Andrew Auernheimer Case Uncomfortably Similar To Aaron Swartz Case

TrueSatan writes "Andrew Auernheimer doesn't appear suicidal, no thanks to U.S. prosecutors, yet he has been under attack for his act of altering an API URL that revealed a set of user data and posting details of same. 'In June of 2010 there was an AT&T webserver on the open Internet. There was an API on this server, a URL with a number at the end. If you incremented this number, you saw the next iPad 3G user email address. I thought it was egregiously negligent for AT&T to be publishing a complete target list of iPad 3G owners, and I took a sample of the API output to a journalist at Gawker.' Auernheimer has been under investigation from that point onward, with restrictions on his freedom and ability to earn a living that are grossly disproportionate to any perceived crime. This is just as much a case of legislative overreach and the unfettered power of prosecutors as was Swartz's case."

Prosecute, Prosecute, Prosecute

The United States, collectively, has lost its fucking mind.

Re:Prosecute, Prosecute, Prosecute

That seems to summarize the root of the problem quite well. Individually, I believe most Americans are quite sane and normal people. But as a whole, the USA has gone insane. It's caught in its own stupid system.

Re:Prosecute, Prosecute, Prosecute

Individually, I believe most Americans are quite sane and normal people.

Normal people are highly unintelligent, so it's not a good thing that they're "normal." Sane? No one sane would accept the TSA, the Patriot Act, free speech zones, or hell, basically warrantless anything. They're both unintelligent and insane.

Re:Prosecute, Prosecute, Prosecute

[captainpanic]

Insane is when you post this as AC, because you live in the Land of the Free.

Where I live, Freedom is a reality, not just a marketing slogan.

Re:Prosecute, Prosecute, Prosecute

[qbast]

"The system" has been built bit by bit by those "sane and normal" American. You live in republic not dictatorship, remember? You can either have that warm feeling of superiority over you "land of free" OR you can pretend that "the system" is something you have no responsibility for. So next time you read about teen hounded to death by "the system", remember: it is also YOUR fault.

Re:Prosecute, Prosecute, Prosecute

[Rich0]

Agree in part, but as long as 80% of the voters watch Fox News and attack ads and do what the rest of the 80% of America tells them to do we're going to end up with more of the same.

Very few people enter into reasoned debate and bother to understand issues before voting on them. If everybody they associate is talking about death panels, then there must be death panels.

The result is that the only way to get elected is to spend enormous amounts of money on advertising and influencing public opinion. The only way to get that kind of money is to be in bed with special interests. The go-easy-on-the-little-guy group doesn't have much money to give.

Unless we can somehow end bribery there really isn't any way to fix these issues. And corporate interests are just part of the problem - the US takes positions that impose on personal liberty in countless social issues that probably don't have corporate interests behind them. In the US everybody loves to tell everybody else what they can do...

Re:Prosecute, Prosecute, Prosecute

The United States, collectively, has lost its fucking mind.

More precisely, the US has collectively been asleep for the last 35 or so years and has morphed into a corporatocracy, in which case the Justice Department is behaving as expected and protecting the interests of AT&T.

Re:Prosecute, Prosecute, Prosecute

>Agree in part, but as long as 80% of the voters watch Fox News

Uhm, it's the Obama administration, silly.

The sad truth that NO ONE wants to hear or face:

In general, the slashdot crowd voted for this. Obama sold the VP to the copyright industry for two terms before his first election: http://news.cnet.com/8301-13578_3-10024163-38.html

This issue has always been avoided by the slashdot crowd, and downvoted when Obama needed to be elected.

Biden, however, before Obama's first election, has made very clear that he wants hard prison time for copyright violators. This is his job, he was hired for it by the industry. You know, hard prison time for REAL persons. His sponsors are also public and well known.

So most of you voted for this. And are hypocrites now. Because you choose to ignore it, to get your man elected. Granted, the other man was worse, but had other sponsors. The hard prison time for REAL persons was ignored. So, Swartz' death is the collateral damage of your own actions and vote, and to make it worse, many are totally ignoring this while pointing fingers at "the government" and "the prosecutor", who are just implementing the administration's policy, which you voted for. Or even blame Fox.

How convenient for you.

Re:Prosecute, Prosecute, Prosecute

[MightyYar]

Insane is when you post this as AC, because you live in the Land of the Free.

That's insane, alright, but it's not the country with the delusional paranoia. The US is fucking insane, but if there was a rankled bureaucrat that somehow took offense to "define sane", had sufficient power and time to find your post on Slashdot, could then decode your Slashdot identity, and finally track you down to persecute you... don't you think he'd be able to get your IP address?

