Andrew Auernheimer Case Uncomfortably Similar To Aaron Swartz Case 400
TrueSatan writes "Andrew Auernheimer doesn't appear suicidal, no thanks to U.S. prosecutors, yet he has been under attack for his act of altering an API URL that revealed a set of user data and posting details of same. 'In June of 2010 there was an AT&T webserver on the open Internet. There was an API on this server, a URL with a number at the end. If you incremented this number, you saw the next iPad 3G user email address. I thought it was egregiously negligent for AT&T to be publishing a complete target list of iPad 3G owners, and I took a sample of the API output to a journalist at Gawker.' Auernheimer has been under investigation from that point onward, with restrictions on his freedom and ability to earn a living that are grossly disproportionate to any perceived crime. This is just as much a case of legislative overreach and the unfettered power of prosecutors as was Swartz's case."
Prosecute, Prosecute, Prosecute (Score:5, Insightful)
The United States, collectively, has lost its fucking mind.
Re:Prosecute, Prosecute, Prosecute (Score:5, Insightful)
That seems to summarize the root of the problem quite well. Individually, I believe most Americans are quite sane and normal people. But as a whole, the USA has gone insane. It's caught in its own stupid system.
Re:Prosecute, Prosecute, Prosecute (Score:5, Insightful)
Individually, I believe most Americans are quite sane and normal people.
Normal people are highly unintelligent, so it's not a good thing that they're "normal." Sane? No one sane would accept the TSA, the Patriot Act, free speech zones, or hell, basically warrantless anything. They're both unintelligent and insane.
Re: (Score:3)
You know how dumb the average person is?
50% are worse.
Re: (Score:3, Insightful)
Re: (Score:3, Informative)
Re:Prosecute, Prosecute, Prosecute (Score:5, Insightful)
Re: (Score:2)
Re: (Score:3, Insightful)
Agree in part, but as long as 80% of the voters watch Fox News and attack ads and do what the rest of the 80% of America tells them to do we're going to end up with more of the same.
Very few people enter into reasoned debate and bother to understand issues before voting on them. If everybody they associate is talking about death panels, then there must be death panels.
The result is that the only way to get elected is to spend enormous amounts of money on advertising and influencing public opinion. The onl
Re:Prosecute, Prosecute, Prosecute (Score:5, Insightful)
>Agree in part, but as long as 80% of the voters watch Fox News
Uhm, it's the Obama administration, silly.
The sad truth that NO ONE wants to hear or face:
In general, the slashdot crowd voted for this. Obama sold the VP to the copyright industry for two terms before his first election: http://news.cnet.com/8301-13578_3-10024163-38.html
This issue has always been avoided by the slashdot crowd, and downvoted when Obama needed to be elected.
Biden, however, before Obama's first election, has made very clear that he wants hard prison time for copyright violators. This is his job, he was hired for it by the industry. You know, hard prison time for REAL persons. His sponsors are also public and well known.
So most of you voted for this. And are hypocrites now. Because you choose to ignore it, to get your man elected. Granted, the other man was worse, but had other sponsors. The hard prison time for REAL persons was ignored. So, Swartz' death is the collateral damage of your own actions and vote, and to make it worse, many are totally ignoring this while pointing fingers at "the government" and "the prosecutor", who are just implementing the administration's policy, which you voted for. Or even blame Fox.
How convenient for you.
Re: (Score:3)
Idiot, a systemic fail cannot by nature be the responsibility of one person.
Re:Prosecute, Prosecute, Prosecute (Score:5, Insightful)
So, practically speaking, what would you suggest those who voted for Obama had done instead? Abstain from voting all together? Then they'd be labeled as not participating in the system and "part of the problem". OK then, I guess we have to take it one step further: everyone who voted for Obama because "the other man was worse" should have ran for office themselves? In part, I agree.
I ran for State Representative in my state 4 years ago because my "representative" was running unopposed. Rather than complain for 4 months leading up to the election about how the system is so screwed up that many, many incumbents run unopposed, I paid the $200 (yes, it costs money to be on the ballot) and ran myself. I was a no-name, had no money to spend (I had just under $1k in donations that I used on yard signs and door hangers so I'd have a little chance). I even had a few neighborhood get togethers, one where our Senator attended (for which I was surprised, and very grateful) in support. Let me tell you, it's very disconcerting when you realize just how the parent post is correct, about having to spend enormous amounts of money. Of course, it's usually proportional to the office you're seeking.
What seems to always get overlooked, it seems to me, is that the root of the systematic problem in the US political system is the dire need for campaign finance reform. And I mean severe campaign finance reform. It's such a huge problem, the solution won't be easy, and it certainly won't be perfect. But it must be pushed by "we the people" or we'll be stuck in this two-party freak show.
Re: (Score:3)
Don't bet that financial reform helps; it may make things worse. In the US, running is expensive, but at least you can do it as an independent candidate. Here in Germany, nominally, running for office is cheap, but no independent candidate has ever been elected to German parliament. If you aren't part of one of the party machines, you don't have a chance. Furthermore, many seats in parliament are just given away by parties to their political cronies. You get an electrician without a college education trying
Re:Prosecute, Prosecute, Prosecute (Score:4, Insightful)
I voted for a third party candidate this year, and will probably every year going forward. Because the two main parties are the same old broken shit and are copies of one another. They pit people against themselves and offer the same exact solution, which is to say, not a solution, but just the same old stuff.
