2013.3.3

Being crass should not be a crime, but that’s essentially what Andrew Auernheimer was convicted of. This was the case where AT&T accidentally published the emails and device ideas of the first iPad customers. Andrew downloaded them and published proof of the problem to Gawker. His “coconspirator” pled guilty, testified against Andrew, and provided private emails to prosecutors that “proved” Andrew’s bad intentions. These emails disclose things like Andrew talking about stealing the information and wanting to profit from the event. That made his simple actions look very nefarious.

But that’s how we in the cybersec community always talk. When we find cybersec problems, we dream of the worst ways we can be horrible people and exploit them. If you listened to any of our private conversations, you’d be convinced that we were all secretly one step away from triggering World War III.

I’m pretty sure had I been in Andrew’s place, the prosecutors would’ve found much worse to hang me by. Indeed, you’ll find much in my public Twitter feed and blog posts to convict me of. When the Mars Curiosity Rover landed last August, and the first pictures arrived from the planet, I was about to tweet the URL to view those pictures. But the site was already failing under the load of all the nerds worldwide getting those pictures. Therefore, I changed my tweet to comment on the fact that this was essentially a DDoS attack – the sort of attack that activists do against large corporations they don’t like. I therefore made the humorous tweet “Join our DDoS against NASA and click” on their website.

Of course, I’m not against NASA, nor do I think anybody else is. I can’t imagine why anybody would want to DDoS them. It should be obvious that my tweet is humor. But, prosecutors taking this out of context might use it to try to convict me, to prove to jurors of my evil intent.

Robert Graham, “Context matters: we only appear to be blackhats”