Friday, March 22, 2013
BOB GARFIELD: There are poster children, and there are poster children. What if you argued that anti-hacking laws, such as the Computer Fraud and Abuse Act are unduly harsh on crimes that ultimately protect us all by exposing security vulnerabilities? There would seem to be no better cause célèbre than Andrew “Weev” Auernheimer who was sentenced this week to three and a half years in prison for hacking AT&T's website. Three plus years in prison, isn’t that just the kind of sentence that we've been told terrified Aaron Swartz into committing suicide while awaiting trial for illegally downloading a trove of academic files? The problem with Andrew Auernheimer though, poster child-wise, is that he is an unapologetic troll. Here he was in February talking to WNYC's New Tech City.
ANDREW “WEEV” AUERNHEIMER: I think that the people in power deserve to have their lives ruined. They are - they are thieves, they’re seditious thugs. They are liars and they are criminals. And one day there will be courts with integrity to bring them to justice.
BOB GARFIELD: Gawker’s Adrian Chen has been reporting on Weev’s case. Adrian, welcome to On the Media.
ADRIAN CHEN: Hi, Bob.
BOB GARFIELD: So what did this guy do exactly?
ADRIAN CHEN: He conspired to exploit a security flaw in a public website from AT&T and use a special computer program to harvest over 110,000 email and login credentials and ID numbers from iPad owners.
BOB GARFIELD: And having discovered this security flaw, he immediately got in touch with AT&T and said, hey guys, you've got a problem. I've found the problem. I have got all of these email files and I’m gonna turn them over to you. Would you – you just fix this up, for the sake of all of us. Right?
ADRIAN CHEN: Well, no and, and [LAUGHS] that’s kind of where he got in trouble. He claims that he contacted AT&T, but that's in dispute. What he did, for sure, was email a reporter at Gawker, where I work now, and told him, we found this vulnerability in AT&T, and he turned over the list of all of the email addresses and iPad IDs that they'd taken, and we published a redacted version of some of those to show that AT&T had this vulnerability.
BOB GARFIELD: This was not his first time in the public eye. Weev is kind of a notorious figure in the, the black hat hacking community. Tell me about him.
ADRIAN CHEN: He's kind of the godfather of Internet trolling, as we think of it today. He was the subject of a, a big New York Timesarticle about Internet trolls in 2008, where he was quoted saying all sorts of horrible things like, “I’m a life ruiner” and “I just do things to get a rise out of people.” He's been known for just saying totally offensive things in order to get attention and reactions from people, and he's been doing this for years.
BOB GARFIELD: So if one were to make the case that these hackers ultimately are serving some sort of civic good by finding the security flaws, he’s not the guy you would want to testify at the Senate Commerce Committee, for example.
ADRIAN CHEN: No, you certainly wouldn’t. And even within the computer security industry, which is generally supportive of Weev, his tactics are very controversial. I mean, he didn't give enough notice to AT&T and kind of was a real jerk about how he went about exposing this flaw.
BOB GARFIELD: Adrian, in the introduction I referred to Aaron Swartz who was facing jail time himself over what his defense anyway said was a categorically unmalicious hack of some academic records. The circumstances of his suicide aren’t necessarily as clear-cut as his supporters would argue, but whatever sympathy he was able to generate for rethinking the Computer Fraud and Abuse Act, have they been utterly undone by Weev?
ADRIAN CHEN: No, I don't think that this case has undone any of the, the goodwill sparked by Aaron Swartz. If anything, it’s allowed people who are trying to reform the Computer Fraud and Abuse Act to sort of tease out the issues because ideally the issues surrounding this act, which is that it's too broad and too harsh, should be separate from the motives and the personality of the defendants. And you see people like the Electronic Frontier Foundation coming out and saying, you know, we don't support the horrible things that he said but this law is bad and his punishment is unjustified, just like Aaron Swartz was.
BOB GARFIELD: Adrien, thank you very much.
ADRIAN CHEN: Thank you.
[MUSIC UP AND UNDER]
BOB GARFIELD: Adrian Chen covered the case of Andrew “Weev” Auernheimer for Gawker.