Re: (Score:3)
Isn't that exactly what he said? It doesn't matter how many charges it takes, facing a harsher sentence for this compared to manslaughter or rape is abhorrent.
It is the barbaric US concept of consecutive sentences that is the problem. If, say, copyright infringement has a maximum sentence of one year, but you've been found guilty of two hundred counts so you're going to jail for 200 years, that is simply obscene.
But I doubt that many people here would complain if it was for old-fashioned burglary or something. Then everyone would be in full "lock 'em up and throw away the key" mode.
Re: (Score:3)
Please note that murder (and all its variants) are State-level crimes (unless performed on a Federal agent/employee).
As a result, the death penalty for murder only applies in those States which have death penalties.
And even in those States, the death penalty applies much less often than one might think....
Re:Prosecute, Prosecute, Prosecute (Score:4, Informative)
Please note that murder (and all its variants) are State-level crimes (unless performed on a Federal agent/employee).
It would be more correct to say 'unless performed on Federal [i]land or property[/i]'. As a federal employee, if I was murdered in my home, the suspect would be tried in a state court, under state law. If a random civilian was killed on base though, it would go through a federal court.
There are added complexities with jurisdiction - if there's any question as to under who's aegis the act was committed, it's pretty much up to the court/prosecutors as to who will actually press the charges.
An example would be a drunk driver caught driving intoxicated onto base. If civilian, it'll typically be processed by the state - city or county level. If military, generally the military wants a piece of him, and will claim jurisdiction. In some cases, even if it happens downtown. Due to the UCMJ, a military member is ALWAYS under it's jurisdiction.
Re: (Score:2)
My experience - which is failry limited, mind you, and also anecdotal, since of course I can't prove it, so take it as it is, an opinion - is that older generation [i.e. they and some or many of their ancestry is born american] americans seem to be more accepting than debate-oriented, vs. younger- or first-gen. americans, especially who are from mid-western european countries. The latter seem more willing to
Re: (Score:3)
Agree in part, but as long as 80% of the voters watch Fox News and attack ads and do what the rest of the 80% of America tells them to do we're going to end up with more of the same.
It's not just Fox News. CNN, MSNBC ABC are all pumping out filtered garbage too. It's sad, but the US is now the land of the sheep. Almost nobody thinks for themselves. The first amendment has become a joke, because the corporations have been allowed to buy all the news outlets, and they only let you see what they want yo
Re: (Score:2)
Re: (Score:2)
Re:Prosecute, Prosecute, Prosecute (Score:4, Insightful)
Libreal retard.
While I am no fan of Fox News, I gave up browsing news.google.com and started reading more Fox News. The reason... gun control. None of the other networks reported on anything reasonably in favor of the 2nd amendment. Every article they reported about gun control they immediately tied to the recent Newtown tragedy. There was such a libreal anti-gun and anti-2nd amendment bias that it just sickened me.
Did it not occur to you that perhaps the majority of people are actually in favour of gun control and it's not some "libreal" conspiracy?
Re: (Score:3)
Did it not occur to you that perhaps the majority of people are actually in favour of gun control and it's not some "libreal" conspiracy?
Constitutional Rights are not subject to Public Opinion.
Re: (Score:3)
Constitutional Rights are not subject to Public Opinion.
The Constitution is also not a religious document to be worshiped for its own sake. The founders intended that should it no longer serve the interests of the people, it be updated. Personally I favor the 'updating' part as opposed to 'ignoring,' a more common practice.
The Second Amendment. Ah, the Second Amendment. Does the ban against nuclear, chemical, and biological weapons violate the Second Amendment? How about rocket-propelled grenades? Those are banned, so it seems like we have no qualms about -some-
Re:Prosecute, Prosecute, Prosecute (Score:5, Insightful)
"The system" has been built bit by bit by those "sane and normal" American. You live in republic not dictatorship, remember? You can either have that warm feeling of superiority over you "land of free" OR you can pretend that "the system" is something you have no responsibility for. So next time you read about teen hounded to death by "the system", remember: it is also YOUR fault.
The citizens are responsible for the system. I see two real problems. One is we have an electorate where a major percentage of the people cannot tell you anything much about how the system works. They can't tell you anything useful about the bill of rights or the constitution. Everyone knows about the first amendment and maybe the 2nd but ask them about the others and few can tell you anything. They certainly have no understanding of the issues currently being debated beyond whatever 30 second news byte they have seen. There is a sizable portion of the electorate who votes on things like who is most attractive, who has the best hair, who went on their favorite talk show or who makes the biggest claims about whatever pet cause they have. The end result of all of this is that the political system has effectively been on auto pilot for decades.
