The Troll vs. the State

The case of Andrew Auernheimer.


Profile of the day: Gawker's Adrian Chen hangs out with Andrew "Weev" Auernheimer, a media manipulator, prison-bound hacker, and "artisanal troll." There "will always be terrible people," Chen concludes,

It was either this or the Goatse pic.

and out of all of the terrible people on the internet Auernheimer is one of the best. The pureness of his awfulness-for-awfulness' sake is something to marvel at. When the law came for him he didn't suddenly pretend to see the light, he doubled-down and sent a sprawling, arrogant email to the Assistant DA signed "hugs and courage to you". Auernheimer can be a bully and a racist but like many trolls he exposes hypocrisies and injustices through his provocation. In his case, he has forced us to put up or shut up when it comes to freedom of speech on the internet.

Because in the end, Auernheimer's case is about free speech. He faces ten years in prison for using information accidentally made publicly available by AT&T to embarrass it. Nothing was harmed but a giant corporation's reputation….No doubt the fact that he was a dick about it—that he has made a career of being a dick about it—has a lot to do with the fact he's going to prison. But if being a dick on the internet was a crime we'd all be headed for the electric chair. Auernheimer plans to appeal his conviction, and when he does it will hopefully help clear up the U.S.'s outdated and vague computer crime laws, which lead to ridiculous penalties like his.

NEXT: Euro Drops as Doubts over Greek Deal Grow

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. Bravo for the alt-text!

  2. Artisanal troll? WTF? And artisanal? Sounds kind of gay.

    Don't let sloppy read this post, incidentally.

    1. I actually thought "artisanal troll" was the funniest bit, but I'm kind of an asshole myself.

      1. I'm kind of an asshole myself

        Congratulations, you've just won the understatement of the year award.

        1. Anyone can be an asshole some of the time, but it takes talent and commitment to be one 24-7.

    2. I thought "artisanal" was only used to describe.. well, everything at a farmer's market these days.

      1. You mean anything handmade that doesn't have enough popular appeal to warrant mass production?

        1. Hmmm, i think trolls are mass produced these days.

    3. Sounds kind of gay.

      You have no idea. Check out this from his wiki:

      "Auernheimer is the former president of the Gay Nigger Association of America,[32] an anti-blogging trolling group who take their name from the 1992 Danish movie Gayniggers from Outer Space.[37] Members of Goatse Security involved with the iPad hack are also members of GNAA."

  3. But if being a dick on the internet was a crime we'd all be headed for the electric chair.

    Ive never once been a dick on the internet.

    Not once.


    2. By merely having a dick, you're being a dick to all the women on the Internet.

      All three of them, that is.

    3. But if being a dick on the internet was a crime we'd all be headed for the electric chair.

      Not enough juice in the country to do us justice. Plus we would all just Mickey Rourke that shit.

  4. What a vile little man. Is what he did a crime though? It depends on whether you think information needs to be free 100%. Even your personal private information? That's a tricky question for anyone who is not a full blown anarchist. From my viewpoint, posting private account information for all the world to see crossed the line. It violated the subscribers' reasonable expectations of privacy. AT&T was lame for their inept computer security, but dickhead didn't just expose their lameness, he went and violated their subscribers' privacy.

    It's the internet equivalent of discovering someone's house unlocked, going in and taking pictures of their extensive bondage collection, and posting them online for everyone to see. Only a sociopathic troll would say you had the legal right to do that.

    1. Did not read his case, but on this point generally: That depends if there was any actual violation of property. If the information was publicly accessible (not necessarily advertised), then I don't think so. But if we actually hacked their systems, broke through security then then yes.

      There was a German case ruling differently, that essentially something equivalent to chmod a+r * and publicly linkable, or accessible by anyone through the web, even if it's not intended, cannot be construed a criminal act.

      I think that is sensible since that is the only thing defining any rational and clear-cut verifiable/testable boundaries. If I find some file or information online, how am I supposed to know the intent behind it? For example, there is a lot of information available in public records (i.e. dealing with real estate) that most people wrongly assume are private.

