Repellent Troll Sentenced to Jail for Being Repellent Troll
Many of us applauded when Andrew Auernheimer was arrested, tried, convicted, and sentenced to prison for hacking into AT&T's systems, stealing the private email addresses of thousands of iPad users, and sending them to Gawker.
Auernheimer is a horrible person -- a repellent, nasty Internet troll whose exploits got him into the New York Times Magazine in 2008, where he was identified only by his Internet handle, "Weev." His real identity became widely known only later. He will hereafter be identified as Weev because it fits him better -- he's the personification of every negative stereotype of an Internet troll/hacker (not to be confused with the many hackers who are fit for civil society): he's a pallid, unkempt, emotionally maldeveloped, malevolent weenie.
Here's how the NYT mag's writer, Mattathias Schwartz, introduced Weev in the NYT mag:
I first met Weev in an online chat room that I visited while staying at [fellow troll] Fortuny's house. "I hack, I ruin, I make piles of money," he boasted. "I make people afraid for their lives." On the phone that night, Weev displayed a misanthropy far harsher than Fortuny's. "Trolling is basically Internet eugenics," he said, his voice pitching up like a jet engine on the runway. "I want everyone off the Internet. Bloggers are filth. They need to be destroyed. Blogging gives the illusion of participation to a bunch of retards. . . . We need to put these people in the oven!"
Easy to despise, Weev is. A pathetic creature with whom few people can empathize. Did he deserve to be sent to prison for more than three years? No. Is he a good example to use to point out how clumsy and unfair our cybersecurity laws are, and how clumsily and unfairly they are enforced? Very much so.
The Washington Post decided to focus on Weev in its front-page story today about our broken cybersecurity laws. It's rather refreshing that the paper went this way, given all the hagiographies that have been written about Aaron Swartz, who actually was the "activist" that Weev pretends to be when its convenient. Swartz killed himself, in part because of the federal government's prosecution of him for a crime that was tantamount to misdemeanor trespassing (he accessed M.I.T.'s network -- he didn't even have to hack into it -- to retrieve scientific papers.)
Weev is a better example because he really was culpable (Swartz probably deserved a fine, but he faced up to 35 years in prison). Weev certainly deserves to be punished, and maybe even to do some time. Not because he's an asshole, but because what he did was clearly criminal, and his intent was criminal. We can enjoy the Schadenfreude of his going to prison for more than three years, while also noting that, objectively, he doesn't deserve it. The sentence might be good karmic law, but it's bad criminal law.
No real harm came from his intrusion into AT&T's systems, which were patched within an hour. Nobody's account was breached, and the email addresses that were published (including New York Mayor Michael Bloomberg's) were obfuscated. Still, no matter what the apologists for Weev and other hackers might say, you can't just break into computer systems with impunity, especially when your intent is to do harm. (An accomplice, Daniel Spitler, was the one who actually found the rather gaping breach in AT&T's system that allowed him access to the email addresses. Weev helped him, and Weev was the one who decided to send the addresses to Gawker. Spitler pleaded guilty and is awaiting sentencing.)
The Computer Fraud and Abuse Act of 1984, which was passed when the country was (seriously) frightened by the movie War Games, which was based on the idea that a kid with a phone-modem could set off a nuclear strike against Russia. The act was written to protect government systems, but has been repeatedly amended over the years so that now it can be used to prosecute just about anyone who does anything with a computer that the government doesn't like. While corporate and governmental systems are facing a constant barrage of attacks from seriously scary people and groups (and even foreign governments), the feds are going after amateur hackers whose crimes amount to petty vandalism or petty theft.
A case like Swartz's makes it easy to decry the state of the law, and how prosecutors are misusing it. A case like Weev's makes it harder to do so, but because of that, it also helps to make the case that the law should apply equally to everyone.