suggested changes to public appeal letter

1. We, the undersigned, are computer security researchers and professionals.
2. In our day-to-day work, we protect American citizens and businesses from
3. criminals who seek to profit by illegally accessing private computers
4. and private data. From time to time, we also encounter mistakes in
5. programs or websites we use which could lead to the inappropriate
6. disclosure of private business or consumer information. When this
7. happens, professional ethics dictate that we assist the innocent
8. victims of such security errors.
9.  
10. Andrew Auernheimer is a security researcher and a respected member of
11. our community because of the core principles he stands upon.
12. When Mr. Auernheimer discovered a URL on an AT&T website that disclosed
13. the private email addresses of over 114,000 AT&T customers, he brought this matter to
14. the attention of the victims of AT&T's poor security practices -- its
15. customers -- via the media. The URL was publicly accessible and required no "hacking"
16. of any sort; it had been published, by AT&T, on the open Internet,
17. where anyone could use it. Indeed, we will likely never know who else
18. had already accessed the information, prior to Mr. Auernheimer.
19.  
20. Mr Aurenheimer's actions are that of a conscientious whistle blower and
21. not that of a criminal.
22.  
23. The fact that AT&T had such a lapse in protecting the privacy of their customers
24. that it has forced them to attempt to shift focus away from themselves, and some how
25. they have made the prosecution an unwitting partner. It is easy to deduce why AT&T would
26. want this: Namely, if AT&T does not find a scape-goat to blame it would be
27. they who could and would be severely punished for negligence, not only in
28. criminal court but potentially in class-action type civil litigation because of
29. the high number of victims.
30.  
31. Mr. Auernheimer has a long history of sending messages that their
32. recipients do not like, typically due to the form they take. We
33. respectfully submit that this is a red herring. Whether Mr.
34. Auernheimer's style is distasteful or not has no bearing on the
35. magnitude of the privacy breach he discovered, nor on the moral correctness of
36. his actions.
37.  
38. We steadfastly believe that the charges against Mr. Auernheimer are
39. not only unwarranted, but serve to chill the entire field of research
40. into security vulnerabilities. The simple act of incrementally
41. traversing open directories not only does not constitute
42. "hacking", it is a commonly used method to determine the scope of public
43. accessibility to information that should be properly secured.
44.  
45. If we are legally barred from using non-destructive, non-invasive
46. techniques to triage vulnerabilities, it will hamstring the security community's
47. efforts to keep the Internet safe for the public.
48.  
49. We urgently request that these charges against Mr. Auernheimer be
50. dropped in the interest of national security. A conviction in his
51. case will not only have a chilling effect on researchers like us who work
52. to secure critical infrastructure, it will inevitably lead to other
53. systems being compromised due to the inability of security
54. professionals, like ourselves, to even identify such vulnerabilities
55. without running afoul of the law. Criminals operate in secret -- they
56. don't hand their findings over to the press. Mr. Auernheimer has
57. acted in the interest of the public, not as a criminal.
58.  
59. Respectfully yours,
60. <signatures>