The other problem we have is that congress, in large part because the system has been on autopilot, has gotten really lazy and corrupt. A lot of the abuses we see are because of the run away power of administrative agencies. It used to be that congress passed actual laws that said in some detail what was to happen. Now they pass vague laws that say things like "administrative agency X will write regulations to achieve result Y". Where those regulations have the force of the law under which they were written. So a huge percentage of the "laws" that exist in this country are actually administrative regulations. In all probability most members of congress probably could not tell you what actual regulations came out of any given law that they passed. So in effect the vast majority of "laws" that we live under aren't laws at all they are regulations developed by a whole host of agencies that are, at best, minimally supervised by congress.
Where all of this becomes a problem is that the people at the agencies aren't elected. They don't really change, other than the appointed heads, after elections. Other than the budget process congress has very little ability to even impact what these people do. The end result is an ever more powerful bureaucracy. A Bureaucracy which is so vast, so powerful and so entrenched that even the President, who is supposed to control it, can't really tell what it is doing most of the time. Congress, having outsourced most of their job, is free to engage in the kind of shenanigans we have come to expect from them.
I don't know how we fix this. At this point the problem is so vast it maybe beyond fixing. I hope not because it is an ill omen for all of us if that is true. It would help a lot if the various administrative regulations had to be voted on by congress before they could go into effect. Unfortunately I have no idea how we would force them to do that. They certainly aren't going to volunteer since as it stands now they are relieved of all manner of drudgery involved with actually doing their jobs. My only suggestion is encouraging people to actually learn about the system. Learn about the hows and whys of how it is setup and operates. Learn about this history. An informed electorate is our only real hope. Sadly the electorate is going the other way fast.
Re: (Score:3)
Do not pin your hopes on false realities, the bell curve will always be there. So start thinking of a solution that's actually plausible in reality.
Re:Prosecute, Prosecute, Prosecute (Score:4, Interesting)
I don't know how we fix this.
Simple. Outlaw Bribery, i.e. Outlaw Lobbyists, Campaign Contributions, Perks, Promises of Jobs after your term, etc. There should be strict punishments for that type of corruption. Then the only people who'll want to do the job of governing are the people who actually care about people, not corporate and foreign interests. Vastly reduce the amount of classified information -- There's no reason we have to make shady (illegal) deals with enemies for diplomacy, we can put forth a stance and stick by it, and be open about the times when we say, sell a bunch of weapons to warlords for intel; The public will understand if you tell them why (if not, then you shouldn't be doing it, what have they got to hide?). Get rid of the redundant agencies, e.g., we have Police and FBI, we don't need Federal Police (DHS), that's a huge tax burden and they serve no purpose that a well armed public could not. Protip: The police can't protect you, after you or your loved ones are dead then they go after the bad guys; It's the citizen's job to protect themselves. Place a 6mo to 1yr probationary period for new laws so that knee jerk reactions like ridiculous gun control regs or things like the PATRIOT Act, or SOPA can easily get tossed out. Teach civics in school along with US history, EVERY YEAR, not just one course -- If ignorance is a big problem, then education is the answer. Ditch the current voting system and have votes be a prioritized list of candidates, so if your option #1 loses, then the votes are recalculated using your option #2, then repeat for #3 and so on removing candidates until there's one winner. This way you can show support for a 3rd (or 7th) party in your #1 vote, and still use #2 as your fall-back vote. It's not rocket science we have the technology.
Do I think ANY of that will happen? No, not at all. All of this is easier said than done, and most people are lazy and greedy; Unwilling to spend the money to change anything. Read the history books folks, nations begin with people having some degree of power & rights, then governments take those powers for themselves and reduce the citizen's rights and freedoms until shit hits the fan. Every Time. The only way to stop the cycle is to give the people back the control, and make the government accountable for their actions by the people. It seems the US is going the other direction... You can't let the government police itself! You don't put rats in charge of cheese! Rome wasn't built in a day, but it was destroyed in one, that day was September 4, 476.
Re:Prosecute, Prosecute, Prosecute (Score:5, Insightful)
Insane is when you post this as AC, because you live in the Land of the Free.
Where I live, Freedom is a reality, not just a marketing slogan.
Re:Prosecute, Prosecute, Prosecute (Score:5, Insightful)
Insane is when you post this as AC, because you live in the Land of the Free.
That's insane, alright, but it's not the country with the delusional paranoia. The US is fucking insane, but if there was a rankled bureaucrat that somehow took offense to "define sane", had sufficient power and time to find your post on Slashdot, could then decode your Slashdot identity, and finally track you down to persecute you... don't you think he'd be able to get your IP address?
Re: (Score:3)
Re: (Score:2)
Probably on a planet where he'd be arrested for hate speech.
Re: (Score:3)
Probably on a planet where he'd be arrested for hate speech.
I know, it's funny how in the US there's no problem with the most obnoxious racist, sexist, homophobic, or whatever speech, but as soon as you question your corporate overlords, you're toast.
You've really got the best of both worlds there.
Re: (Score:2, Offtopic)
Re: (Score:2)
The idea that things have gotten worse implies some magical time when they were different.
Re:Prosecute, Prosecute, Prosecute (Score:5, Insightful)
The United States, collectively, has lost its fucking mind.
More precisely, the US has collectively been asleep for the last 35 or so years and has morphed into a corporatocracy [wikipedia.org], in which case the Justice Department is behaving as expected and protecting the interests of AT&T.
