I'm very skeptical of any internal investigation conducted by an institution that exonerates it from all wrongdoing.
"Wrongdoing" is a broad term. The report says that MIT did not do anything illegal. It does not say that MIT made no mistakes.
Once again, have you actually read the report? If not, you should do so instead of relying on biased second-hand accounts.
I wouldn't trust any investigation by an employee of the institution under investigation
In other words, you don't think any institution can ever police itself. But the alternative is for it to be policed by...another institution?
This is, of course, the old quis custodiet problem, and it has no guaranteed solution. But I don't see why the default position should be that no institution can police itself. I think we ought to expect institutions to police themselves, and you can't do that if you automatically distrust anything the institution says about itself.
MIT didn't seek leave merely to redact names of employees...but also any information in which MIT has a privacy interest.
Source, please? The only things I'm aware of them asking for are to redact names and identifying information of employees and information about MIT's network vulnerabilities.
I see no reason why those who participated in these terrible events should be shielded from public opprobrium
Even if they were acting reasonably? For example, take the MIT network engineers who noticed the unusual activity and reported it, helped to discover where it was coming from (as in, what device was producing it--the laptop), but had no further part in the proceedings. They are named in the documents. Do they deserve public opprobrium?
The world is not black and white, and people have to try to make reasonable decisions with incomplete information all the time. I will agree that the MIT administration made mistakes (although it's a lot easier to say that in hindsight); but I do not agree that every single person affiliated with MIT who participated at any point in these events acted wrongly and deserves public opprobrium.
> "'Wrongdoing' is a broad term. The report says that MIT did not do anything illegal. It does not say that MIT made no mistakes.
Once again, have you actually read the report? If not, you should do so instead of relying on biased second-hand accounts."
Yes, I have read the report in detail. To comment without doing so would be irresponsible.
In particular, the portion I, as well as many others including Aaron Swartz's father, take issue with is the section beginning on page 52 entitled "MIT adopts and maintains a posture of neutrality."
MIT in fact began the prosecution through contacting law enforcement, conducted a sting operation by videotaping the wiring cabinet, and most importantly, at every turn chose to escalate the situation rather than see the incident for what it was: a petty experiment. They could have chosen to block his access, or approached him privately. Instead they chose to hand him over to a US attorney's office for prosecution under laws they knew or should have known to be draconian.
>"In other words, you don't think any institution can ever police itself."
That is emphatically not what I said, nor is it an accurate restatement.
I said that I don't trust any internal investigation which exonerates the institution that conducted the investigation. Prof. Abelson began his investigation by stating, "The review will not be a witch-hunt or an attempt to lay blame on individuals. We don’t know what we’ll find as the answers unfold, but I expect to find that every person acted in accordance with MIT policy."
Before he spoke to a single witness, weighed a single piece of evidence, examined a single record, or interviewed a single expert he stated that he expected to find no deviation from policy. That is not the statement of a fair or unbiased investigator.
I place no more stock in his investigation than I would a JP Morgan or Goldman Sachs "investigation" that concluded that they played no role in the mortgage crisis.
Twisting my words to argue against a strawman is facile and does not further the cause of informed debate.
Note the broad claims to protecting employee "privacy." This is about more than redacting a few names, not least because FOIA requires that the names of third parties be redacted anyway.
If redacting names is a requirement of the law, why would MIT need an invented "pre-screening" procedure to ensure names were redacted? The answer is, of course, that they wouldn't.
Never have I seen a private institution intervene in a FOIA request in this manner. This intervention had precisely nothing to do with protecting the privacy of employees, and everything to do with establishing a legal avenue to conceal information MIT found embarrassing.
>"I see no reason why those who participated in these terrible events should be shielded from public opprobrium
>>Even if they were acting reasonably? For example, take the MIT network engineers who noticed the unusual activity and reported it, helped to discover where it was coming from (as in, what device was producing it--the laptop), but had no further part in the proceedings. They are named in the documents. Do they deserve public opprobrium?"
No, nor would they receive it. Setting aside that FOIA requires their names be redacted anyway, I trust that sunlight is the best disinfectant, and that public scorn would be heaped upon those that deserve it.