      1. It's hard to tell from the linked stories whether he actually hacked the system to get the information, or if it was all just sitting there ready to be downloaded. It was probably somewhere in the middle.

        The real crime was subsequently posting that private information.

    2. What AT&T did (giving user info to the government) was a crime, until it wasn't.

    3. It's more like your landlord putting all your belongings out on the curb and then this guy comes along and posts a curb alert to craigslist.

  5. Artisanal troll? BURN HIM!

    1. He turned me into Newt Gingrish!

      it got better...

  6. Because in the end, Auernheimer's case is about free speech. He faces ten years in prison for using information accidentally made publicly available by AT&T to embarrass it.

    The customers were also harmed in this case.

    AT&T is at fault of course, but he made it worse. It's as if AT&T had boxes of records in a room that they thought was locked to the public. Someone discovered that there was a way of opening the door and taking one record at a time. He then used a tool to repeatedly open the door and take thousands of those records and publicize them. That isn't really engaging in "free speech" in my opinion, though ten years is too harsh.

    1. Even if I agree with you, is it a criminal act or merely a civil one?

      Maybe he owes AT&T customers restitution for damages. But Im not sure Im seeing the criminal act.

    2. I think it is more like they accidentally posted records up on the the outside of their building, free for anyone to see, and this guy took pictures of all them and OCR'd it. Then AT&T noticed and said "hey, all that stuff that you could all see last week? please unremember that, or else".

  7. weev has really let himself go, man. Based on the pic alone, it looks like he's entered the "afflicted with paranoid schizophrenia" stage of his life.

    1. Looks like a much younger and full head of hair version of the old homeless guy I saw hanging out behind Krispy Kreme the other week, singing, 'bird of prey. Flying HIGH.', over and over to himself. I yelled, 'Hey, Jim Morrison!'

      He stiffened up.

      'Yeah, it's you, motherfucker.'

  8. AT&T violated their contract with their customers by failing to secure their data.

    As far as I know, the Artisanal Troll had no contract with AT&T's customers. All he did was distribute information that AT&T made publicly available. I'm not clear on how distributing information that someone else has made publicly available should be a crime.

    Were AT&T's customers harmed? Sure, let's say they were. If so, then the party that should be held responsible is the party that had a duty to them to protect their information. And I don't see how the Artisanal Troll had such a duty.

    1. "Made publicly available" is a bit of a stretch.

      Auernheimer's case goes back to 2010 when he and fellow self-described security researcher Daniel Spitler, 26, discovered that AT&T's website would reveal the email address of iPad owners who used the wireless provider's 3G network. And it would do this without requiring any passwords or code-breaking. Instead, all AT&T's system needed was something called an ICC-ID, which is a unique ID number assigned to each iPad. Input the ICC-ID into AT&T's website, and it would spit out a registered iPad user's email address.

      So Auernheimer and Spitler decided to investigate how deep the hole went by writing a program called "iPad 3G Account Slurper," which would automatically input ICC-IDs, and collect the revealed email addresses. The result: More than 120,000 email addresses revealed....

      1. That puts in more of a gray area.

        1. Indeed. 10 years is far too much, but this guy is not a good poster child for "free speech."

        2. I dont think so.

          They had a public website in which you were allowed to type info. In return, the website sent back info.

          Its no different than any other web form.

          No different than any other webscraping type software. Some of them are legitimate (back in the mid-90s, I wrote one that pulled baseball stats off of usatoday's website for my fantasy league), some are kind of skeezy (like this one). But, illegal? Dont make it public, if you dont want it used.

          1. I understand "webscraping" to mean taking data from a web page, not entering one number in order to get another number from a database. Many public databases on the web do not allow massive numbers of automated queries.

      2. I'm still having trouble seeing his liability since you've just moved accessible raw email addresses to a publicly accessible tool that will return such emails.

        It is equivalent to what I mentioned above about the German case and to urls. If you are able to use a publicly accessible system to generate dynamic urls (i.e. supply some argument in the url, just by guessing) that link to unsecured info even if the intention is not so, then that should not be the liability of the person using the url or the system.

        I think the key point is that: "And it would do this without requiring any passwords or code-breaking."

