Hacker News new | ask | show | jobs
by andyjohnson0 4835 days ago
I just listed the charges, I didn't say I agreed with them. And I didn't say anything about AT&T.

It seems clear that AT&T failed to protect their customer's personal details. Whether that makes them criminally liable depends on US law, about which I know almost nothing. This [1] article seems to imply that it is fairly weak compared to European data protection laws, so it may be that AT&T did nothing wrong in a strict legal sense.

While its tempting to think that he was just made an example of for embarrassing a corporation, he did write a script to harvest 120,000 email addresses from the AT&T server. I'd say that constitutes criminal intent, even if he had no intention of using the addresses for a criminal purpose.

There are two problems here: 1. absent or weak data protection laws, and 2. disproportionate sentencing guidelines (up 10 years) for what in this case is basically a victimless crime.

[1] http://www.nytimes.com/2013/02/03/technology/consumer-data-p...
1 comments
betterunix 4835 days ago
"While its tempting to think that he was just made an example of for embarrassing a corporation, he did write a script to harvest 120,000 email addresses from the AT&T server. I'd say that constitutes criminal intent, even if he had no intention of using the addresses for a criminal purpose."

Criminal intent...to do what exactly? Email people? Was he planning to send them spam?

Why are we punishing someone who writes a script? Do we really want to live in a society where programming your own computer is a crime?

link
andyjohnson0 4835 days ago
"Criminal intent...to do what exactly?"

Intent to commit a criminal act: "conspiracy to access a computer without authorization". If he'd just accessed a few accounts then that could be attributed to user error or a technical fault, if anyone ever even noticed. Put what he did shows persistent intent to do something which is illegal in the US, even if he wasn't aware of the illegality.

Look, I agree with you. Jailing this guy is manifestly absurd, stupid, and cruel. I was just trying to explain who other people, who may hold differing opinions to you and I and happen to write the law, might see things. Doesn't mean I agree.

link
jessaustin 4835 days ago
That's circular reasoning. We started with, "he accessed a computer". Then we asked, "what was his criminal intent in accessing that computer?" You can't answer, "to access that computer."

If he had sold the data to the Russians, that would have been the criminal intent we're seeking.

link