Before Andrew "Weev" Auernheimer entered the Newark courtroom Monday to receive his sentence and begin a 41-month stint in prison, the loudmouthed hacker stood before gathered supporters and read from Keats' "The Fall of Hyperion - A Dream."
"Fanatics have their dreams, wherewith they weave/ A paradise for a sect; the savage too/ From forth the loftiest fashion of his sleep/ Guesses at Heaven ..." So begins the epic -- an appropriately grandiose reading for the hacker-cum-troll to choose. Keats' poem tells a story of transcendence, in which poets and dreamers are challenged, persecuted and deified. And Auernheimer (his tongue ever wedged in his cheek) is asking for a little deification too. He is the latest victim in the government's harsh crackdown on hackers -- and he wants you to know it.
In 2010, Auernheimer found and exploited a security flaw in a server of telecom company AT&T. Through the flaw, and without circumventing any security systems, Auernheimer collected 114,000 email addresses of iPad users stored by AT&T and passed some of this information to Gawker. In 2011 he was found guilty of one count of identity fraud and one count of conspiracy to access a computer without authorization. But, as when Aaron Swartz downloaded millions of JSTOR articles, Auernheimer's crime was not a hack -- he did not illegally access a private server. Rather, his conviction hinged on what data gets to be authorized or unauthorized and who gets to decide this. Like Swartz, Auernheimer was charged under the dangerously broad Computer Fraud and Abuse Act (CFAA).
Heading into his sentencing hearing, "Weev" reportedly proclaimed, "I'm going to jail for doing arithmetic!" And in an earlier Twitter direct message conversation, the hacker told me what he believes to be the issues at stake in his case. He explained that the AT&T data he accessed was already "published" -- the telecom company has admitted as much. "The government asserted that after the fact, they can declare a given access to data anyone makes public 'unauthorized' and have you thrown in prison," he wrote.
Unlike Swartz, Auernheimer is more showman than idealist activist. But his case has also importantly highlighted the broad reaches of the CFAA and the heavy weight with which government prosecutors are willing to come down on hackers and cyber-activists. As well as 41 months in jail, "Weev" has been sentenced to an added three years' probation and must pay more than $73,000 in restitution to AT&T.
Auernheimer left a bold message on Twitter before heading in to his sentencing and has assured supporters, on various social media platforms, that he has not seen his last days of mischief-making.
Auernheimer will appeal the federal court's decision. On Monday, the Electronic Frontier Foundation announced that its attorneys would join his legal team. "Weev is facing more than three years in prison because he pointed out that a company failed to protect its users' data, even though his actions didn't harm anyone," EFF senior staff attorney Marcia Hofmann said. "The punishments for computer crimes are seriously off-kilter, and Congress needs to fix them."