For these unfortunate souls, the potential punishments far outweighed the alleged crimes
Businesses and politicians are understandably concerned about the threat of cybercrime, given the rising threat of international cyber crime syndicates, some of which are backed by foreign governments. Unfortunately, lawmakers and business leaders have proven themselves overzealous at times in their pursuit of alleged hackers and small-time cybercriminals, abusing their expansive resources, their power, and poorly written legislation like the DMCA, whether to silence and subdue legitimate researchers and developers or to make examples of small-fish hacktivists and pirates through disproportionately harsh fines and jail sentences. In this slideshow, we present some of the faces of people who’ve felt the brunt of this cyber crime and hacking hysteria since 2000.
Aaron “weev” Aurenheimer
Earlier this month, 26-year-old security researcher Aaron “weev” Aurenheimer was handed a whopping 41-month prison sentence on one count of identity theft and one count of conspiracy to access a computer without authorization. Following his jail term, he faces three years of supervised release. He is also required to pay $73,000 in restitution to AT&T. His crime: Using a scripting tool called the iPad 3G Account Slurper, which automates Get requests, to pull the names and email addresses of 114,000 iPad 3G owners from AT&T's public-facing servers in June 2010. (AT&T had intentionally linked the ICC-ID [Integrated Circuit Card ID], a serial number on the SIM card of an iPad with cellular connectivity, with users’ email addresses.)
J. Alex Halderman
J. Alex Halderman, an assistant professor at the University of Michigan, started grappling with the DMCA in 2003, when he postponed publishing findings about security vulnerabilities in Sony-BMG’s CD copy protection software, fearing DMCA-related litigation. That year, researchers sought a DMCA exemption so they could research security vulnerabilities in DRM systems, but the Library of Congress denied that request. In 2006, the agency did grant an exemption for examining copy protection software on CDs, but not for other DRM systems. In 2009, Halderman had to seek a DMCA exemption in order to continue his research; he secured a limited exemption in 2010, but it was not renewed in 2012, leaving this research vulnerable to legal action.
George “Geohot” Hotz
In 2010, George Hotz used encryption research from the failOverflow team to gain access to the Sony PlayStation 3's hypervisor. Sony released a mandatory firmware update to prevent players from using Hotz’s tool, and Hotz countered with custom firmware and root keys to the console. Sony then sued Hotz and failOverflow and sought to impound all of his “tools of circumvention.” Sony also subpoenaed some of his online accounts and demanded to know the identities of everyone who had accessed his website or YouTube videos while the jailbreak was posted. Eventually, Sony dropped its case, but “only after Hotz promised not to hack any Sony products, discuss hacking Sony products, or link to any research related to hacking Sony products.”
Matthew Keys, a now-former employee of Reuters, faces 25 years in prison and a fine of $750,000 for allegedly helping Anonymous access the L.A. Times website. In December 2010, Keys reportedly provided members of the group with the login credentials to his former employer and encouraged them to "go f*** some s*** up." Anonymous proceeded to log in and change the headline for one Times story to read "Pressure builds in House to elect CHIPPY 1337," bylined "CHIPPYS NO 1 FAN." As observed by InfoWorld columnist Robert X. Cringely: “Total time the site was under Anonymous's control: less than 30 minutes. Keys' potential jail time: 25 years and a $750,000 fine. Can it get more absurd than that?”
Dmitry Sklyarov was arrested by federal agents in July 2001 Def Con after giving a presentation about a tool he developed at ElcomSoft that allowed users of Adobe System's eBook Reader software to remove its copyright protections and open those files as a PDF. Prompted by Adobe, U.S. federal agents detained him for more than six months on charges of trafficking and conspiring to traffic a copyright circumvention device. He faced up to 25 years in prison and a $2.25 million fine. Ultimately, though, he reached a deal with U.S. prosecutors that left him free to leave the country in exchange for testifying against ElcomSoft. In December 2002, a jury acquitted Elcomsoft of all charges, completing the 18-month ordeal.
Programmer Aaron Swartz committed suicide in January as he faced hacking-related charges that could have landed him in jail for decades. He faced a variety of DMCA-based charges in a Massachusetts federal court, including computer intrusion, wire fraud, and data theft stemming from allegations that he stole millions of scholarly articles and documents from MIT’s subscription-based JSTOR service. Since his death, critics including members of the U.S. Senate have asserted that that the prosecutors pursuing Swartz were overzealous, proposing a penalty that far outweighed the alleged crimes. U.S. Attorney Carmen Ortiz later acknowledged that there had been no evidence to warrant severe punishment.
Last year, a U.S. District Court judge upheld a $675,000 fine for Joel Tenenbaum, a former Boston University student who illegally downloaded and shared 31 songs through the long-defunct service Kazaa. Tenenbaum was found guilty in 2009 and faced a fine of $22,500 per song. U.S. District Court Judge Nancy Gertner found the jury's original verdict to be "unconstitutionally excessive," but an appeals court overturned her decision in 2011. In May, the U.S. Supreme Court refused to hear Tenenbaum's appeal on constitutional grounds, so the case went back to the U.S. District Court, and the new judge was not allowed to rule based on constitutionality. Judge Rya Zobel upheld the original $675,000 fine. Tenenbaum has since appealed the decision.