      3. The lesson is not to use an IpAd.

  9. Why don't they throw Artisanal Mayonnaise in jail while they're at it?

    1. sloopy would argue for execution, instanter.

  10. Hah! I have now seized this username. Make me an offer, and I will release it to your control.


    1. That's me, BTW.

      1. I think you've violated the squirrels' terms of service. Oh wait, that's right, they don't have any.

        1. The squirrels don't need ToS, they are the modern version of the Greek Fates.

        1. It was actually me. That RC, always riding on me coattails...

          1. See, this is why we need a commenter Star Chamber. Run by me.

          2. I'm Spartacus.

      2. No!!! I am Spartacus.

  11. It seems they put him in jail for being a horrible person, not for anything he did. And the hacking laws were flexible and vague enough to use as a club.

    1. If you make enough laws you can do that to anyone.

  12. In his case, he has forced us to put up or shut up when it comes to freedom of speech on the internet.

    Not sure what this means. The Obama administration and its useful idiots, having shown its hostility to the first amendment, seem to be perfectly willing to "put up" opposition because of exactly this type of behavior. "The future does not belong..." blah blah blah.

  13. But aren't we all artisanal commentators, in a way?

    1. No, I am fully industrialized, processed and prepackaged.

      1. And probably 10 to 15 percent of us here are just spam bots anyway, part of the Koch Brothers' cosmotarian empire, or vestigial remnants of the Paulbots 2007 Internet putsch.

        1. ~115 percent of us are spam bots.

          1. Give or take 100 percent.

        2. Some of us are paid shills...

    2. I'm more macrobiotic myself.

  14. But if being a dick on the internet was a crime we'd all be headed for the electric chair.

    Am I the only one left on earth who gives a damn about the subjunctive mood?

    1. No. But then, you and I are internet dicks.

    2. No, I'm with you. Or I would be, if this weren't a dead thread.

  15. It's hard to have sympathy for people like Auernheimer. Not because of the assholish things he says, but the legally incriminating things he says.

    If he gets on the internet and and willfully spreads a story that he hacked into AT&T (or some such company) and stole data, then a jury's going to, you know, think he hacked into AT&T and stole data.

    Auernheimer is the kind of person that simply cannot restrain himself. AFter reading the article it seems more and more clear that he's not being prosecuted for being an asshole, he's being prosecuted for clear incriminating things and evidence he poised against himself.

    I'm not really surprised that a jury would convict when his defense later becomes, "I didn't really commit the crime, my public confession was just me being an asshole." Makes it hard to tell where the asshole ends and the criminal begins.

    1. Especially when the jury is comprised of a bunch of knuckledraggers.

  16. "I contend there is no crime in telling the truth or using AT&T's, or anybody's, publicly accessible data, to cite it to talk about how they made people's data public," he told CNET.

    I actually agree here.

    I am not positive which horrible fucking piece of legislation it was (I assumet the DMCA), but as regards the laws covering 'digital security'... they have some pretty retarded rider-clauses in there.

    For instance: Bootlegging a DVD would be a crime.

    Telling people *how* to bootleg a DVD is now also a crime.

    And it goes further: discussing technologies that may have applications totally unrelated to bootlegging DVDs may *also* be a crime if they *could* be used in such a manner.

    Say company A has a major security flaw. User B stumbles across it and notifies the company. If user B also decides to inform the general public about how company A has terrible fucking security, user B can get into deep shit as well.

    I believe User B can also get in trouble not even naming the specific company, but by just pointing out, "This type 'security' technology is totally insecure"

    basically, under current DMCA (or other) legislation, you can go to jail for pointing out the Emperor Has No Clothes. I am guessing the TSA would love to have something like this for themselves.

  17. I am guessing the TSA would love to have something like this for themselves.

    It's called the "no-fly list" isn't it? Mess with the bull? you get the horns!

  18. Can you believe the audacity of Auernheimer??!

    All this technical know-how and Internet savvy and the young man never used his talents to embarrass the US Military by uploading sensitive classified information! What an asshole, huh?

Please to post comments

Comments are closed.