Skip to Content
MIT Technology Review
Sign in
Uncategorized

Jail Looms for Man Who Revealed AT&T Leaked iPad User E-Mails

The case highlights a troubling disconnect between online life and the rule of the law.
November 19, 2012

UPDATE 11/20/2012: Auernheimer/Weev has been found guilty on both counts, with sentencing scheduled for 90 days or more from today.

AT&T screwed up in 2010, serving up the e-mail addresses of over 110,000 of its iPad 3G customers online for anyone to find. But today Andrew Auernheimer, an online activist who pointed out AT&T’s blunder to Gawker Media, which went on to publicize the breach of private information, is the one in federal court this week.

His case highlights some potentially troubling disconnects between the practicalities of online life and the rule – and application – of the law.

Auernheimer, whose pugnacious online persona is Weev, is up on two counts, each with the potential to land him with five years in jail. One alleges that by being in possession of the e-mails from AT&T’s leaky system he handled “identification information” in breach of a law intended to protect against identity theft, USC 1028. It’s worth noting that so far there appears to be no indication that Weev had plans to use the e-mails collected for anything more than proof that AT&T was leaking its customers’ data.

The more concerning charge to online activists watching Weev’s case is based on the Computer Fraud and Abuse Act, which forbids “unauthorized access” to a computer. Weev and a fellow hacker who originally uncovered AT&T’s mistake and collected the e-mails didn’t ask the company for permission to access the Web addresses that shared iPad users’ private information. But those Web addresses weren’t hidden behind password prompts or any kind of protection – they were publicly accessible. Getting AT&T’s system to spit out a customer’s e-mail address simply required visiting an AT&T web address with a particular – and easy to guess – code tagged onto the end.

Groups like the Electronic Frontier Foundation (EFF) worry that should that charge succeed it will become easy to criminalize many online activities, including work by well-intentioned activists looking for leaks of private information or other online security holes. Weev’s case hasn’t received much attention so far, but should he be found guilty this week it will likely become well known, fast.

Keep Reading

Most Popular

This new data poisoning tool lets artists fight back against generative AI

The tool, called Nightshade, messes up training data in ways that could cause serious damage to image-generating AI models. 

Rogue superintelligence and merging with machines: Inside the mind of OpenAI’s chief scientist

An exclusive conversation with Ilya Sutskever on his fears for the future of AI and why they’ve made him change the focus of his life’s work.

Data analytics reveal real business value

Sophisticated analytics tools mine insights from data, optimizing operational processes across the enterprise.

Driving companywide efficiencies with AI

Advanced AI and ML capabilities revolutionize how administrative and operations tasks are done.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.