Re: (Score:2)
Wrong, it should 'selectively prosecute those who threaten profit, lets not worry about all those crazies with sub machine guns'
Re: (Score:2)
Weev tried to sell this to gawker. The difference between the Swartz case and weev's case is that weev really fucked up. The fact that he's kind of a looney isn't helping his case much.
So, no it hasn't lost it's mind.
Re: (Score:3)
Persecute the whistleblower (Score:5, Insightful)
Simply put the guy in court, thus correcting the security hole once and for all.
Appears to be the American way of dealing with security breaches.
Re:Persecute the whistleblower (Score:5, Insightful)
two-tiered justice system — the way in which political and financial elites now enjoy virtually full-scale legal immunity for even the most egregious lawbreaking, while ordinary Americans, especially the poor and racial and ethnic minorities, are subjected to exactly the opposite treatment: the world’s largest prison state and most merciless justice system.
Re: (Score:2)
Thanks for the link.
Re:Persecute the whistleblower (Score:5, Interesting)
I'm just an observer (not an attorney or prosecutor), but I suggest the hypothesis that the two-tiered system is attributable to prosecutors being lazy and cowardly. The rich and powerful can take full advantage of legal tactics to draw out a trial and delay an inevitable verdict, even when they're guilty as hell. Thus, it is much costlier and more uncertain to prosecute a banker than a hacker. Prosecutors advance their careers and reputations by getting a lot of convictions. Their incentive is to go after the easy prey.
So, the way to fix this mess is to change the incentives for prosecutors so they are motivated to pursue the most harmful crimes, not the ones that are easiest to convict. Easier said than done.
Re: (Score:3)
Re: (Score:3)
The key part missing in the current system is a check and balance on prosecutors (and who, what, and how much they charge). The original check and balance was supposed to be the jury of peers; but of course these days only 5% or less of people going to prison get a jury trial. So the first part of the solution is fairly simple: ban plea bargains, restore the fundamental right to a jury trial, and require every single charge to be confirmed by a jury of peers without exception.
Re:Persecute the whistleblower (Score:4, Insightful)
The problem is the laws. What Aaron did should have never been a felony.
Take away the felony charges and the AG loses interest in a hurry.
The US has more people in prison than any place else in the world for a reason. The penalties for minor crimes are over the top.
Re: (Score:3)
I'm going to play devil's advocate here...
I'm glad you added the preface. I'm not someone who thinks that massive copyright violations are a good idea, however there is a difference between copyright violations and theft. I really wish people would stop calling copyright violations theft.
Re:Persecute the whistleblower (Score:5, Interesting)
Interestingly, Auernheimer disagrees with this interpretation.
From TFA: (the techcrunch statement)
"Ivy league educated and wealthy, Aaron dealt with his indictment so badly because he thought he was part of a special class of people that this didn’t happen to. I am from a rundown shack in Arkansas. I spent many years thinking people from families like his [Swartz] got better treatment than me. Now I realize the truth: The beast is so monstrous it will devour us all. None will be spared."
And people wonder why hackers often... (Score:5, Interesting)
Dump and humiliate instead of disclose "responsibly". That word applies to both parties; when a vulnerability is revealed "responsibly", and the end result is for the powers that be to act irresponsibly with no regard to measured response, what's the incentive to do good?
Delicacy is over. Expect nukes.
I'm just gonna grab the popcorn and enjoy how the restless kids will respond to the power high prosecutors expect to get massaged.
Re:And people wonder why hackers often... (Score:5, Insightful)
It looks like he was already nuking.
" I took a sample of the API output to a journalist at Gawker."
"I did this because I despised people I think are unjustly wealthy and wanted to embarass them."
"...We were able to establish the authenticity of Goatse Security's data through two people who were listed among the 114,000 names. "
I share his dislike for the telcos... but "Oh look, a leak", then "I'm pulling all the records and sending it to the media" is not responsible disclosure.
" it might be possible to spoof a device on the network or even intercept traffic using the ICC ID."
He was wrong, but despite thinking the breach were more serious than a privacy issue, he still published the information, then speculated on nefarious uses to reporters.
That said, it does not warrant the prosecution... his actions were only unethical.
Re:And people wonder why hackers often... (Score:4, Interesting)
So publishing personally-identifying data for 114,000 people is in the security interests of society?
Auernheimer should've gone to AT&T to report the problem. I've done that myself several times and they've always been very receptive. They might not fix the problem quickly (they're a big company and move slowly), but I've never had them sic the US Attorneys on me for it.
Re:And people wonder why hackers often... (Score:5, Insightful)
So publishing personally-identifying data for 114,000 people is in the security interests of society?
At this point, yes.
There are three things that could have happened. He could have gone through the "proper channels," and, since a middle manager somewhere would need to be embarrassed, he'd still be up shit creek without a paddle. He could have did what he did, publicly humiliated AT&T and made the 114,000 individuals affected acutely aware that AT&T had failed them.
OR, he could have done nothing. Perhaps that's the correct response. Instead, some black hat in $scary_country would have discovered it and exploited it without making anyone aware.
