On the blog Errata Security, Robert David Graham (if that’s his real name) made a case for his own arrest and detention, presumably with some irony.
On reading the original indictment against Aaron Swartz, he wrote, “It sent chills down my back, because I do everything on that list (and more).” One of Swartz’s crimes, according to the document was to “elude detection and identification.”
By doing so, the charges go, he was committing wire fraud when he downloaded the JSTOR database he was accused of stealing. This despite the fact, Graham claimed, that he was not asked for his real name at any point in the process.
“(N)obody asked Aaron for his true identity,” he wrote, “but he was indicted for wirefraud for concealing his true identity. He was indicted for doing the same things I do every day.”
Being accused of wire fraud for MAC randomization is “like saying if somebody blocks your phone number, then it’s wirefraud calling from a different phone. Your phone number is not your true identity, and neither is your MAC address.”
Graham outlined the way he regularly does the same.
Among other actions, he randomizes the Media Access Control (MAC) addresses attached to the host of MacBooks he uses and does so under the pseudonym “Martin.” When he signed up for inflight Wi-Fi, he did so under an assumed name using a secondary email address.
Why does he engage in all this ID-oriented legerdemain?
“That’s none of your business! I mean, all this has perfectly rational explanations in terms of cybersecurity, privacy, and anti-spam. You can probably guess most of the reasons. But explaining myself defeats the purpose. I shouldn’t have to explain myself to you, to prosecutors, or to a jury. I have a human right to privacy, and guarding that right should not be cause for prosecution.”
Hanni Fakhoury, staff attorney for the Electronic Frontier Foundation, told the Daily Dot, he believes Graham is overstating the problem.
“The wire fraud charge wasn’t because Aaron was trying to conceal his identity,” he said, according to the wire fraud statute. “It’s because he was trying to conceal his identity while (arguably) intending to defraud MIT and JSTOR by taking articles.”
Intent is key.
If Graham did not, for instance, sign up for the inflight Wi-Fi in order to avoid paying, he cdid not ommit wire fraud.
“The problem in Aaron’s case was less the means by which he furthered the ‘fraud,’” Fakhoury believes, “but rather, that the government perceived what happened as a ‘fraud’ in the first place.”
Graham told the Daily Dot the purpose of his post was to make the case that, because he was never asked for his “true identity,” Swartz did not take any actions under “false pretenses”
“In any case,” he said, “I’m trying to point out is that if I’m ever suspected of a crime, prosecutors will find that I’m always making ‘false pretenses.’ I’m trying to show that I’m not doing false pretenses to further a crime, but that I do what you call ‘false pretenses’ all the time as a way of life.”
Whether presenting yourself under an alternative identity because you were not directly asked for your “true identity” removes the intent from the fraud definition is far from certain. Again, it probably comes down to intent.
But regardless of the details of the law today, a society-wide decision on the nature of information ownership, grounded in usable law and evenly applied, is necessary to achieve the proportionality some believe was sorely lacking in Swartz’s prosecution.
That may be some time in coming.
Photo by Murray Steele/Flickr