MIT") was and continued to be a
4.  
5. leading research and teaching university located in Cambridge, Massachusetts. 2. JSTOR, founded in 1995, was and continued to be a United States-based, not-for-
6.  
7. profit organization that provides an online system for archiving and providing access to academic journals. It provides searchable digitized copies of over 1,000 academic journals, dating back for lengthy periods of time. 3. JSTOR service is important to research institutions and universities because it
8.  
9. can be extraordinarily expensive, in terms of both cost and space, for a research or university library to maintain a comprehensive collection of academic journals. By digitizing extensive, historical collections of journals, JSTOR enables libraries to outsource the journals’ storage,
10.  
11. ensures their preservation, and enables authorized users to conduct full-text, cross-disciplinary searches of them. JSTOR has invested millions of dollars in obtaining and digitizing the journal articles that it makes available as part of its service. 4. JSTOR generally charges libraries, universities, and publishers a subscription fee
12.  
13. for access to JSTOR digitized journals. For a large research university, this annual subscription fee for JSTOR various collections of content can cost more than $50,000. Portions of the subscription fees are shared with the journal publishers who hold the original copyrights. In addition, JSTOR makes some articles available for individual purchase. Publishers decide which articles can be purchased individually and set fees for their articles. JSTOR facilitates the purchase of these articles from the archive on behalf of the participating publishers. 5. JSTOR did not permit users: a. to download or export content from its computer servers with automated
14.  
15. computer programs such as web robots, spiders and scrapers; b. c. 6. to download all of the articles from any particular issue of a journal; or to make other than personal use of individually downloaded articles.
16.  
17. JSTOR notified its users of these rules, and users accepted these rules when they
18.  
19. chose to obtain and use JSTOR content. 7. 8. JSTOR provided MIT with its services and content for a fee. MIT, in turn, made JSTOR services and content available to its students,
20.  
21. faculty, and employees. MIT also allowed guests of the Institute to have the same access as its students, faculty, and employees for short periods of time while they were on campus. 9. JSTOR computers were located outside the Commonwealth of Massachusetts,
22.  
23. and thus any communications between JSTOR computers and MIT computers in Massachusetts crossed state boundaries. JSTOR computers were also used in and affected interstate and foreign commerce. 2
24.  
25. 10.
26.  
27. Aaron Swartz lived in the District of Massachusetts and was a fellow at Harvard
28.  
29. University Center for Ethics. Although Harvard provided Swartz access to JSTOR services and archive as needed for his research, Swartz used MIT computer networks to steal well over 4,000,000 articles from JSTOR. Swartz was not affiliated with MIT as a student, faculty member, or employee or in any other manner other than his and MIT common location in Cambridge. Nor was Swartz affiliated in any way with JSTOR. OVERVIEW OF THE OFFENSES 11. Between September 24, 2010, and January 6, 2011, Swartz contrived to: a. b. closet; c. connect to JSTOR archive of digitized journal articles through MIT break into a restricted computer wiring closet at MIT; access MIT network without authorization from a switch within that
30.  
31. computer network; d. use this access to download a major portion of JSTOR archive onto his
32.  
33. computers and computer hard drives; e. avoid MIT and JSTOR efforts to prevent this massive copying,
34.  
35. measures which were directed at users generally and at Swartz illicit conduct specifically; and f. elude detection and identification;
36.  
37. all with the purpose of distributing a significant proportion of JSTOR archive through one or more file-sharing sites. MEANS OF COMMITTING THE OFFENSES 12. Swartz alone, or in knowing concert with others unknown to the grand jury,
38.  
39. (hereafter simply "Swartz" in this section) committed these offenses through the means described below. September 24 through 27, 2010 3
40.  
41. 13.
42.  
43. On September 24, 2010, Swartz purchased an Acer laptop computer from a local
44.  
45. computer store with the intent of using it to automatically and systematically harvest JSTOR archive of digitized journal articles. 14. Later that day, Swartz connected the Acer computer to MIT computer network
46.  
47. from a location in Building 16 at MIT and registered under a pseudonym with MIT computer network as a guest. MIT offers campus guests short-term service on its computer network. Campus guests must register on the MIT network and are limited to a total of fourteen days per year of network service. 15. Swartz registered on the network using identifiers chosen to hide his identity as
48.  
49. the computer owner and user. a. b. The computer was registered under the fictitious guest name "Gary Host." The computer client name was specified as "ghost laptop." A
50.  
51. computer client name helps to identify it on a network and can be chosen by its user. In this case, the name was simply created by abridging the pseudonym "Gary Host," combining the first initial "g" with the last name "host." c. The fictitious "Gary Host" e-mail address was identified as
52.  
