Guilty Plea in AOL Engineer's Address Theft Case

ScentCone writes "Jason Smathers, a former AOL software engineer has pleaded guilty in his theft of 92 million in-house account screen names. He'll be paying $200-400k, and serving a year or two of federal time. Smathers used another employee's account to steal the data, and sold it to a Vegas-based online casino operator. Interestingly, one of the charges was 'interstate transportation of stolen property.'"

Interstate?

[Bongoots]

If he was charged with 'interstate transportation of stolen property', does that mean that he printed out all 92 million screen names and took them in his car across state borders?

Re:Interstate?

[shark72]

"If he was charged with 'interstate transportation of stolen property', does that mean that he printed out all 92 million screen names and took them in his car across state borders?"

Doubtful. A sometimes common perception among Slashdotters is that the law is immutable and easily defeated by technology, but a look at how the law has changed over the past several hundred years shows that the law does eventually catch up. It's my understanding that interstate transport can now include e-mail as well as the historic methods of postal mail and, as you've mentioned, cars. And, of course, you probably already knew that that database is AOL's property whether it's printed or not.

Other examples: it took several years after the advent of motion pictures before copyright law caught up with them. There were a few years in which films weren't copyrightable, but the law did catch up. When the first cars started being built, there were no vehicle codes (or if there were, they covered things like carriages), but the vehicle codes eventually caught up. And, for most of our history of copyright law, it was basically legal to redistribute copyrighted material without compensation; the law didn't need to cover this because it was simply impractical to print a thousand books and give them away for free. When technology began allowing somebody to put a file on an FTP site and allow widespread duplication, copyright law finally caught up several years later, in the form of the NET act.

Obvious

[FiReaNGeL]

He pleaded guilty cause he was.

Can we really say anything more than 'well deserved'?

Do we know for how much he sold the stolen list? I supe hope for him its more than 400k... but I doubt it!

I'm sorry, but this is crap...

[j1bb3rj4bb3r]

The guy who gives the email addresses to the spammers is forced to pay restitution costs to AOL for the amount they spent on dealing with email that the spammer's sent. This is bullshit. If anyone should have to pay, it is the spammers. The guy can go to jail for theft of property (if you consider email lists property... which the government seems to... but this is another issue), but he didn't directly cost AOL any money. This is a crap example of a big company getting money from this little guy because getting the money from the spammers is nigh impossible. He plead guilty, so I think that keeps him from being able to appeal.

Re:For Chrissake, Slashdot

[Anita+Coney]

It may be nothing to you, but when 80% of all email is spam, and when legitimate emails are filtered out, and when email becomes essentially useless, nearly everyone else disagrees.

Prison is a place of punishment

A prison is supposed to be a place of punishment.

Quite frankly, I don't care what goes on in there as long as people fear getting into one. Fucking ream the shit out of the murderers and child rapists with broomsticks and they'll never rape again.

Re:Prison is a place of punishment

[ergo98]

Fucking ream the shit out of the murderers and child rapists with broomsticks and they'll never rape again.

Uh, who do you think is doing the raping? Nuns with dildos? It's murderers and rapists plying their trade in the big house.

Re:Prison is a place of punishment

[timeOday]

Quite frankly, I don't care what goes on in there as long as people fear getting into one.

That's crazy. You can go to jail for lots of things, for instance stealing email addresses. Or for that matter, you can be falsely convicted. It happens.

Re:Prison is a place of punishment

[laughingcoyote]

But cop-killers are at the top of the heap, and are looked up to. They don't take kindly to -some- types of f'ed up behavior, and very kindly to others. Please don't make it out as though jailhouse beatings and rape are meted out according to the severity of the prisoner's crime-they're generally meted out according to opportunity and physical strength, or lack thereof.

Re:For Chrissake, Slashdot

[MillionthMonkey]

If this wasn't about spam, people on here would be jumping up and down screaming their guts out about how the punishment doesn't fit the crime.

$400k for 92 million screen names? That's less than a half-cent per compromised screen name- what a deal! The year in prison is on top of that but that's probably on the order of magnitude of about $500k (judging from how much you'd have to pay me to go) so we're still at less than a cent per screen name. Ask anyone whose screen name was compromised, with a punishment of less than a cent. This guy got off easy.

For christ's sake, spam is NOT that big of a deal.

Yes it is.

Such a danger

Yes, get this man off the street before he copies anyone else's database! I know I feel a lot safer with him behind bars. The monster.

Re:Wait

[shark72]

"As I understand it Facts are not copyrightable. A huge list of email addresses is just a big list of facts. If they can't have a copyright on the list of email addresses they can't assert that they've been stolen."

I'm not sure how you made that last logical connection. This isn't a copyright infringement case; it's one of trade secrets and proprietary information. This is the modern equivalent of the old days where somebody might sneak out a big list of customer names and snail-mail addresses -- they're not copyrightable either, but it sure as hell is legally actionable.

18-24 Months?

[RockClimb]

In November of 2003 I was getting about 175 spams per day. In December of 2003 I installed Spamassassin, set up ip# and domain name block lists, tweaked the rules and wrote my own, and wrote a user email/spam report system. I spent a good deal of time getting this set up and working out the bugs. My email server received over 145,000 connections in 2004, over 143,000 were spam.

I have the ability and resources to do these things but many internet users do not. While I don't have an AOL account, I still think he should have received more hard time. Put him away for a long time, maybe his cell mate will be a disgruntled AOL user who lost it after getting "one too many spams".... make other spammers and their helpers think twice.

Re:mandatory restitution?

[mccrew]

Smathers is only paying "the amount the government estimates AOL spent as a result of the e-mails," which is that $200,000 to $400,000. Is our government unable to represent those who suffered significantly more harm than AOL, the people?

2 quick points

1. Yes, the regular folks who recieve spam were harmed, but it is pretty hard to come up with some number to quantify. Another slashdotter hit the nail on the head in the other story today about how spam costs $22 billion per year.

2. The restitution does seem rather low - we all would have a self-satisfied chuckle if it had been a huge unreachable range like $200M to $400M. But it is low enough that there is a realistic chance he will actually have to pay off the whole thing off, perhaps have his wages garnished for the rest of his life. That does sound like serious consequences.

He sold it?

[AstroDrabb]

Smathers used another employee's account to steal the data, and sold it to a Vegas-based online casino operator.

So this guy sold this information and is getting in trouble for it? Well that sounds fair. However, what about the Vegas company that purchased the "goods"? Are any legal proceedings taking place against them? Or is anything a corporation does "OK" with the government and the DA's office?

I haven't heard anything against the Vegas company that purchased this information. Why is it OK for a company to carry out these acts but if a citizen does the same acts, he/she is fined a few hundred grand and sent to jail for a year or two?

Re:That's federal pound me in the ass prison.

[vsprintf]

For people who work for AOL? You betcha.

No. That's not even appropriate. For people like Kenneth Lay, who preached ethics while robbing little old ladies and millions of others, okay. But he won't ever wind up in prison, and if he did, no Bubba would want him.

Re:That's federal pound me in the ass prison.

[vsprintf]

Actually, the 1 to 2 year sentence was way too light, IMO. Something more along the line of a public (televised) hanging or draw-and-quartering (or perhaps more toward your tastes, impalement.)

While I really dislike spam, since people who murder children (no it's not about abortion) often get no prison time, it really seems a little severe. Is spamming 100 million people worse than murdering one child? Is that the Slashdot ethos?