Re:Prosecute, Prosecute, Prosecute

[usuallylost]

"The system" has been built bit by bit by those "sane and normal" American. You live in republic not dictatorship, remember? You can either have that warm feeling of superiority over you "land of free" OR you can pretend that "the system" is something you have no responsibility for. So next time you read about teen hounded to death by "the system", remember: it is also YOUR fault.

The citizens are responsible for the system. I see two real problems. One is we have an electorate where a major percentage of the people cannot tell you anything much about how the system works. They can't tell you anything useful about the bill of rights or the constitution. Everyone knows about the first amendment and maybe the 2nd but ask them about the others and few can tell you anything. They certainly have no understanding of the issues currently being debated beyond whatever 30 second news byte they have seen. There is a sizable portion of the electorate who votes on things like who is most attractive, who has the best hair, who went on their favorite talk show or who makes the biggest claims about whatever pet cause they have. The end result of all of this is that the political system has effectively been on auto pilot for decades.

The other problem we have is that congress, in large part because the system has been on autopilot, has gotten really lazy and corrupt. A lot of the abuses we see are because of the run away power of administrative agencies. It used to be that congress passed actual laws that said in some detail what was to happen. Now they pass vague laws that say things like "administrative agency X will write regulations to achieve result Y". Where those regulations have the force of the law under which they were written. So a huge percentage of the "laws" that exist in this country are actually administrative regulations. In all probability most members of congress probably could not tell you what actual regulations came out of any given law that they passed. So in effect the vast majority of "laws" that we live under aren't laws at all they are regulations developed by a whole host of agencies that are, at best, minimally supervised by congress.

Where all of this becomes a problem is that the people at the agencies aren't elected. They don't really change, other than the appointed heads, after elections. Other than the budget process congress has very little ability to even impact what these people do. The end result is an ever more powerful bureaucracy. A Bureaucracy which is so vast, so powerful and so entrenched that even the President, who is supposed to control it, can't really tell what it is doing most of the time. Congress, having outsourced most of their job, is free to engage in the kind of shenanigans we have come to expect from them.

I don't know how we fix this. At this point the problem is so vast it maybe beyond fixing. I hope not because it is an ill omen for all of us if that is true. It would help a lot if the various administrative regulations had to be voted on by congress before they could go into effect. Unfortunately I have no idea how we would force them to do that. They certainly aren't going to volunteer since as it stands now they are relieved of all manner of drudgery involved with actually doing their jobs. My only suggestion is encouraging people to actually learn about the system. Learn about the hows and whys of how it is setup and operates. Learn about this history. An informed electorate is our only real hope. Sadly the electorate is going the other way fast.

Re:Prosecute, Prosecute, Prosecute

[_anomaly_]

Granted, the other man was worse

So, practically speaking, what would you suggest those who voted for Obama had done instead? Abstain from voting all together? Then they'd be labeled as not participating in the system and "part of the problem". OK then, I guess we have to take it one step further: everyone who voted for Obama because "the other man was worse" should have ran for office themselves? In part, I agree.

I ran for State Representative in my state 4 years ago because my "representative" was running unopposed. Rather than complain for 4 months leading up to the election about how the system is so screwed up that many, many incumbents run unopposed, I paid the $200 (yes, it costs money to be on the ballot) and ran myself. I was a no-name, had no money to spend (I had just under $1k in donations that I used on yard signs and door hangers so I'd have a little chance). I even had a few neighborhood get togethers, one where our Senator attended (for which I was surprised, and very grateful) in support. Let me tell you, it's very disconcerting when you realize just how the parent post is correct, about having to spend enormous amounts of money. Of course, it's usually proportional to the office you're seeking.

What seems to always get overlooked, it seems to me, is that the root of the systematic problem in the US political system is the dire need for campaign finance reform. And I mean severe campaign finance reform. It's such a huge problem, the solution won't be easy, and it certainly won't be perfect. But it must be pushed by "we the people" or we'll be stuck in this two-party freak show.

Re:Prosecute, Prosecute, Prosecute

[tehcyder]

Libreal retard.

While I am no fan of Fox News, I gave up browsing news.google.com and started reading more Fox News. The reason... gun control. None of the other networks reported on anything reasonably in favor of the 2nd amendment. Every article they reported about gun control they immediately tied to the recent Newtown tragedy. There was such a libreal anti-gun and anti-2nd amendment bias that it just sickened me.

Did it not occur to you that perhaps the majority of people are actually in favour of gun control and it's not some "libreal" conspiracy?