53. "ghost@mailinator.com." This was a "throwaway" e-mail address. Mailinator is a free, disposable e-mail service that allows a user to create a new e-mail address as needed, without even registering the address with Mailinator. Mailinator provides this service for users to have an anonymous and temporary e-mail address. Mailinator accepts mail for any e-mail address directed to the mailinator.com domain without need for a prior registration, and it allows anyone in the world to read that mail without having to create an account or enter a password. All mail sent to mailinator.com is automatically deleted after several hours whether read or not. 16. On September 25, 2010, Swartz used the Acer laptop to systematically access and 4
54.  
55. rapidly download an extraordinary volume of articles from JSTOR. He used a software program to automate the downloading process so that a human being would not need to keep typing in the archive requests. The program was also designed to sidestep or confuse JSTOR efforts to prevent this behavior. 17. These rapid and massive downloads and download requests impaired computers
56.  
57. used by JSTOR to service client research institutions and threatened to misappropriate its archive. 18. As JSTOR, and then MIT, became aware of these efforts to steal a vast proportion
58.  
59. of JSTOR archive, each took steps to block the flow of articles to Swartz computer and thus to prevent him from redistributing them. Swartz, in turn, repeatedly altered the appearance of his Acer laptop and the apparent source of his automated demands to get around JSTOR and MIT blocks against his computer. a. On the evening of September 25, 2010, JSTOR blocked the computer
60.  
61. access to its network by refusing communications from the computer assigned IP address. An IP (short for "Internet Protocol") address is a unique numeric address used by a computer on the Internet. Every computer attached to the Internet must be assigned an IP address so the Internet traffic sent from and directed to that computer can be directed properly from the source to its destination. Most Internet service providers control a range of IP Addresses. MIT controls all IP addresses that begin with the number 18. In this case, the computer had been assigned an IP address of 18.55.6.215, and JSTOR blocked communications from that IP address. b. On September 26, 2010, Swartz obtained for his computer a new IP
62.  
63. address on the MIT network (18.55.6.216) and began again to download an extraordinary volume of articles from JSTOR. Accesses from this address continued until the middle of the day, when JSTOR spotted and blocked this IP 5
64.  
65. address as well. Because the exploits on September 25 and 26 were both launched from MIT IP addresses beginning with 18.55.6 , and because computers used by JSTOR to service client research institutions were again impaired and its archive at risk of misappropriation, on September 26, 2010, JSTOR began blocking a much broader range of IP addresses. As a result, legitimate JSTOR users at MIT were denied access to JSTOR archive until September 29, 2010. c. Notified by JSTOR of what was happening, MIT sought to block Swartz
66.  
67. more specifically. It did so by prohibiting the Acer laptop from being assigned an IP address on MIT network. When a user plugs his computer into the wired network on MIT campus, his computer MAC address is used to determine whether he has been authorized to use the network. A MAC address is a unique identifier assigned to a computer network interface, in this case, the Acer laptop network interface card. A MAC address most often is assigned by the manufacturer of the network interface card and therefore generally remains constant on the device. Although a MAC address is intended to be a permanent and globally unique identification, a user with the right knowledge can change the MAC address, an action referred to as "MAC address spoofing," as discussed below. d. As part of the registration process, "Gary Host" computer, i.e., the Acer
68.  
69. laptop, had identified its network interface MAC address as 00:23:5a:73:5f:fb. Consequently, on September 27, 2010, MIT deactivated the guest registration for the "ghost laptop" by barring any network interface with that MAC address from being assigned a new IP address. 19. MIT banned the Acer laptop from its network under and consistent with its own
70.  
71. computer use rules, which required users to: a. use the network to support MIT research, education, and MIT 6
72.  
73. administrative activities, or at least to not interfere with these activities; b. maintain the system security and conform to applicable laws, including
74.  
75. copyright laws; and c. conform with rules imposed by any networks to which users connected
76.  
77. through MIT system. Guest users of the MIT network agreed to be bound by the same rules that applied to students, faculty, and employees. These rules explicitly notified users that violations could lead to state or federal prosecution. October 2 through 9, 2010 20. Despite knowing that his computer had been blocked from JSTOR and MIT
78.  
79. networks, Swartz sought and obtained another guest connection on MIT network, again for his Acer laptop less than a week later, on October 2, 2010. 21. Once again, Swartz registered the Acer latop on the network using identifiers
80.  
81. chosen to avoid identifying Swartz as the computer owner and user: a. The computer was once again registered under the fictitious name "Gary
82.  
83. Host" and the client name "ghost laptop." b. To evade the MAC address block, Swartz spoofed the computer MAC
84.  
85. address, manipulating it from 00:23:5a:73:5f:fb to 00:23:5a:73:5f:fc (the final "b" became a "c"). c. By re-registering the "ghost laptop," Swartz ensured that it was assigned a
86.  
