(CN) - One of the hackers who publicized an AT&T server security flaw will fight his 3.5-year prison sentence with digital rights defender, the Electronic Frontier Foundation. In 2010, Daniel Spitler discovered that AT&T deliberately configured its servers so that when they were queried with a number matching an iPad's SIM card identifier, AT&T would reveal the iPad owner's email address. After Spitler wrote a script that used the security hole to collect roughly 120,000 email addresses, Andrew "Weev" Auernheimer sent the list to several journalists to spotlight the security problem. AT&T then fixed the vulnerability, and the government charged Spitler and Auernheimer with conspiracy to violate the federal Computer Fraud and Abuse Act (CFAA) and identity theft law. Spitler reached a plea deal with the government in June 2011, ultimately testifying against Auernheimer, who was convicted of two felonies in November. The Electronic Frontier Foundation (EFF) announced Monday that Auernheimer had just been sentenced to 41 months in federal prison, and that it would appeal Auemheimer's sentence to the 3rd Circuit. "Fundamental problems with computer crime law result in unfair prison sentences like the one in this case," it said in a statement. EFF Senior Staff Attorney Marcia Hofmann insisted in the statement that Auemheimer's "actions didn't harm anyone." "The punishments for computer crimes are seriously off-kilter, and Congress needs to fix them," she added. The EFF did not shy away from comparing Auemheimer's case to that of the 26-year-old Reddit.com co-founder Aaron Swartz who committed suicide earlier this year. At the time, Swartz had faced more than 30 years in prison and $1 million in fines if convicted for several felony CFAA violations related to his download of more than 4 million academic articles from the scholarly database Jstor. EFF said it "has long criticized the CFAA for its vague language, broad sweep, and heavy penalties. Since the tragic death of programmer and Internet activist Aaron Swartz in January, EFF has redoubled its efforts to reform the law." EFF Staff Attorney Hanni Fakhoury said "Weev's case shows just how problematic the Computer Fraud and Abuse Act is. We look forward to reversing the trial court's decision on appeal. In the meantime, Congress should amend the CFAA to make sure we don't have more Aaron Swartzs and Andrew Auernheimers in the future." Other attorneys on Auernheimer's appellate team are Tor Ekeland and Mark Jaffe of Tor Ekeland; Nace Naumoski; and Professor Orin Kerr of the George Washington University Law School.
↧
