Slashdot Mirror

← Back to Stories (view on slashdot.org)

Jail Looms For Man Who Revealed AT&T Leaked iPad User E-Mails

Posted by Soulskill on from the doing-it-wrong dept.

concealment sends this quote from MIT's Technology Review: "AT&T screwed up in 2010, serving up the e-mail addresses of over 110,000 of its iPad 3G customers online for anyone to find. But Andrew Auernheimer, an online activist who pointed out AT&T's blunder to Gawker Media, which went on to publicize the breach of private information, is the one in federal court this week. Groups like the Electronic Frontier Foundation worry that should that charge succeed it will become easy to criminalize many online activities, including work by well-intentioned activists looking for leaks of private information or other online security holes. [Auernheimer's] case hasn't received much attention so far, but should he be found guilty this week it will likely become well known, fast."

24 of 124 comments (clear)

  1. He did it wrong, obviously by Anonymous Coward · · Score: 4, Informative

    Anon pastebin is the way.

  2. Re:Why aren't whistleblower laws shielding him? by stox · · Score: 2

    AT&T wasn't breaking the law, whistleblower statutes do not apply.

    --
    "To those who are overly cautious, everything is impossible. "
  3. Prosecutors, these days.... by stox · · Score: 4, Interesting

    seem to be having increasing difficulty distinguishing the letter of the law versus the spirit of the law. Anything to add yet another successful prosecution to their resume with no concern as to the effects on others or the betterment of society.

    --
    "To those who are overly cautious, everything is impossible. "
    1. Re:Prosecutors, these days.... by davester666 · · Score: 2

      Are you kidding me, that is WAY down the list

      Above it are things like:
      Can I get a conviction? This is pretty much the only performance metric for prosecutors. This includes taking into account how good a defense the accused can afford.
      Am I ordered to prosecute by my superior? Will I be fired if I refuse?
      Is there pressure from any groups to prosecute, just to harass the accused, even if the prosecution will fail, so in the future the group will help me [for example, the police force]?

      The 'for the love of the law' people that aren't independently wealthy are generally removed through burnout by having all the crap dumped on them [because they love it!].

      --
      Sleep your way to a whiter smile...date a dentist!
    2. Re:Prosecutors, these days.... by jklovanc · · Score: 3, Interesting

      Would you be saying something different if someone found a warehouse door open and reported it on a scrounger web site before they reported it to the owner of the warehouse? Data has value just like merchandise. The issue is not what they did but the way they did it. A true White Hat hacker would have told the company first and given them a chance to fix it before publicizing it.

    3. Re:Prosecutors, these days.... by Mitreya · · Score: 3, Informative

      Would you be saying something different if someone found a warehouse door open and reported it on a scrounger web site before they reported it to the owner of the warehouse?

      Neither of his charges is about publicizing the the info. I could probably get on board with that

      It seems that his charges are:
      1. "by being in possession of the e-mails from AT&Tâ(TM)s leaky system he handled 'identification information'"
      2. "case is based on the Computer Fraud and Abuse Act, which forbids 'unauthorized access' to a computer." (definitely the equivalent of being charged for trespassing)

      Show me which charge involves disseminating information on a scrounger website? Up to 5 years for trespassing in an open warehouse seems ridiculous (each charge carries up to 5 years)

      If he is guilty of publishing the info - let's see a law that charges him with disseminating "identification information". But trying to make marginally related things stick is very, very dangerous.

    4. Re:Prosecutors, these days.... by westlake · · Score: 2

      Prosecutors, these days seem to be having increasing difficulty distinguishing the letter of the law versus the spirit of the law.

      The prosecutor has some discretion.

      But there are limits.

      He needs convincing and he tends to become cynical.

      He has heard it all before.

      The "spirit of the law" has to amount to something more --- much more, I afraid --- then the geek's self-serving plea that one of his own kind doesn't deserve to go to jail.

      ____

      The geek is the quintessential outsider.

      He ought to have learned by now not to rely on the kindness of strangers.

    5. Re:Prosecutors, these days.... by jklovanc · · Score: 2

      Show me which charge involves disseminating information on a scrounger website? Up to 5 years for trespassing in an open warehouse seems ridiculous (each charge carries up to 5 years)

      How about burglary (1-20 years depending on state) and possession of stolen property (up to 10 years in Washington State) would be the similar charge. They could not disseminate the information if they did not have it. They didn't just trespass, they copied the information and took it away. The charge is not about disseminating the information it has to do the possession of the information. Had they not stored the addresses the problem would have been a lot less severe.

