As I discussed in my last post, society is struggling with the erosion of privacy in their lives caused by the advancement of the Internet. We are seeing people like Aaron Shwartz and even kids like Ahmed Al-Khabaz getting caught up in legal issues and being convicted of serious crimes because the legal system is trying to hold true to our ideals about privacy.
We are a society that respects fences and boundaries and we expect reasonable discourse in our everyday living. The problem right now is that there is little consensus on where these boundaries exist in the digital world. We seem to be applying our opinions from private property laws to the digital space.
Auernheimer is a hacker who obtained 114,000 email addresses of 3G enabled iPad users from a script that was openly available on an AT&T server. This script, given the ICC ID of an iPad’s sim card, would return the email address associated with it. Auernheimer collected many of these emails and took a sample of the output to a journalist at Gawker.
He was convicted of two consecutive five-year felonies. Regardless of his intentions, affiliations with hacker groups, and his distribution of the vulnerability, do we really think this is a just sentence? Compare this to going into an unlocked car and taking the property inside. What about the act of checking if it was locked in the first place? We don’t approve of people sticking their nose where it doesn’t belong, and Auernheimer’s sentence clearly reflects this.
The way large companies are considered corrupt and above the law in the real world is the same in the digital world. How can we compare this petty theft to the larger scale, well funded, and clearly profit driven data theft, mining, and tracking being done by large companies such as Google, Facebook, and Apple? It is clearly legal for large corporation to track and gather any information you make available on the internet and leverage this data for their own interests, but it is illegal when the individual is gathering publicly available information from the large corporations.
People seem to think that accessing data that you’re not supposed to is only wrong if you do something wrong with it. Both Wikileaks and credit card thieves perform the same act of accessing unauthorized information and then releasing the information. It seems that the lack of monetary exchange leads us to sympathize with one and penalize the other. This is not how the system works however. Some sort of punishment is required if these digital boundaries are breached, regardless of how easy it was to achieve.