First, though, we need to refresh some memories. Auernheimer and a co-conspirator—both from Goatse Security—found a serious security flaw in AT&T's iPad subscriber database. But instead of being patted on the back, they exploited the flaw—and wound up being arrested, each charged with one count of fraud and one count of conspiracy to access a computer without authorization.
For Auernheimer, the charges have stuck: he now faces two five-year felonies for his efforts, Verge reports. But there's a little more to the story than you might expect. What's weird about this particular case is that Auernheimer didn't really hack anything. He didn't steal passwords, or infiltrate a database—and AT&T admitted as much during the hearing.
That of course makes him sound almost virtuous. In truth he wrote a script that harvested email addresses from AT&T's website. Still, it's not clear how that counts as hacking.
In fact, as Verge points out, the case rests on the 1986 Computer Fraud and Abuse Act, which makes it illegal to "access a computer without authorization or exceed authorized access" on any "protected computer". But that doesn't really make much sense these days, as Auernheimer himself has highlighted. From Tech News Daily:
"[T]he ‘protected computer' is any network computer. You access a protected computer every day... have you ever received permission from Google to go to Google?"