87. new IP address. By obtaining a new IP address, Swartz disassociated his rogue computer from the IP addresses used to exploit JSTOR in September. 22. On October 8, 2010, Swartz connected a second computer to MIT network and
88.  
89. registered as a guest, using similar naming conventions: the computer was registered under the name "Grace Host," the computer client name "ghost macbook," and the throw-away e-mail address "ghost42@mailinator.com." 7
90.  
91. 23.
92.  
93. The next day, October 9, 2010, Swartz used both the "ghost laptop" and the
94.  
95. "ghost macbook" to systematically and rapidly access and download an extraordinary volume of articles from JSTOR. The pace was so fast that it brought down some of JSTOR computer servers. 24. In response, JSTOR blocked the entire MIT computer network access to JSTOR
96.  
97. for several days, beginning on or about October 9, 2010. November and December, 2010 25. During November and December, 2010, Swartz used the "ghost laptop" (i.e., the
98.  
99. Acer laptop) at MIT to make over two million downloads from JSTOR. This is more than one hundred times the number of downloads during the same period by all the legitimate MIT JSTOR users combined. Of the downloads, approximately half were research articles, with the remainder being reviews, news, editorials, and miscellaneous documents. 26. This time around, Swartz circumvented MIT guest registration process
100.  
101. altogether when he connected to MIT computer network. By this point, Swartz was familiar with the IP addresses available to be assigned at the switch in the restricted network interface closet in the basement of MIT Building 16. Swartz simply hard-wired into the network and assigned himself two IP addresses. He hid the Acer laptop and a succession of external storage drives under a box in the closet, so that they would not be obvious to anyone who might enter the closet. January 4 through 6, 2011 27. On January 4, 2011, Aaron Swartz was observed entering the restricted basement
102.  
103. network wiring closet to replace an external hard drive attached to his computer. 28. On January 6, 2011, Swartz returned to the wiring closet to remove his computer
104.  
105. equipment. This time he attempted to evade identification at the entrance to the restricted area. As Swartz entered the wiring closet, he held his bicycle helmet like a mask to shield his face, looking through ventilation holes in the helmet. Swartz then removed his computer equipment 8
106.  
107. from the closet, put it in his backpack, and left, again masking his face with the bicycle helmet before peering through a crack in the double doors and cautiously stepping out. 29. Shortly thereafter, Swartz connected the Acer latop to MIT network in a
108.  
109. different building, again registering on the network using identifiers chosen to avoid identifying Swartz as the computer owner and user. a. The computer was registered under the fictitious name "Grace Host" and
110.  
111. the client name "ghost laptop." b. To evade the block on the computer MAC address, Swartz had spoofed
112.  
113. (manipulated) its MAC address a second time, changing it from the blocked 00:23:5a:73:5f:fb to 00:4c:e5:a0:c7:56. c. By re-registering the "ghost laptop," Swartz ensured that it was assigned a
114.  
115. new IP address. By obtaining a new IP address for his rogue computer, Swartz disassociated it from the IP addresses used to exploit JSTOR up to that point. 30. Swartz had a software program named "keepgrabbing.py" installed on the Acer
116.  
117. laptop. Keepgrabbing.py was designed to download .pdf files from jstor.org and sidestep or confuse JSTOR efforts to prevent the behavior. 31. When MIT Police spotted Swartz on the afternoon of January 6, 2011 and
118.  
119. attempted to question him, he fled with a USB drive that contained the program "keepgrabbing2.py." "Keepgrabbing2.py" had distinct similarities to "keepgrabbing.py." 32. In all, Swartz stole approximately 4.8 million articles, a major portion of the total
120.  
121. archive in which JSTOR had invested. Of these, approximately 1.7 million were made available by independent publishers for purchase through JSTOR Publisher Sales Service. 33. Swartz intended to distribute a significant portion of JSTOR archive of digitized
122.  
123. journal articles through one or more file-sharing sites.
124.  
125. 9
126.  
127. COUNT 1 Wire Fraud 18 U.S.C. §§ 1343 & 2 34. The Grand Jury realleges and incorporates by reference the allegations in
128.  
129. paragraphs 1-33 of this Indictment and charges that: From on or about September 24, 2010, through January 6, 2011, or thereabout, in the District of Massachusetts and elsewhere, the defendant, AARON SWARTZ, having devised and intended to devise a scheme and artifice to defraud and for obtaining property, namely, journal articles digitized and distributed by JSTOR, and copies thereof, by means of material false and fraudulent pretenses, representations, and promises, transmitted and caused to be transmitted by means of wire communication in interstate commerce writings, signs, signals, and pictures, namely, communications to and from JSTOR computer servers, for the purpose of executing the scheme, and aided and abetted the same. All in violation of Title 18, United States Code, Sections 1343 and 2.
130.  
131. 10
132.  
