A federal judge has sentenced Andrew "Weev" Auernheimer to 41 months in prison followed by three years of supervised release, nearly the maximum penalty allowed for computer hacking. Weev was convicted last fall after exploiting a vulnerability in AT&T's systems to obtain personal information about iPad owners and then publishing the information online. However, many observers are finding fault with the judge's decision. Some say the defendant should never have been convicted, and others say the anti-hacking law under which he was charged is too vague to be useful.
Wired's Kim Zetter reported, "A hacker charged with federal crimes for obtaining the personal data of more than 100,000 iPad owners from AT&T’s publicly accessible website was sentenced on Monday to 41 months in prison followed by three years of supervised release.... Andrew Auernheimer, 26, of Fayetteville, Arkansas, was found guilty last November in federal court in New Jersey of one count of identity fraud and one count of conspiracy to access a computer without authorization after he and a colleague created a program to collect information on iPad owners that had been exposed by a security hole in AT&T’s web site."
CNET's Declan McCullagh noted, "Auernheimer is hardly the most sympathetic defendant: He's a self-described Internet troll who has delighted in making enemies along the way.... But, by itself, being a professional irritant isn't illegal. Supporters have set up a defense fund for Auernheimer, with one calling him 'the Internet prophet of discord,' and others organizing impromptu book deliveries in prison. The Electronic Frontier Foundation said this morning it will join his legal defense team during an appeal, and even Auernheimer's detractors said today that he didn't deserve to be imprisoned for accessing AT&T's servers."
Slate's Justin Peters observed, "But just because you’re a jerk doesn’t mean that you’re a criminal. And in this case, it’s not clear that Auernheimer committed any actual crime. As Jeff Blagdon at The Verge put it, Auernheimer 'cracked no codes, stole no passwords, or in any way broke into AT&T’s customer database—something company representatives confirmed during testimony.' The defense argued that AT&T’s database security was flawed, and Auernheimer’s actions were tantamount to walking through an open door."
DailyTech quoted Auernheimer, who told reporters, "I'm going to jail for doing arithmetic."