The whole beef I have with prosecuting for "hacking" in this manner is that he merely asked AT&T's server for information, and it merrily complied. To me, it sounds like this case is even more clear-cut than Swartz's case. He didn't break and enter. He didn't place unauthorized equipment in a network closet. He didn't even abuse a relationship of trust between a publisher and a college. All he did was show that all you need to do is politely ask the server for information, and it would happily give it to you.
Auernheimer should've gone to AT&T to report the problem. I've done that myself several times and they've always been very receptive. They might not fix the problem quickly (they're a big company and move slowly), but I've never had them sic the US Attorneys on me for it.
Consider yourself lucky. Or perhaps they know you'd fight back because you're older and have the resources to do so. Going after successful professionals (I can only assume you are) isn't very good for bullies. Bullies need targets they know they can safely victimize. So here we are.
Re: (Score:3)
He could have gone through the "proper channels," and, since a middle manager somewhere would need to be embarrassed, he'd still be up shit creek without a paddle.
You clearly don't know how AT&T's internal policies work, then. My personal experience says, if you go through proper channels, they are very receptive to problem reporting.
He could have did what he did, publicly humiliated AT&T and made the 114,000 individuals affected acutely aware that AT&T had failed them.
See eldavojohn's link to a Wired article for why this isn't what his motivation was, at all. He wasn't looking out for those customers, he just wanted to embarrass AT&T.
OR, he could have done nothing.
That's not the final option; he could've kept those addresses to himself and sold them, and any other personally-identifying information, to others, which is exac
Re: (Score:3)
He crossed the line when he leeched the full database. It was unprofessional, malicious and potentially was motivated by personal gain. He didn't need to do that to prove there was a problem.
Leeching then apologising, saying that you wanted to see the extent of the vulnerability, that's bad. Sending the output to reporters, that's just stupid.
If he was an "activist", he could have put it up on Wikileaks, skipped out on the credit, called himself "Anonymous" and be done. But it seems he wanted his na
Re:And people wonder why hackers often... (Score:4, Insightful)
"Responsibly" like the report of a Java vulnerability in August, that exploded in everyone's face after Oracle sit on that report for months?
The problem is not the people that find and report the problem in a way or another (and advising the users too, just because there are too many cases like Oracle). Is the ones that find and exploit it silently.
Law is (in some cases, literally) killing the messenger, if you find something that could be exploited, better don't tell anyone because even reporting it to the company could get you in trouble too. Eventually someone in the dark side will exploit it (if is not doing that already) but is not your problem, maybe is even designed that way to always get fresh 0-day exploits for the new generation of Stuxnet (lawyers are involved, you can't attribute that to stupidity)
Re: (Score:3)
not if you want to stay out of prison anyways
if you find an exploit, maka a metasploit plugin and publish anonymously via TOR
Re: (Score:3)
Did he 'disclose responsibly'? /. summaries often are entirely wrong.
I know nothing of the case aside from the summary, and
But: "...I thought it was egregiously negligent for AT&T to be publishing a complete target list of iPad 3G owners, and I took a sample of the API output to a journalist at Gawker.'..."
Posting AT&T exposure details to a journalist?
Telling AT&T their data is exposed, getting ignored/whatever, THEN taking to a journalist - something entirely different.
Re: (Score:3)
Like the fellow in the JSTOR case, he decided his crime was OK because he was trying to further his political aims.
US Attorneys (Score:5, Interesting)
Yes, US Attorneys are the most powerful, and least controlled, people in our government. Even the president has more checks and balances on his power than what these guys get away with.
A US Attorney is trying to seize the assets of a friend of mine, who is guilty of doing nothing but leasing land to some farmers, that grew pot on it without his knowledge. He's running into debt fighting the case, but the US Attorney is going full bore anyway, since it doesn't cost *him* anything to try to make an example out of someone.
I think we should institute loser-pays in all lawsuits involving US Attorneys. (Unless we have this already? I don't know.) There's a reason why 90%+ of all cases with them are plea bargained out - the US Attorneys have effectively unlimited resources, and can drain you dry fighting them.
Re:US Attorneys (Score:5, Insightful)
try to make an example out of someone.
This is where the problem starts. Nobody deserves or has earned to be treated differently in a legal system.
Re:US Attorneys (Score:5, Insightful)
Regardless, US Attorney Wagner seems to think that seizing the assets of non-drug-related landowners will be sufficient to scare them all into doing the police work for him.
Re: (Score:2)
Re:US Attorneys (Score:5, Informative)
The US Attorney's office is a breeding ground for monsters, and it certainly isn't any better under the current administration than previous ones.
In the old Roman Empire, this kind of property seizure was done by emperors like Caligula using similar methods.
Re:US Attorneys (Score:4, Interesting)
There's a reason why 90%+ of all cases with them are plea bargained out - the US Attorneys have effectively unlimited resources, and can drain you dry fighting them.
That's not true. Large corporations kick their asses every day due to the budgetary restrictions on the Justice Department. Large Banks and Investment Firms, Big Pharmaceuticals, etc. can out maneuver and spend the government. They can, and do, drag a case on for years and turn it into a war of attrition. And because everyone in the US loves a winner and abhors a loser, US Attorneys look for easy victories, as picking on David is easier to do than fight Goliath.