  4. Weev is not an online activist. by Hatta · · Score: 4, Informative

    Weev is a troll. He's better known to /. as one of the "president" of the GNAA. An all around unpleasant fellow.

    The unfortunate thing about this case is that Weev didn't actually do anything wrong here. AT&T published the email addresses, it should be AT&T facing prison time.

    --
    Give me Classic Slashdot or give me death!
    1. Re:Weev is not an online activist. by NewWorldDan · · Score: 4, Insightful

      He did do something wrong here. Whatever his intentions, he was poking around AT&T's web server in a way he knew he shouldn't have been. Just because AT&T was wrong doesn't make him right. As an analogy, I often leave my car unlocked. If you take it, you're still a car thief, even if I should have taken better care of my car. In any event, you don't have to harvest 114k emails to demonstrate a problem.1 or 2 is adequate proof that there's a problem.

    2. Re:Weev is not an online activist. by quacking+duck · · Score: 3, Insightful

      Better analogy is if you left confidential info clearly visible and readable in your car, and someone came along and saw it through the window, then told a nearby reporter about it, etc.

      This guy didn't steal AT&T, after all.

      Unfortunately, the car's owner is politically connected and his prosecutor buddy brings charges against you to cover up the owner's embarrassing blunder.

    3. Re:Weev is not an online activist. by grasshoppa · · Score: 4, Insightful

      The car analogy doesn't work here, as a website is inherently a publicly offered service, whereas your car is not. There really isn't a good analogy for this situation, as it doesn't really require an analogy in the first place.

      AT&T put private information on their public website. Mistake or not, their actions made the information public, not the defendant in this case.

      AT&T is obviously to blame here.

      --
      Mod me down with all of your hatred and your journey towards the dark side will be complete!
    4. Re:Weev is not an online activist. by jklovanc · · Score: 3, Interesting

      Even better analogy;
      1.Leave confidential material in a folder in an unlocked room.(create an mechanism on the server to access info without proper security)
      2. Someone come along and search the room (make semi-random requests to the server)
      3. Copy the information in the folder (record the server responses)
      4. Publish where the room is, where the folder is and the contents of the folder. (put the server name, request format and received data out on the internet)
      A true White had would have told the company before publishing the breach and they would not have tried hundreds of thousands of requests. Just because there is not a lock on the door does not mean one can rummage through the room, copy the information and publish it.

    5. Re:Weev is not an online activist. by Hatta · · Score: 2

      As an analogy, I often leave my car unlocked.

      That analogy is so bad, it's dishonest. Your car is not a publically accessible communication system. AT&T's website is. Do you really think they're comparable? Seriously, shame on you.

      --
      Give me Classic Slashdot or give me death!
  5. Paul J. Fishman by Anonymous Coward · · Score: 3, Informative

    I know little of the case, but it looks like this case is being brought by Paul J. Fishman, the U.S. District Attorney for New Jersey. According to Wikipedia (it's always correct), he used to work for Friedman Kaplan Seiler & Adelman. A firm that represented the Communication Workers of America. Not surprisingly, the CWA regularly deals with AT&T.

    Mr. Fishman was appointed by President Obama in 2009. If you don't like his actions, contact the Whitehouse and your representatives and let them know. Not that it'll matter, but maybe it'll make you feel better.

    Or if you'd prefer, you can always contact his office directly for more information on the case: http://www.justice.gov/usao/nj/contact.html . Though, again, not that'll it matter.

  6. Re:Why aren't whistleblower laws shielding him? by Mitreya · · Score: 3, Insightful

    AT&T wasn't breaking the law, whistleblower statutes do not apply.

    It must have. From TFA:

    One alleges that by being in possession of the e-mails from AT&Tâ(TM)s leaky system he handled 'identification information' in breach of a law intended to protect against identity theft,

    I am certain that laws protecting us against identity fraud mandate that the "identification information" is shielded from theft. AT&T has clearly failed to protect the information.

  7. Re:Who in their right mind prosecutes this? by Anonymous Coward · · Score: 3, Insightful

    Actually, no. There is no such thing as "the feds" in the USA.
    There are service organizations for companies to use, which protect industry interests, but are paid by you.
    An actual government would defend you against the companies, and put everyone in jail even tries to "lobby".

    But hey, in the US, many people loudly yell and proclaim they want a "small government" and "free market", because they confuse that industry instrument with an actual government, and confuse freedom for companies to abuse them with freedom for people to live their lives. And they don't realize that that "free market" is what results in what they perceive in an "evil government" in the first place. (Like not only the ability to openly buy a president [aka "campaign donations"] but that somebody can't even get into said "government" without being bought with huge sums of money.)

