How An Absurd Troll Exposes The Ridiculousness Of America’s Computer Crime Law

Swartz allegedly circumvented access protocols to download JSTOR documents by changing his MAC address. Keys allegedly gave his old credentials to hackers with a blessing to “go fuck some shit up.” Yet, as AT&T confirmed in their testimony during his court case, Auernheimer didn’t crack any code or passwords. He just did the same thing many network security researchers do every day: Snoop around for security flaws, and expose them. Auernheimer certainly did not follow industry best practices — like informing AT&T — but he also didn’t use the information for evil, unless you count making consumers aware of the insecurity of their data as evil. Some might even call that a public service announcement: As Electronic Frontier Foundation Senior Staff Attorney Marcia Hoffman noted, Auernheimer “is facing more than three years in prison because he pointed out that a company failed to protect its users’ data, even though his actions didn’t harm anyone.”

Make no mistake, laws are needed to govern cyberspace. There are dangerous and criminal activities being committed online — maybe some of Auernheimer’s past behavior included — but the AT&T “hacking” wasn’t one such situation. It’s very unlikely that if someone more reputable discovered the same exploit and disclosed it in a more responsible manner, the situation would have resulted in the same criminal case. Indeed, the same technical practice, web crawling, is deployed by large corporations as part of their regular business practices. That alone shows something is majorly amiss in computer crime laws.