MIT in fact began the prosecution through contacting law enforcement
Local law enforcement, yes--because, as the report notes, they did not have the in-house expertise to figure out what was going on. MIT did not call in the Secret Service; local law enforcement did. And calling law enforcement to help figure out who is using your network in a way you didn't expect is not the same as beginning a prosecution.
conducted a sting operation by videotaping the wiring cabinet
The cabinet, the room it was in, and the network as a whole were MIT's property. Would you call it a "sting operation" if you put a video camera in your house to figure out who was trying to hook up to your home network?
and most importantly, at every turn chose to escalate the situation rather than see the incident for what it was: a petty experiment.
I strongly disagree with this characterization, and I don't think the report supports it.
They could have chosen to block his access
They did, several times. Each time he changed tactics to circumvent the blockage.
or approached him privately
They couldn't, because they didn't know whom to approach. Swartz was not identified until he was arrested, and even then MIT did not identify him; the Cambridge police did.
Instead they chose to hand him over to a US attorney's office for prosecution
They did no such thing. You are twisting the facts.
I said that I don't trust any internal investigation which exonerates the institution that conducted the investigation.
First of all, as I said before, the report does not "exonerate" MIT. But let's assume for the sake of argument that we are looking at a report by an institution concerning its own conduct which does exonerate it, in all respects.
Second, even on that assumption, what you say here amounts to the same thing I said before: you don't think any institution can police itself. You are basically assuming that, if an investigation is ever started at all, there must have been some wrongdoing, so if the institution doesn't find any wrongdoing, it must be a whitewash. That's equivalent to saying that no institution can ever police itself. (It's also wrong, in my opinion; investigations can perfectly legitimately find that no wrongdoing took place.)
Before he spoke to a single witness, weighed a single piece of evidence, examined a single record, or interviewed a single expert he stated that he expected to find no deviation from policy. That is not the statement of a fair or unbiased investigator.
I'm not judging the report by statements made beforehand. I'm judging it on its own merits. I don't think you are doing likewise.
Note the broad claims to protecting employee "privacy"
No, the claims aren't broad, because they specifically say "employee privacy". They do not say, as you implied they did, "anything in which MIT has a privacy interest". That would indeed be very broad, but that's not what MIT requested.
No, nor would they receive it.
Hollow laugh. You have a much greater faith than I do in the public's ability to consider such things rationally, particularly when the public is being inflamed by rhetoric about how the government is being draconian and MIT is aiding and abetting it.
I would debunk this piece by piece, but it's more efficient to make my point with a single example.
>"Local law enforcement, yes--because, as the report notes, they did not have the in-house expertise to figure out what was going on."
Your argument, on Hacker News, which you find perfectly plausible, is that the Massachusetts Institute of Technology lacked sufficient in-house expertise to diagnose a mass download via curl?
It wasn't the downloading that was hard to diagnose; they figured out pretty quickly what was being downloaded. What caused the difficulty was the tactics that were used to circumvent the normal controls on downloading and usage of the network. I do find it plausible (though very disappointing) that the MIT administration did not have in-house expertise in the low-level diagnosis necessary to deal with that. How familiar are you with MIT?
"Wrongdoing" is a broad term. The report says that MIT did not do anything illegal. It does not say that MIT made no mistakes.
Once again, have you actually read the report? If not, you should do so instead of relying on biased second-hand accounts.
I wouldn't trust any investigation by an employee of the institution under investigation
In other words, you don't think any institution can ever police itself. But the alternative is for it to be policed by...another institution?
This is, of course, the old quis custodiet problem, and it has no guaranteed solution. But I don't see why the default position should be that no institution can police itself. I think we ought to expect institutions to police themselves, and you can't do that if you automatically distrust anything the institution says about itself.
MIT didn't seek leave merely to redact names of employees...but also any information in which MIT has a privacy interest.
Source, please? The only things I'm aware of them asking for are to redact names and identifying information of employees and information about MIT's network vulnerabilities.
I see no reason why those who participated in these terrible events should be shielded from public opprobrium
Even if they were acting reasonably? For example, take the MIT network engineers who noticed the unusual activity and reported it, helped to discover where it was coming from (as in, what device was producing it--the laptop), but had no further part in the proceedings. They are named in the documents. Do they deserve public opprobrium?
The world is not black and white, and people have to try to make reasonable decisions with incomplete information all the time. I will agree that the MIT administration made mistakes (although it's a lot easier to say that in hindsight); but I do not agree that every single person affiliated with MIT who participated at any point in these events acted wrongly and deserves public opprobrium.