    But I don't blame them. Try keeping your mind free of social/media conditioning with TV and news constantly repeating the same lies. It's a simple neurological fact which has been studied since the 60s, that a human brain can't withstand that forever. If you think you're free of it (like I often did), you've only fallen for a different version of the trap.
    The best is, not to listen/watch any of it at all. Including websites/blogs/etc. (Because falling for Alex Jones instead of Fox News or MSNBC is not better.)
    Just observe. With your own eyes. And be careful about who you trust. (And who they trust!)

  8. if you saw an open bank vault by ozduo · · Score: 2, Interesting

    do you help yourself, tell the bank, or shout about it from the rooftops? Andrew Auernheimer shouted from the rooftops and deserves punishment.

    --
    I got to the chocolate box before you, that's why the hard ones have teeth marks.
  9. Re:Who in their right mind prosecutes this? by sdnoob · · Score: 4, Insightful

    at&t probably pursued and lobbied for charges to be filed so THEY look like the victim here instead of the people at the other end of those 110,000+ email addresses.

  10. Re:Who in their right mind prosecutes this? by deathlyslow · · Score: 3, Insightful

    The best is, not to listen/watch any of it at all. Including websites/blogs/etc.

    Says the AC posting on /.

    --
    Don't blame me for redundant posts. I can't type very fast. Hence the user ID.
  11. Re:Jury Nullification. by AvderTheTerrible · · Score: 2

    The big problem with this is that Judges tend to dislike Juries being notified of that right and tend to throw people out for even mentioning it in court.

  12. So what? by westlake · · Score: 2

    According to Wikipedia (it's always correct), he used to work for Friedman Kaplan Seiler & Adelman. A firm that represented the Communication Workers of America. Not surprisingly, the CWA regularly deals with AT&T.

    I would like to meet the man or woman with a senior position in law, finance, tech or government who at one time or another hasn't been friend or foe and often both to AT&T.

    Hereabouts, you'll find them mighty thin on the ground.

    AT&T Inc. is an American multinational telecommunications corporation headquartered in Whitacre Tower, downtown Dallas, Texas. AT&T is the largest provider both of mobile telephony and of fixed telephony in the United States, and also provides broadband subscription television services. As of 2010, AT&T is the seventh largest company in the United States by total revenue, and the fourth largest non-oil company (behind Walmart, General Electric, and Bank of America). It is the third-largest company in Texas (the largest non-oil company, behind only ExxonMobil and ConocoPhillips, and also the largest Dallas company). As of 2011, AT&T is the 14th largest company in the world by market value, and the 9th largest non-oil company. It is also the 20th largest mobile telecom operator in the world, with over 100.7 million mobile customers.

    AT&T

  13. Re:Robin In The Hood by flyneye · · Score: 2

    We should push for activists to be interned as thinktivists for a minimum of 4 years before engaging in any activity in support of a " cause".
    The prerequisite would demand a cause be examined from points of view other than the "cause" focused individuals involving themselves. This would enable a well rounded person to find solutions beneficial to all while bringing their goal to fruition. This new, well rounded "thinktivist" would then be allowed to replace the ineffective, greasy, dead head wannabees currently carrying out the will of those who think for them and alternately driving away support of the masses with their stoned hijinx, zombie mantras, and personal attention whoring distracting from any good that could have been.

              For instance....Greenpeace. Eventually peopled by thintivists, Greenpeace studies the possibility of setting aside a high tech pasture of Ocean for the purpose of domesticating and breeding whales for the purpose of mass consumption, like cattle. This allows wild whales to live easier and everybody wins, except of course the domestic whales, but then they live to become product. Only PETA was harmed in this scenario, good or bad, by perspective. Peta should fund more lab grown meat if they want to save Porky and Bessie. THINK! Damn, I just can't make them THINK! But, I can continue to ridicule them, till they get it or go away annoyed. WIN WIN! We all benefit!

    --
    *Repent!Quit Your Job!Slack Off!The World Ends Tomorrow and You May Die!
  14. Re:Why aren't whistleblower laws shielding him? by PhilHibbs · · Score: 2

    A whistleblower is someone who tells the world about a problem that can't be resolved other than by publicizing it. A whistleblower isn't someone who exploits a vulnerability 110,000 times and publishes the private information gained by exploiting it. That is not legitimate white-hat whistleblowing. This is a person who leaked personal data, not a person who reported a leak.