Re:Prosecute, Prosecute, Prosecute

[fatphil]

That assumes no skew. If you'd said "median", you'd be right. Assuming a small minority of bright sparks are pulling up the average, the bell-curve will be skewed to the left, and more than half of the population will be below the mean intelligence level. (I've made some assumption about what the curve really looks like, but I know similar logic applies to income levels, where a few mega-earners again pull up the mean.)

Re:Prosecute, Prosecute, Prosecute

Not if that one person is a Democrat anyway.

I'm sure your perfectly reasonable opinion would change if it were a Republican.

 

Re:Prosecute, Prosecute, Prosecute

[hypergreatthing]

I voted for a third party candidate this year, and will probably every year going forward. Because the two main parties are the same old broken shit and are copies of one another. They pit people against themselves and offer the same exact solution, which is to say, not a solution, but just the same old stuff.

Persecute the whistleblower

Simply put the guy in court, thus correcting the security hole once and for all.

Appears to be the American way of dealing with security breaches.

Re:Persecute the whistleblower

[FriendlyLurker]

I think their aim is to put the guy in Jail, not court. Its worth repeating: this and Swartz's case are just a symptom of the two tiered justice system at work. Persecution ingrained at the Institutional level, it is not not just a few overzealous prosecutors as some apologists try claim.

two-tiered justice system — the way in which political and financial elites now enjoy virtually full-scale legal immunity for even the most egregious lawbreaking, while ordinary Americans, especially the poor and racial and ethnic minorities, are subjected to exactly the opposite treatment: the world’s largest prison state and most merciless justice system.

Re:Persecute the whistleblower

[the+eric+conspiracy]

The problem is the laws. What Aaron did should have never been a felony.

Take away the felony charges and the AG loses interest in a hurry.

The US has more people in prison than any place else in the world for a reason. The penalties for minor crimes are over the top.

Re:US Attorneys

[mwvdlee]

try to make an example out of someone.

This is where the problem starts. Nobody deserves or has earned to be treated differently in a legal system.

Re:US Attorneys

[ShakaUVM]

Regardless, US Attorney Wagner seems to think that seizing the assets of non-drug-related landowners will be sufficient to scare them all into doing the police work for him.

All a show and the DA is the ring master.

The problem is that the law makes it a crime for 'unauthorized' access, but allows the 'victim' to detrtmin whatwas 'unauthorized' *after* the fact and for a public offering that is automated.

It is as if someone puts a stack of newspapers on a sidewalk with a sign that says 'free' and then asking the DA to prosecute for 'theft' anyone they don't like that took them upon their offer and took more then one. I.e.they decide afterwards that one is The 'limit' and the sign just says 'free'.

Oh and these sleazy DAs count each URL issued as a separate count of the 'crime' with a penalty of 5 years and $300,000 possible on each count of 'unauthorized access'.

It is all to appear 'tough on crime' for their next election. And, yes, they have all the resources of their office to put on your case against you.

Fair? No. Disproportionate penalty for the 'crime'? Certainly. It is really a contract dispute - a civil matter, not criminal.
The law is just wrong. Make your vote count on these issues and hold your legislators and judiciary oversight officials accountable in the voting booth.

Re:All a show and the DA is the ring master.

[swalve]

Easiness of access doesn't mean that access is allowed. It's not a zero sum game. If I leave my house unlocked and it gets ransacked, I'm an idiot and deserve blame for the trouble. But the person doing the ransacking doesn't lose any of the blame for his own part.

Re:All a show and the DA is the ring master.

[fatphil]

There's history. Humans aren't allowed to hand-edit URLs now, according to the US legal system. The first case I remember was someone going up a directory tree, and then playing clicky with the other directories he found.

In that case, and this, every single 'GET' request they were complaining about was one which was responded to with data, not a 403 (or other) error. In my view, as someone with a technological bent, that means that their webserver had vetted the request, and decided that the access was authorised. And therefore not 'unauthorised'.

Due to the lack of any consideration, this isn't contract law. But you're right, it certainly shouldn't be criminal to edit a URL, or to accept (which is what the client does) what is freely offered (which is what the server does). The courts don't seem to understand that *the server is in control*, it is *responsible for everything that gets transmitted* - that's its sole job.

Re:And people wonder why hackers often...

[Dr.+Evil]

It looks like he was already nuking.

" I took a sample of the API output to a journalist at Gawker."

"I did this because I despised people I think are unjustly wealthy and wanted to embarass them."

"...We were able to establish the authenticity of Goatse Security's data through two people who were listed among the 114,000 names. "

I share his dislike for the telcos... but "Oh look, a leak", then "I'm pulling all the records and sending it to the media" is not responsible disclosure.

