Jump to Navigation

Man faces federal charges for accessing info on a public website

In 2010, an AT&T software security hole allowed savvy internet users to access the email and device identification numbers of over 100,000 iPad customers from all over South Carolina and the United States. The security breach was embarrassing for AT&T, coming close on the heels of one of an employee having lost a then-unreleased version of the iPhone in a bar. There is no evidence that the defendant had any nefarious intentions or ever meant to commit any internet crimes.

Upon discovering the mistake, the group brought it to the attention of AT&T and the online news outlet, Gawker. Now, after an extensive federal investigation, one of the activists responsible for exposing the security hole is facing two serious charges that could bring penalties of up to five years each.

The first charge is that the defendant had customer information in violation of a federal statute that prohibits unauthorized possession of identification documents. The second charge is that he committed unauthorized access of a computer in violation of the Computer Fraud and Abuse Act.

Taken together, the federal charges basically accuse the defendant of illegally accessing and possessing information that AT&T mistakenly allowed to become publicly available. There are no additional ongoing prosecutions in relation to the case.

It is significant that the information, which the defendant accessed remotely through the internet, was not password protected and could be obtained through AT&T's public website. Anyone could obtain the iPad user data by entering specific URLs into a browser. The activist group was clever in its ability to guess the URLs, but no more clever than many would-be malicious hackers and data thieves.

After learning of the weakness in its software, AT&T was able to fix the issue and better protect the information.

Experts worry that by criminally prosecuting this case, authorities will scare well-meaning people away from trying to find security holes, making them harder to discover and repair. Other experts are concerned that by interpreting anti-hacking laws so broadly as to justify a conviction in this case, authorities will create a situation where it is far too easy to criminalize what should be legitimate online behavior.

Source: MIT Technology Review, "Jail looms for man who revealed AT&T leaked iPad user emails," Tom Simonite, Nov. 19, 2012

No Comments

Leave a comment
Comment Information
CONTACT US

Bold labels are required.

Contact Information
disclaimer.

The use of the Internet or this form for communication with the firm or any individual member of the firm does not establish an attorney-client relationship. Confidential or time-sensitive information should not be sent through this form.

close
Subscribe to This Blog's Feed Visit Our Criminal Law Website
Office Location

Matt Bodman, P.A.
1500 Calhoun Street
Columbia, SC 29201
Toll-Free: 866-806-8608
Phone Number:
803-806-8605
Fax Number: 803-758-6087

Map & Directions