Expose A Blatant Security Hole In AT&T's Servers, Get 3.5 Years In Jail
from the now-the-holes-will-be-open-longer dept
The sentencing, by the way, was near the top of the "guidelines" the judge had, for those who insisted that the courts in other CFAA cases, such as Aaron Swartz's might be lenient.
Plenty of people -- especially in the security community, are realizing what a ridiculous ruling this is and how dangerous it is. As people are starting to point out, while he may be a jerk, that doesn't mean he's a criminal. The prosecution used chat logs in which Auernheimer and a friend, Daniel Spitler, discussed the effort, and the fact that they talked about harming AT&T's reputation and promoting themselves as security experts. I don't see how that leads to any criminal activity though. AT&T's reputation should be tarnished for having crap security. And why wouldn't some researchers talk about using the discovery of a really bad privacy hole by a major corporation to boost their own credentials. Pretty much anyone in their shoes would reasonably think the same thing.
Prosecutors, of course, played up Auernheimer's history of being a jerk, but that alone has little to do with his actions here:
"His entire adult life has been dedicated to taking advantage of others, using his computer expertise to violate others' privacy, to embarrass others, to build his reputation on the backs of those less skilled than he," wrote U.S. Attorney Paul Fishman, who went on to note the "atypical recalcitrance by the defendant to conform to the laws regarding unauthorized computer access."While that may be true, none of that, by itself, is illegal. And the actions that exposed a glaring hole put in place by bad programmers at AT&T shouldn't be either.