Communications of the ACM
This Accused Hacker Is a Jerk. Here’s Why He Shouldn’t Be a Felon.
Andrew Auernheimer used an automated program to download tens of thousands of email addresses that AT&T had accidentally published to a public web site, then gave them to the media. He was convicted of violating the Computer Fraud and Abuse Act.
Credit: Andrew Auernheimer
Dozens of computer security experts have filed a brief in support of Andrew Auernheimer's attempt to overturn his recent conviction on federal computer-hacking charges.
AT&T had accidentally published tens of thousands of email addresses to a public website and Auernheimer, known by his online handle "Weev," used an automated program to download them. He then gave the addresses to the media in an attempt to embarrass AT&T, an action the government said violated the Computer Fraud and Abuse Act, which makes it a federal crime to access a computer system without authorization.
However, computer experts warn the decision could slow down legitimate security research.
The government argues that Auernheimer should have known that the information was not intended to be accessed by third parties.
However, AT&T's decision not to protect the website with a password or other security measure should settle the issue, says University of Pennsylvania professor Matt Blaze. The kind of automated downloading Auernheimer used, called "scraping," is very common and is used by search engines to build their indexes; the courts have previously held that even unwelcome website scraping does not violate anti-hacking laws.
Blaze notes that automated Web-scale research can have significant public benefits.
From The Washington Post
View Full Article - May Require Free Registration
Abstracts Copyright © 2013 Information Inc., Bethesda, Maryland, USA
No entries found