" it might be possible to spoof a device on the network or even intercept traffic using the ICC ID."

He was wrong, but despite thinking the breach were more serious than a privacy issue, he still published the information, then speculated on nefarious uses to reporters.

That said, it does not warrant the prosecution... his actions were only unethical.

Stephen Heymann

[andydread]

Stephen Heymann is to "computer crime" prosecutorial zealotry like China is to Expionage hacking.
Stephen Heymann is the poster child for this kind of overreach when it comes to prosecuting so called "computer crimes"
He has written papers and lobbied for more harsher penalities and easier access to data without a warrant to prosecute "computer criminals"

Re:a case of legislative overreach and the unfette

[couchslug]

They aren't clueless. They act as malicious enemies of the people.

Re:Who's user agent is it anyway?

[Rich0]

He embarrassed a large corporation. That makes powerful people upset. He must be punished.

Re:And people wonder why hackers often...

[gmuslera]

"Responsibly" like the report of a Java vulnerability in August, that exploded in everyone's face after Oracle sit on that report for months?

The problem is not the people that find and report the problem in a way or another (and advising the users too, just because there are too many cases like Oracle). Is the ones that find and exploit it silently.

Law is (in some cases, literally) killing the messenger, if you find something that could be exploited, better don't tell anyone because even reporting it to the company could get you in trouble too. Eventually someone in the dark side will exploit it (if is not doing that already) but is not your problem, maybe is even designed that way to always get fresh 0-day exploits for the new generation of Stuxnet (lawyers are involved, you can't attribute that to stupidity)

This is nothing like Swartz case.

[flimflammer]

This guy is nothing but an attention whoring internet troll. He did what he did for nothing more than to try to publicly shame AT&T in the most irresponsible way possible, and generally goes out of his way to cause trouble all over the internet. He had no sense of care for the data he was putting under the public spotlight instead of sensibly disclosing the vulnerability to AT&T. For him to suggest he did because of AT&T's "egregiously negligence" yet chose himself to make the most egregiously negligent response is hypocritical to say the least.

I have no sympathy for this Weev guy. Do not liken his situation to Aaron Swartz. That would be doing a massive disservice to his memory. Tools like this should get what is coming to them.

Responsible disclosure is dead

[Ignorant+Aardvark]

Here's what I've learned recently: If I ever discover a major security hole, do not even attempt to release it responsibly. Instead, layer up behind some proxies and Tor and leak it into a blackhat forum or IRC channel. That way the security hole will eventually get fixed, and I can't be prosecuted.

Re:And people wonder why hackers often...

[Velex]

So publishing personally-identifying data for 114,000 people is in the security interests of society?

At this point, yes.

There are three things that could have happened. He could have gone through the "proper channels," and, since a middle manager somewhere would need to be embarrassed, he'd still be up shit creek without a paddle. He could have did what he did, publicly humiliated AT&T and made the 114,000 individuals affected acutely aware that AT&T had failed them.

OR, he could have done nothing. Perhaps that's the correct response. Instead, some black hat in $scary_country would have discovered it and exploited it without making anyone aware.

The whole beef I have with prosecuting for "hacking" in this manner is that he merely asked AT&T's server for information, and it merrily complied. To me, it sounds like this case is even more clear-cut than Swartz's case. He didn't break and enter. He didn't place unauthorized equipment in a network closet. He didn't even abuse a relationship of trust between a publisher and a college. All he did was show that all you need to do is politely ask the server for information, and it would happily give it to you.

Auernheimer should've gone to AT&T to report the problem. I've done that myself several times and they've always been very receptive. They might not fix the problem quickly (they're a big company and move slowly), but I've never had them sic the US Attorneys on me for it.

Consider yourself lucky. Or perhaps they know you'd fight back because you're older and have the resources to do so. Going after successful professionals (I can only assume you are) isn't very good for bullies. Bullies need targets they know they can safely victimize. So here we are.

Re:This has been going on for a long time

[Hatta]

There was never any serious question about Swartz commiting the crimes he was charged with (video tape of him doing it, his fingerprints on the HD inside the laptop, etc.),

There is absolutely reasonable doubt that the actions Swartz took were against the law. There is no doubt that he placed a laptop in a utility closet in MIT and downloaded articles for redistribution. But whether that was against the law is for a jury to decide. Note that no security, physical or electronic, was ever broken.

honestly a 6 month sentece would have been about right.

If a 6 months sentence was appropriate, he should gotten a jury trial on that 6 months charge. But if he wanted to exercise his right to a trial, he'd be hit with 35 years. Do you not see the problem with that? Plea bargaining is plainly unjust.