Is he a hacker or a man who did the public a favor by exposing a gaping online security hole?
Andrew Auernheimer (@rabite on Twitter) will now spend 41 months in a federal prison, with concurrent probation for three years. He also owes restitution to the U.S. Treasury to be dispersed to AT&T in the amount of $73,000.
What did he do? Well, in 2010, Auernheimer revealed a security flaw in AT&T’s iPad user database, revealing data from 114,000 iPad 3G users. Rather than hand over this information to AT&T immediately, he shared the data with online news site Gawker.
Many people call 27-year-old Auernheimer an “online activist” for easily exposing a security flaw for AT&T and question the three-year prison sentence.
Hanni Fakhouri, a staff attorney with the Electronic Frontier Foundation, said in an interview with the British newspaper The Guardian that this sentencing is “excessive to say the least. The prosecution was excessive because he did not hack into anything. He obtained information from a public information website. It would be like me going into the Guardian website and copying information and emailing it to someone else.”
Fakhouri said the law was misinterpreted. “By virtue of the fact that the information was publicly available and they were not breaking into anything, there wasn’t anything to indicate he did not have authorized access.”
Indeed, as his defense lawyers argued, Auernheimer simply walked through AT&T’s proverbial front door — in other words, he didn’t steal passwords or break into its customer database.
That still didn’t prevent U.S. Attorney Paul Fishman from writing the following pre-sentencing brief to the judge in the case:
“His entire adult life has been dedicated to taking advantage of others, using his computer expertise to violate others’ privacy, to embarrass others, to build his reputation on the backs of those less skilled than he.”
What do you think? Leave a comment below or join the conversation on our Facebook page.