Marcia Hofmann is joining his appeals team, so I suspect this is going to SCOTUS.<p>Normally you pick the <i>most</i> compassionate defendant (like they did in Heller in DC) for a test case. Weev is probably the <i>least</i> sympathetic defendant. But I guess you go to war with the weev you have, not the aaronsw you wanted.
It should be noted that he was convicted on two counts: conspiracy to access a computer system without authorization, and fraud in connection with personal information.<p>The way the CFAA works is that it's a misdemeanor unless the illegal access is pursuant to some other crime, which bumps it up to a felony. Had weev simply stumbled upon AT&T's security flaw and reported it AT&T, the worst they could have gone after him for is a misdemeanor.<p>People are acting like the fact that he downloaded tens of thousands of pieces of personal information is totally irrelevant, but it's not. It's highly relevant. It's why he's been convicted of a felony rather than a misdemeanor. And it should make intuitive sense and it's mind-boggling to me that somehow people on here intellectualize the situation to the point where they write out this part of the facts.<p>In meat space, the crime of trespassing can range in severity from a nothing to a serious felony depending on what the surrounding circumstances says to a jury about the trespasser's intent. Here, it was totally reasonable for a dispassionate observer to conclude that weev's intent in downloading tens of thousands of pieces of personal information (not to mention the IRC conversations) was seriously malevolent.<p>It should finally be noted that the "fraud in connection with personal information" conviction would have been by itself sufficient to support the sentence.
Every time I see a ruling like this, I can't help but think that future historians will view this time period in the same way that present day historians view the crusades/religious persecution/witchhunts of the past millennium.<p>It's amazing how much point of view can change perspective.
Prison doesn't work. It is expensive. Yet the US has the highest documented rate of imprisonment in the world.<p>It's going to cost approx $40,000 per year to keep this non-violent criminal off the streets. (From Wikipedia, California state prison, 2008)<p>The US should probably consider not putting people into prison unless they are violent offenders, or unless they are repeat offenders. (But even for repeat offenders it's probably cheaper to work out why they're offending and put something in place to stop that.)<p>(<a href="https://en.wikipedia.org/wiki/Incarceration_in_the_United_States#Cost" rel="nofollow">https://en.wikipedia.org/wiki/Incarceration_in_the_United_St...</a>)
Maybe it's a function of gettin older, but it feels that my country (and as a sort of extension the English speaking West) has begun to tire of the effort.<p>We have marched, protested, voted and won. Human rights, gay rights, pollution and justice. But it took effort and now the injustices are less obvious, are not next door but a long way away, and so it seems we can stop and rest. But injustice is like entropy - it never rests and so we let the torture be done in our name, we don't mind that the youth of the country are given sentences for looting longer than murderers, we don't shout that companies who leave their virtual doors unlocked should not be upset i they find people inside the building<p>It's right we should be upset, should write our MP should protest the wrongs - but it just seems lacking<p>I used to think that the USA had a written condition and so would always defend these things - but it seems that if we stop caring then we stop fighting for the spirit of the law and disappear up out own bottoms arguing over the letter of the amendment.
For context, this guy used to be part of the GNAA. They don't care at all about exposing security holes. His goal probably wasn't to cause some sort of security improvement. Yeah, the punishment was harsh, but this guy isn't exactly a folk hero.
If you are driving down the street, and notice that I put the deadbolt onto my house backwards (so that it locked from the outside), is the appropriate thing to do to let yourself in and walk around looking at all my stuff and then call the local news station and invite them in along with you, or is it to call the police or leave me a note letting me know I've got a problem?
I've never seen an uglier IAMA on reddit: <a href="http://www.reddit.com/r/IAmA/comments/1ahkgc/i_am_weev_i_may_be_going_to_prison_under_the/" rel="nofollow">http://www.reddit.com/r/IAmA/comments/1ahkgc/i_am_weev_i_may...</a>
Whether they've stated it publicly or not, I would imagine AT&T's main contention with weev is that he released the information publicly (to Gawker) without attempting to disclose the information to them first (please correct me if he did and I've overlooked that). Nonetheless, if he were to have gone to AT&T first I don't think there's anything that could have stopped AT&T from accusing him of hacking and pressing charges anyway since that wouldn't have changed the way he went about discovering the issue. That's scary. Even this particular case aside, how is a person supposed to ethically disclose an exploit to an organization without fear of prosecution?
I really hope Jury nullification <a href="http://en.wikipedia.org/wiki/Jury_nullification" rel="nofollow">http://en.wikipedia.org/wiki/Jury_nullification</a> becomes a bigger thing in this country..
it's ridiculous how a single, cohesive act can be broken apart into individual charges which each has its own punishment independent of the others. it's like sentencing someone for murder to 10 years in prison and another 3 years because the person used an illegally acquired weapon to do it.
I wonder if he's going to become a modern Ned Kelly. I'd hope not, I'm sure there's better folk heroes for us.<p>He remained unrepentant, he said next time he'd go the harsher route, rather than detecting the flaw and reporting it they'd made sure to collate a lot of information from the leak and according to weev reported it before approaching Gawker.<p>I think the sentence is out of line with his crime, but he was never going to get a slap on the wrist and told to go his merry way. They've probably done their homework and found he's been up to merry hijinks with computers for longer than most people have known how to email.<p>Maybe slightly cynically of me I wonder if this his act of ultimate trolling, to force the courts to go for a harsh sentencing and to get a wave of sympathy that leads to people DDoSing .gov pages.
I think the thing that doesn't sit right about this is that he accessed the data with entirely ordinary means, but it's called "access without authorization" simply because the company didn't want him to have it.<p>If a company accidentally puts a link on their homepage to private info (say, with a typo) and users click on the link and read the page contents, are the then violating the CFAA because they should have known that the company didn't intend for them to view that information?<p>If you get naked in front of a window visible from the street, you can't get mad that someone saw you.
The wording of popular news outlets like [0] really casts a doubt on their work in other areas too. If this is journalism in a reputed company, then how can we expect an impartial and honest media?<p>[0]:<a href="http://www.washingtonpost.com/business/technology/man-convicted-of-stealing-over-100000-email-addresses-from-ipad-users-faces-sentencing-in-nj/2013/03/18/eb8c7d98-8fb7-11e2-9173-7f87cda73b49_story.html" rel="nofollow">http://www.washingtonpost.com/business/technology/man-convic...</a>
I keep seeing posts referencing that his actions were "technically trivial." How does anyone propose we write or enforce legislation based on that criteria?
Cruel and unusual punishment, again prison for non-violent crime (non repeat). We are definitely backwards and feudal in this aspect. Non-violent crime resulting in prison time is a net loss for everyone and everything involved except private prisons. Everyone loses in this situation. Do you want to pay for this guy to sit in prison with your tax dollars?<p>What would have happened if they jailed Woz + Jobs back in the blue box days?
I am curious: What is the right protocol about telling that you were able to locate an egregious security flaw on a public server?<p>Should I go ahead and tell the company? And possibly get sued anyway?
Do I have a right to show it to my friends or journalists?<p>Or should I just shut up and pretend that I have never seen this security problem?
3.5 years for accessing public urls and then forwarding the information on to a media organisation (yes I know it's Gawker, but still). Makes me wonder what Aaron would have got if he'd gone to trial.