133. COUNT 2 Computer Fraud 18 U.S.C. §§ 1030(a)(4) & 2 35. The Grand Jury realleges and incorporates by reference the allegations in
134.  
135. paragraphs 1-33 of this Indictment and charges that: From on or about September 24, 2010, through January 6, 2011, or thereabout, in the District of Massachusetts and elsewhere, the defendant, AARON SWARTZ, knowingly and with intent to defraud, accessed a protected computer, namely, a computer on MIT network and a computer on JSTOR network, without authorization and in excess of authorized access, and by means of such conduct furthered the intended fraud and obtained things of value, namely, digitized journal articles from JSTOR archive, and aided and abetted the same. All in violation of Title 18, United States Code, Sections 1030(a)(4) and 2.
136.  
137. 11
138.  
139. COUNT 3 Unlawfully Obtaining Information from a Protected Computer 18 U.S.C. §§ 1030(a)(2), (c)(2)(B)(iii) & 2 36. The Grand Jury realleges and incorporates by reference the allegations in
140.  
141. paragraphs 1-33 of this Indictment and charges that: From on or about September 24, 2010, through January 6, 2011, or thereabout, in the District of Massachusetts and elsewhere, the defendant, AARON SWARTZ, intentionally accessed a computer, namely, a computer on MIT computer network and a computer on JSTOR network, without authorization and in excess of authorized access, and thereby obtained from a protected computer information whose value exceeded $5,000, namely, digitized journal articles from JSTOR archive, and aided and abetted the same. All in violation of 18 U.S.C. §§ 1030(a)(2), (c)(2)(B)(iii) and 2.
142.  
143. 12
144.  
145. COUNT 4 Recklessly Damaging a Protected Computer 18 U.S.C. §§ 1030(a)(5)(B), (c)(4)(A)(i)(I),(VI) & 2 37. The Grand Jury realleges and incorporates by reference the allegations in
146.  
147. paragraphs 1-33 of this Indictment and charges that: From on or about September 24, 2010, through January 6, 2011, or thereabout, in the District of Massachusetts and elsewhere, the defendant, AARON SWARTZ, intentionally accessed a protected computer, namely, a computer on MIT computer network and a computer on JSTOR network, without authorization, and as a result of such conduct recklessly caused damage to MIT and JSTOR, and, during a 1-year period, caused loss aggregating at least $5,000 in value and damage affecting at least 10 protected computers, and aided and abetted the same. All in violation of Title 18, United States Code, Sections 1030(a)(5)(B), (c)(4)(A)(i)(I),(VI) & 2.
148.  
149. 13
150.  
151. FORFEITURE ALLEGATIONS (18 U.S.C. § 981(a)(1)(C), 28 U.S.C. § 2461(c), and 18 U.S.C. §982(a)(2)(B))
152.  
153. 38. defendant,
154.  
155. Upon conviction of the offense alleged in Count One of the Indictment, the
156.  
157. AARON SWARTZ, shall forfeit to the United States, pursuant to 18 U.S.C. § 981(a)(1)(C) and 28 U.S.C. § 2461(c), any property, real or personal, that constitutes, or is derived from, proceeds traceable to the commission of the offense. 39. Upon conviction of one or more of the offenses alleged in Counts Two through
158.  
159. Four of the Indictment, the defendant, AARON SWARTZ, shall forfeit to the United States, pursuant to 18 U.S.C. § 982(a)(2)(B) any property constituting, or derived rom, proceeds obtained directly or indirectly as a result of the commission of the offenses. 40. If any of the property described in paragraphs 38 and 39 hereof as being
160.  
161. forfeitable pursuant to 18 U.S.C. § 981(a)(1)(C), 28 U.S.C. § 2461(c), and 18 U.S.C. § 982(a)(2)(B) as a result of any act or omission of the defendant -a. cannot be located upon the exercise of due diligence; b. has been transferred to, sold to, or deposited with a third party; c. has been placed beyond the jurisdiction of this Court; d. has been substantially diminished in value; or e. has been commingled with other property which cannot be divided without difficulty;
162.  
163. 14
164.  
165. it is the intention of the United States, pursuant to 21 U.S.C. § 853(p), as incorporated by 28 U.S.C. § 2461(c), to seek forfeiture of all other property of the defendant up to the value of the property described in paragraphs 38 and 39 above. All pursuant to Title 18, United States Code, Sections 981(a)(1)(C) and 982(a)(2)(B), and Title 28, United States Code, Section 2461(c).
166.  
167. A TRUE BILL
168.  
169. Foreperson of the Grand Jury
170.  
171. Date: _______________ Assistant United States Attorney DISTRICT OF MASSACHUSETTS July 14, 2011 Returned into the District Court by the Grand Jurors and filed.
172.  
173. Deputy Clerk
174.  
175. 15
176.  
177.