In the latest criminal prosecution to alarm Internet activists, a security researcher whoa non-password protected portion of AT&T's Web site was sentenced today to 41 months in prison and three years of supervised release.
Auernheimer is hardly the most sympathetic defendant: He's a self-described Internet troll who has delighted in making enemies along the way. "I hack, I ruin lives, I make piles of money," he told The New York Times, which published a profile of him in 2008, and two years later Fortune dubbed him "the ugliest computer hacker." He even trolled prosecutors in an offering "friendly advice."
The Justice Department responded by using Auernheimer's trollishness to urge U.S. District Judge Susan Wigenton to hand down a lengthy sentence -- and 41 months is at the upper end of what the federal sentencing guidelines allow. In a letter to Wigenton last week, U.S. Attorney Paul Fishman cited "defendant's chosen 'career' of wreaking havoc on the Internet" and said "his entire adult life has been dedicated to taking advantage of others, using his computer expertise to violate others' privacy, to embarrass others, to build his reputation on the backs of those less skilled than he."
But, by itself, being a professional irritant isn't illegal. Supporters have set up a defense fund for Auernheimer, with one calling him "the Internet prophet of discord," and others organizing impromptu book deliveries in prison. The Electronic Frontier Foundation said this morning it will join his legal defense team during an appeal, and even Auernheimer's detractors said today that he didn't deserve to be imprisoned for accessing AT&T's servers.
Normally Auernheimer's predicament might not have attracted much attention. But he was convicted under the Computer Fraud and Abuse Act, a controversial law that was enacted to deter intrusions into NORAD, but was reform the CFAA.-- including, according to federal prosecutors, about your personal information when using social networks. There's now a growing effort, including legislation drafted in the U.S. Congress, to
If Keys had given the keys to the newspaper's printing press to vandals who altered a headline on a printed version of the newspaper, he might have been charged with misdemeanor crimes such as trespass or malicious mischief that would have yielded a few months in jail or, more likely, probation. But penalties in the CFAA -- which was enacted in a "WarGames"-fueled panic over hackers accessing government mainframes -- are far more Draconian than state law.
Auernheimer was arrested in 2011 after discovering a security hole on AT&T's Web site that exposed the e-mail addresses of more than 100,000 iPad users. His organization, Goatse Security, created a script to download the records and to Gawker.
In anat the time of the discovery, Auernheimer said: "I think it was necessary to inform the public in this particular manner. I know some people are criticizing us and calling it irresponsible, but we did our best effort to be good guys about it. We waited until the hole was patched. We didn't disclose the data except to a reporter who agreed to censor the relevant bits. We felt it was in the public's best interest."