As for the the large amount of plea bargains, that relates to all accused persons--not just the innocent ones. The fact of the matter is, the vast majority of folks being prosecuted are guilty of the crime they are accused of. So, if you are guilty, taking a deal for a lighter sentence in return for not costing the government huge sums of money to prosecute your case only makes sense...
Re: (Score:2)
If it applies to innocents as well as the guilty, taking a deal is completely irrelevant and unrelated to actual guiltiness. Thus, you can't use the number of deals as measure to estimate that a majority is guilty.
Re: (Score:2)
Where is the judge in all this? He certainly has the power to throw out the case.
a case of legislative overreach and the unfettered (Score:4, Interesting)
a case of a bunch of clueless pricks in the legal system extending jurisdiction to a field they have no knowledge of but feel they need to be responsible for. The fact that the people involved are not so embarrassed that they automatically resign when these acts come to light but instead defend their position also speaks volumes.
It's as if Jen from the 'it crowd' got a law degree.
Re:a case of legislative overreach and the unfette (Score:4, Insightful)
They aren't clueless. They act as malicious enemies of the people.
Re: (Score:2)
Who's user agent is it anyway? (Score:2)
kim.com has his megakey system which works as an ad blocker but replaces existing advertisments on web pages with ads served by mega. There has already been some rumbling from advertisers and web page publishers that changing a web page in this way violates their copyright. So is it always going to be legal for me to view source on a web page and view it in my preferred way?
Likewise, I can put any address I like into the URL bar but these guys are being prosecuted for doing that. Isn't it their web browser?
Re: (Score:3, Insightful)
He embarrassed a large corporation. That makes powerful people upset. He must be punished.
I miss typed a URL once.... (Score:5, Funny)
and saw something I wasn't expecting to see. I should have told my sorry story to a journalist at The Onion!
"Area man, who miss typed a URL and saw something he didn't expect to see, is now under expensive investigation"
In a comment, average taxpayer stated "This is definitely the right way to spend tax dollars and why I am proud to be a taxpayer."
All a show and the DA is the ring master. (Score:5, Insightful)
The problem is that the law makes it a crime for 'unauthorized' access, but allows the 'victim' to detrtmin whatwas 'unauthorized' *after* the fact and for a public offering that is automated.
It is as if someone puts a stack of newspapers on a sidewalk with a sign that says 'free' and then asking the DA to prosecute for 'theft' anyone they don't like that took them upon their offer and took more then one. I.e.they decide afterwards that one is The 'limit' and the sign just says 'free'.
Oh and these sleazy DAs count each URL issued as a separate count of the 'crime' with a penalty of 5 years and $300,000 possible on each count of 'unauthorized access'.
It is all to appear 'tough on crime' for their next election. And, yes, they have all the resources of their office to put on your case against you.
Fair? No. Disproportionate penalty for the 'crime'? Certainly. It is really a contract dispute - a civil matter, not criminal.
The law is just wrong. Make your vote count on these issues and hold your legislators and judiciary oversight officials accountable in the voting booth.
Re: (Score:2)
It is sad for me to say, but I think that it'll tak
Re: (Score:2, Insightful)
Re:All a show and the DA is the ring master. (Score:5, Insightful)
In that case, and this, every single 'GET' request they were complaining about was one which was responded to with data, not a 403 (or other) error. In my view, as someone with a technological bent, that means that their webserver had vetted the request, and decided that the access was authorised. And therefore not 'unauthorised'.
Due to the lack of any consideration, this isn't contract law. But you're right, it certainly shouldn't be criminal to edit a URL, or to accept (which is what the client does) what is freely offered (which is what the server does). The courts don't seem to understand that *the server is in control*, it is *responsible for everything that gets transmitted* - that's its sole job.
Re: (Score:3)
Stephen Heymann (Score:4, Insightful)
Stephen Heymann is the poster child for this kind of overreach when it comes to prosecuting so called "computer crimes"
He has written papers and lobbied for more harsher penalities and easier access to data without a warrant to prosecute "computer criminals"
Re: (Score:2)
Even little things count can, though of course if you want to do something more high profile, that's up to you.
Act anonymously next time. (Score:2)
Attaching your name to things is vanity.
Next time you find something amusing, dump it on /b/, post it as fiction, and enjoy the show.
Bought Influence (Score:3, Interesting)
How we deal with this in The Netherlands (Score:5, Informative)
Here in the Netherlands we had a similar thing just before Christmas. Someone had altered a URL on the website of our monarchy and in this way found the Queen's Christmas speech that was to be broadcasted on Christmas Day (logically). He made that public and there was some consternation about whether or not this was a punishable act, but mainly about how our government fails in securing their internet activities tima and time again. The person who had found the speech was not prosecuted and the speech was broadcasted as planned.
Just deserts (Score:5, Interesting)
As far as I know - this guy highlighted a security flaw that exposed private data to the world. This meant he knew that that data was private and should not be maliciously exploited. He then wrote an application that accessed that data maliciously. The first bit is laudable. The second bit is as stupid as it gets given that he'd just told the company this sensitive data was exposed.
Re: (Score:2)
In what way was his access malicious? The word means "with harmful intent" - intent, mind you, not effect, although I don't believe any actual harm has been demonstrated either.
