MIT in fact began the prosecution through contacting law enforcement
Local law enforcement, yes--because, as the report notes, they did not have the in-house expertise to figure out what was going on. MIT did not call in the Secret Service; local law enforcement did. And calling law enforcement to help figure out who is using your network in a way you didn't expect is not the same as beginning a prosecution.
conducted a sting operation by videotaping the wiring cabinet
The cabinet, the room it was in, and the network as a whole were MIT's property. Would you call it a "sting operation" if you put a video camera in your house to figure out who was trying to hook up to your home network?
and most importantly, at every turn chose to escalate the situation rather than see the incident for what it was: a petty experiment.
I strongly disagree with this characterization, and I don't think the report supports it.
They could have chosen to block his access
They did, several times. Each time he changed tactics to circumvent the blockage.
or approached him privately
They couldn't, because they didn't know whom to approach. Swartz was not identified until he was arrested, and even then MIT did not identify him; the Cambridge police did.
Instead they chose to hand him over to a US attorney's office for prosecution
They did no such thing. You are twisting the facts.
I said that I don't trust any internal investigation which exonerates the institution that conducted the investigation.
First of all, as I said before, the report does not "exonerate" MIT. But let's assume for the sake of argument that we are looking at a report by an institution concerning its own conduct which does exonerate it, in all respects.
Second, even on that assumption, what you say here amounts to the same thing I said before: you don't think any institution can police itself. You are basically assuming that, if an investigation is ever started at all, there must have been some wrongdoing, so if the institution doesn't find any wrongdoing, it must be a whitewash. That's equivalent to saying that no institution can ever police itself. (It's also wrong, in my opinion; investigations can perfectly legitimately find that no wrongdoing took place.)
Before he spoke to a single witness, weighed a single piece of evidence, examined a single record, or interviewed a single expert he stated that he expected to find no deviation from policy. That is not the statement of a fair or unbiased investigator.
I'm not judging the report by statements made beforehand. I'm judging it on its own merits. I don't think you are doing likewise.
Note the broad claims to protecting employee "privacy"
No, the claims aren't broad, because they specifically say "employee privacy". They do not say, as you implied they did, "anything in which MIT has a privacy interest". That would indeed be very broad, but that's not what MIT requested.
No, nor would they receive it.
Hollow laugh. You have a much greater faith than I do in the public's ability to consider such things rationally, particularly when the public is being inflamed by rhetoric about how the government is being draconian and MIT is aiding and abetting it.
I would debunk this piece by piece, but it's more efficient to make my point with a single example.
>"Local law enforcement, yes--because, as the report notes, they did not have the in-house expertise to figure out what was going on."
Your argument, on Hacker News, which you find perfectly plausible, is that the Massachusetts Institute of Technology lacked sufficient in-house expertise to diagnose a mass download via curl?
It wasn't the downloading that was hard to diagnose; they figured out pretty quickly what was being downloaded. What caused the difficulty was the tactics that were used to circumvent the normal controls on downloading and usage of the network. I do find it plausible (though very disappointing) that the MIT administration did not have in-house expertise in the low-level diagnosis necessary to deal with that. How familiar are you with MIT?
Hmm. I'm not sure you read the same report I did.
MIT in fact began the prosecution through contacting law enforcement
Local law enforcement, yes--because, as the report notes, they did not have the in-house expertise to figure out what was going on. MIT did not call in the Secret Service; local law enforcement did. And calling law enforcement to help figure out who is using your network in a way you didn't expect is not the same as beginning a prosecution.
conducted a sting operation by videotaping the wiring cabinet
The cabinet, the room it was in, and the network as a whole were MIT's property. Would you call it a "sting operation" if you put a video camera in your house to figure out who was trying to hook up to your home network?
and most importantly, at every turn chose to escalate the situation rather than see the incident for what it was: a petty experiment.
I strongly disagree with this characterization, and I don't think the report supports it.
They could have chosen to block his access
They did, several times. Each time he changed tactics to circumvent the blockage.
or approached him privately
They couldn't, because they didn't know whom to approach. Swartz was not identified until he was arrested, and even then MIT did not identify him; the Cambridge police did.
Instead they chose to hand him over to a US attorney's office for prosecution
They did no such thing. You are twisting the facts.
I said that I don't trust any internal investigation which exonerates the institution that conducted the investigation.
First of all, as I said before, the report does not "exonerate" MIT. But let's assume for the sake of argument that we are looking at a report by an institution concerning its own conduct which does exonerate it, in all respects.
Second, even on that assumption, what you say here amounts to the same thing I said before: you don't think any institution can police itself. You are basically assuming that, if an investigation is ever started at all, there must have been some wrongdoing, so if the institution doesn't find any wrongdoing, it must be a whitewash. That's equivalent to saying that no institution can ever police itself. (It's also wrong, in my opinion; investigations can perfectly legitimately find that no wrongdoing took place.)
Before he spoke to a single witness, weighed a single piece of evidence, examined a single record, or interviewed a single expert he stated that he expected to find no deviation from policy. That is not the statement of a fair or unbiased investigator.
I'm not judging the report by statements made beforehand. I'm judging it on its own merits. I don't think you are doing likewise.
Note the broad claims to protecting employee "privacy"
No, the claims aren't broad, because they specifically say "employee privacy". They do not say, as you implied they did, "anything in which MIT has a privacy interest". That would indeed be very broad, but that's not what MIT requested.
No, nor would they receive it.
Hollow laugh. You have a much greater faith than I do in the public's ability to consider such things rationally, particularly when the public is being inflamed by rhetoric about how the government is being draconian and MIT is aiding and abetting it.