Andrew Auernheimer, 26, of Fayetteville, Arkansas, was found guilty last November in federal court in New Jersey of one count of identity fraud and one count of conspiracy to access a computer without authorization after he and a colleague created a program to collect information on iPad owners that had been exposed by a security hole in AT&T’s web site.
The two essentially wrote a program to send Get requests to the web site.
The controversial case is one of a string of highly criticized prosecutions of security researchers who have been charged with serious computer crimes under the Computer Fraud and Abuse Act, prompting calls for reform of the legislation to make clear distinctions between criminal hacking and simple unauthorized access and to protect researchers whose activities are not criminal in intent.
Computer security researcher Charlie Miller tweeted Monday morning in reference to Auernheimer’s case that any security researcher could be facing the same fate.
We could all go to jail for security research at any moment, and a jury would happily convict us.
— Charlie Miller (@0xcharlie) March 18, 2013