Was AT&T prosecuted? (Score:4, Interesting)
Under EU law at least AT&T would be in trouble for violating privacy laws, they didn't protect private customer data and that is a violation.
So what was the reason this guy who went to a reporter (not just published the list or sold it) prosecuted? And why is there no link of said reporter defending his source?
This case could not have happened in say my own country. There have been cases were it was TRIED but the judges slapped it down hard. So... what part is missing from the story (we are reading just one side of it) or is the US really that different? I can't imagine the US has no privacy laws at all that AT&T would not have violated by making data so easely available. Can't someone bring a case against AT&T? Making this guy evidence in a far great case, possibly worth some outrageous sum in a settlement and worthy as a bargaining chip to get this case dropped?
What is missing from this story? Because on its own it seems to make no sense. Why should AT&T risk bad publicity when a simple "don't do that again" would have buried the story years ago.
This has been going on for a long time (Score:5, Informative)
http://bostonherald.com/news_opinion/local_coverage/2013/01/ortiz_says_suicide_will_not_change_handling_cases [bostonherald.com]
And Assistant United States Attorney Stephen Heymann 'drove another hacker Jonathan James to suicide in 2008 after he named him in a cyber crime case':
http://www.dailymail.co.uk/news/article-2262831/Revealed-Aaron-Swartz-prosecutor-drove-hacker-suicide-2008-named-cyber-crime-case.html [dailymail.co.uk]
Here are some other grubby cases Oritz has been involved in: http://whowhatwhy.com/2013/01/17/carmen-ortizs-sordid-rap-sheet/ [whowhatwhy.com]
Ortiz’s husband attacked the Swartz family on Twitter: "Truly incredible that in their own son's obit they blame others for his death and make no mention of the 6-month offer
http://www.boston.com/business/innovation/blogs/inside-the-hive/2013/01/15/attorney-carmen-ortiz-husband-attacks-swartz-family-twitter/vzxbY5lrrG7BvGjQGnNDtJ/blog.html [boston.com]
http://twitchy.com/2013/01/15/husband-of-mass-attorney-general-deletes-twitter-account-after-defending-prosecution-of-aaron-swartz/ [twitchy.com]
There are "We the people" petitions to remove both Orirz and Heryman, but don't hold your breath. She is an Obama appointee and Heymann's father is a Clinton staffer. How about Someone in the press corps ask Obama what he thinks of his appointees killing off bright young kids?
https://petitions.whitehouse.gov/petition/remove-united-states-district-attorney-carmen-ortiz-office-overreach-case-aaron-swartz/RQNrG1Ck [whitehouse.gov]
https://petitions.whitehouse.gov/petition/fire-assistant-us-attorney-steve-heymann/RJKSY2nb?utm_source=wh.gov&utm_medium=shorturl&utm_campaign=shorturl [whitehouse.gov]
Civil liberties attorney Harvey Silverglate said of Aaron: "He was being made into a highly visible lesson, He was enhancing the careers of a group of career prosecutors and a very ambitious — politically-ambitious — U.S. attorney who loves to have her name in lights.” http://news.cnet.com/8301-13578_3-57564212-38/prosecutor-in-aaron-swartz-hacking-case-comes-under-fire/ [cnet.com]
The problem is Federal Prosecutors pick a career-building target and then shop for a crime. Big Criminals are too much work, but small fry like Aaron don't have the resources to fight back so all they have to do is bully them into taking a plea bargain and then bask in the glory. It's been going on for a long time and many people have been swallowed up, but the media usually never reports it:
http://books.google.com/books?id=Tu5RB6YHf10C&pg=PP1&lpg=PP1&ots=51Ya4U8XFt&dq=lynch+in+the+name+of+justice [google.com] (Go to page 43 of this Google Books preview).
Re: (Score:2)
Re:This has been going on for a long time (Score:5, Insightful)
There was never any serious question about Swartz commiting the crimes he was charged with (video tape of him doing it, his fingerprints on the HD inside the laptop, etc.),
There is absolutely reasonable doubt that the actions Swartz took were against the law. There is no doubt that he placed a laptop in a utility closet in MIT and downloaded articles for redistribution. But whether that was against the law is for a jury to decide. Note that no security, physical or electronic, was ever broken.
honestly a 6 month sentece would have been about right.
If a 6 months sentence was appropriate, he should gotten a jury trial on that 6 months charge. But if he wanted to exercise his right to a trial, he'd be hit with 35 years. Do you not see the problem with that? Plea bargaining is plainly unjust.
Re: (Score:3)
The Prosecutor can not set the sentences before the trial takes place - they can drop some or all of the charges, but not impose restrictions on the sentence the judge can impose.
The Judge can follow federal sentincing guidelines or not.
The Judge can set the sentences to run concurrently or sequentially.
The Judge can throw the case out.
The Prosecutor is responsible for cataloging the crimes they believe were comitt
Re: (Score:3)
Excuses, excuses. The fact is 35 years for what Swartz did is absolutely unconscionable. Whatever legalistic reasons you can come up with for the charge of 35 years is simply proof that our legal system is unjust. This is not how a justice system works, this is how a justice system fails.
