Prosecutors, others involved in Swartz case express safety, privacy concerns

Ask that names of those involved in the case not be disclosed

The U.S government and two other entities involved in investigations leading to the indictment of the late Internet activist Aaron Swartz have asked a federal court in Boston to redact the names of people involved in the case from documents being sought by Swartz's estate and by some lawmakers.

In separate affidavits filed with the court last week, the Department of Justice, the Massachusetts Institute of Technology and Ithaka Harbors Inc. a nonprofit organization that operates JSTOR, a large database of academic journals, cited privacy and security concerns as reasons for their redaction requests.

Swartz, 26, hanged himself in January apparently over concerns stemming from the prospect of spending up to 35 years in prison on hacking-related charges.

Federal prosecutors in Massachusetts had alleged that Swartz violated the provisions of the Computer Fraud and Abuse Act (CFAA) when he misused his guest access privileges on MIT's network to systematically access and download 4 million documents from JSTOR. He was indicted on 13 counts of felony hacking and wire fraud related to the alleged theft.

Swartz claimed he had downloaded the scholarly documents in JSTOR solely to make them available for free to everyone on the Internet.

His death galvanized calls for a review of the use of the CFAA by federal authorities. Many blamed prosecutors for harassing Swartz and for trying to scare him into making a plea deal by hitting him with charges that carried long prison sentences. S

Swartz's family accused prosecutors of intimidation and overreach and asked for an investigation into the government's handling of the case. They have demanded to know the names of all those who were involved in the investigation in order to understand the role that "institutional players" had in Swartz's death.

Several lawmakers have asked the Department of Justice for more information on the Swartz prosecution.

In an affidavit filed last week, Jack Pirozzolo, first assistant U.S. attorney for the District of Massachusetts, said the government agreed in principle to the unsealing of certain documents related to the case in accordance with the demands of Swartz's attorneys and Congress.

However, he argued that the documents be stripped of the names and other identifying information of individuals involved in the case for the sake of their privacy and security.

Pirozzolo claimed that U.S. Attorney Carmen Ortiz, who oversaw the prosecution of the case, and assistant U.S. Attorney Stephen Heymann both received harassing and potentially threatening emails in the weeks and months following Swartz's suicide.

"One such email I have seen states, among other things: ROFLMAO just saw you were totally dox'd over the weekend by Anonymous," Pirozzolo wrote referring to an email allegedly sent to Heymann. "How does it feel to become an enemy of the state? FYI, you might want to move out of the country and change your name."

Pirozzolo noted that Heymann's home address, personal phone number and the names of family members and friends have been posted online and his Facebook page hacked since Swartz's death. He added that Heymann and his father had received postcards with an image depicting a man's head in a guillotine.

Pirozzolo said he had informed Swartz's attorney "that whatever additional public benefit might exist by disclosing certain names was, in this case, outweighed by the risk to those individuals of becoming targets of threats, harassment and abuse."

A similar motion filed by MIT noted that the university had no objection to certain documents being unsealed so long as it was given a chance to redact them first to protect "the privacy and safety" of members of the MIT community. The university said it also wanted to redact some information to prevent the disclosure of MIT network vulnerabilities to the public.

Kevin Guthrie, the president of Ithaka Harbors, called on the court to protect the identity of the company's employees. "A number of events since Mr. Swartz's death have caused JSTOR and our employees to be concerned for their safety and privacy," Guthrie said in an affidavit last week.

He pointed to the hacking of MIT's website and the site of the U.S. Sentencing Commission by those protesting Swartz's death as examples of the fallout from Swartz's death. "We also are aware of public reports of an anonymous call to MIT claiming that a gunman was on the campus to retaliate against people involved in Swartz's case," Guthrie said.

He claimed the company had received several threatening emails and other online messages after Swartz's suicide. "A number of JSTOR personnel have spoken with me to express concern that their safety and privacy could be compromised if their names were released in connection with this matter," he noted.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed. His e-mail address is

See more by Jaikumar Vijayan on

Read more about cybercrime and hacking in Computerworld's Cybercrime and Hacking Topic Center.

Join the CSO newsletter!

Error: Please check your email address.

Tags Cybercrime and HackingsecurityMassachusetts Institute of Technologylegalprivacy

More about Department of JusticeFacebookInc.Massachusetts Institute of TechnologyMITTechnologyTopic

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jaikumar Vijayan

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place