This is nothing like Swartz case. (Score:5, Insightful)
This guy is nothing but an attention whoring internet troll. He did what he did for nothing more than to try to publicly shame AT&T in the most irresponsible way possible, and generally goes out of his way to cause trouble all over the internet. He had no sense of care for the data he was putting under the public spotlight instead of sensibly disclosing the vulnerability to AT&T. For him to suggest he did because of AT&T's "egregiously negligence" yet chose himself to make the most egregiously negligent response is hypocritical to say the least.
I have no sympathy for this Weev guy. Do not liken his situation to Aaron Swartz. That would be doing a massive disservice to his memory. Tools like this should get what is coming to them.
So Completely Different From the Swartz Case! (Score:5, Informative)
Spitler: I just harvested 197 email addresses of iPad 3G subscribers there should be many more weev: did you see my new project?
Auernheimer: no
Spitler: I’m stepping through iPad SIM ICCIDs to harvest email addresses if you use someones ICCID on the ipad service site it gives you their address
Auernheimer: loooool thats hilarious HILARIOUS oh man now this is big media news is it scriptable? arent there SIM that spoof iccid?
Spitler: I wrote a script to generate valid iccids and it loads the site and pulls an email
Auernheimer: this could be like, a future massive phishing operation serious like this is valuable data we have a list a potential complete list of AT&T iphone subscriber emails
Spitler: I hit fucking oil
Auernheimer: loooool nice
Spitler: If I can get a couple thousand out of this set where can we drop this for max lols?
Auernheimer: dunno i would collect as much data as possible the minute its dropped, itll be fixed BUT valleywag i have all the gawker media people on my facecrook friends after goin to a gawker party
At one point the two discussed the legal risks of what they were allegedly doing:
Spitler: sry dunno how legal this is or if they could sue for damages
Auernheimer: absolutely may be legal risk yeah, mostly civil you absolutely could get sued to fuck
At the same time, others on the IRC chat allegedly discussed the possibility of shorting AT&T’s stock.
Pynchon: hey, just an idea delay this outing for a couple days tommorrow short some at&t stock then out them on tuesday then fill your short and profit
Rucas: LOL
Auernheimer: well i will say this it would be against the law for ME to short the att stock but if you want to do it go nuts
Spitler: I dont have any money to invest in ATT
Auernheimer: if you short ATT dont let me know about it
Spitler: IM TAKIN YOU ALL DOWN WITH ME SNITCH HIGH EVERYDAY
In the wake of news stories about the breach, they allegedly discussed their failure to report the vulnerability to a “full disclosure” mailing list, as well as the opportunity to push their Goetse Security business as a result of the breach:
Nstyr: you should’ve uploaded the list to full disclosure maybe you still can
Auernheimer: no no that is potentially criminal at this point we won
Nstyr: ah
Auernheimer: we dropepd the stock price
Auernheimer: lets not like do anything else we fucking win and i get to like spin us as a legitimate security organization
Sound like some classy fellows there. It's a shame for Swartz that he's being lumped in with this guy. At some point, I hope Slashdot pulls its collective head out of its own ass and realizes that these aren't black and white issues and stops comparing them to things that were like the Civil Rights Movement. Auernheimer: "this could be like, a future massive phishing operation serious like this is valuable data we have a list a potential complete list of AT&T iphone subscriber emails" ... yeah, no criminal intent there.
Re: (Score:3)
I'm sure that the fact that they decided doing any of those things makes no difference.
Simple explanation for all of these cases (Score:3)
Fascism
Responsible disclosure is dead (Score:5, Insightful)
Here's what I've learned recently: If I ever discover a major security hole, do not even attempt to release it responsibly. Instead, layer up behind some proxies and Tor and leak it into a blackhat forum or IRC channel. That way the security hole will eventually get fixed, and I can't be prosecuted.
Re: (Score:3)
Or, shut the heck up and forget you ever saw it. I've done EXACTLY the kind of "hacking" they're talking about; sometimes out of curiosity, more often just trying to get past a broken link. I recall about 10 years ago I came across a list of USN ballistic missile sub deployments... don't know if it was classified, but I backed out of there fast, wiped the browser history and cache, and kept my mouth shut (well, until now).
Uncomfortably similar? (Score:3)
If you think Auernheimer is anything like Aaron Swartz, think again.
We need tech jury's and better jury's pay (Score:3)
We need tech jury's and better jury's pay.
In a lot of places jury pay is way under min wage and some people can't just pay to miss work for a long trial.
Also there are a lot's of tech cases where a jury made up people who know about tech is needed and the system that we have now may have so you only get 1 person on the jury that knows about IT and can drive there views on to the full group.
Let's solve this problem (Score:3)
We need a responsible disclosure law. Following the law should do two crucial things: 1) indemnify the security researcher and 2) indemnify the company if they fix the problem in some reasonable amount of time. Not following the law should leave you at the mercy of the courts.
The law could require the researcher to notify the company/organization, or allow them to notify some responsible body like CERT or the FBI. If the problem is not fixed by some deadline, then the researcher should be able to disclose or sell the information as they choose with no criminal charge or liability.
Re: (Score:2)
Re: (Score:2)
He published a how-to on downloading customer info from AT&T, rather than alert AT&T to the vulnerability.