In January 2011, I was assigned to cover a hearing in Newark, where Daniel Spitler, then 26, stood accused of breaching AT&Tâs servers and stealing 114,000 e-mail addresses.
As I sat in the courtroom watching Mr. Spitler, who stood nervously next to armed United States marshals while listening to the judge and prosecutors, I couldnât help thinking that I could have been the one in front of that judge, labeled a hacker by the Justice Department.
Am I a hacker No. Not even close. Yet years ago, when I first started learning how to write software code, I dabbled in things that could have been labeled as such by our outdated justice system: downloading free online scripts that could trace popleâs whereabouts or scraping Web sites in search of music that didnât belong to me.
A hacker can be a vandal who renders a Web site inoperable or a thief who profits from stolen passwords and credit card numbers. Mr. Spitler was neither kind. But he was being paraded in front of the world, charged with fraud and conspiracy, and likened, by Paul J. Fishman, the United States attorney for New Jersey, to hackers from LulzSec and Anonymous. Mr. Spitler told prosecutors that he tried to notify AT&T about the security hole on its site, but after the company did not respond, the e-mail addresses were given to Gawker and other media outlets. He said he did not sell them, or post them online.
âForty years ago, a hacker was someone who took great joy in knowing everything about computers,â said Susan P. Crawford, a pr! ofessor at the Benjamin N. Cardozo School of Law at Yeshiva University. âThe word was really used in admiration. Now it is used to describe and condemn both professional cyberattackers and amateurs who are swept together within the broad description of the word.â
The same label of hacker was also applied by the Justice Department to Aaron Swartz. Mr. Swartz, a 26-year-old entrepreneur and activist, was set to be charged with wire fraud and computer fraud after he downloaded 4.8 million articles and documents from Jstor, a subscription-only service for distributing scientific and literary journals, because he felt that information should be available to everyone at no cost.
Mr. Swartz could have faced up to 35 years in prison and $1 million in fines, but before the case went to trial, he hanged himself i his Brooklyn apartment. His family issued a statement, saying that his death âis the product of a criminal justice system rife with intimidation and prosecutorial overreach.â The United States attorney who was overseeing the case, Carmen Ortiz, said her officeâs âconduct was appropriate in bringing and handling this case.â
Both cases are perfect examples of the justice systemâs misunderstanding what a hacker actually is. To many people who understand computers and the law, there is a danger in lumping people who have not sought financial gain with armed robbers. Where people should receive slaps on the wrist, they face decades in jail.
âThereâs still uncertainty as to what should be criminal online, and the statutes are pretty vague,â said Orin S. Kerr, a professor of law at George Washington University. âItâs hard because youâve got conduct that looks bad, and maybe leads to some harm, coupled with vague laws that havenât properly been clarified by Congress.â
The lack of clarity is something that became all too apparent in Mr. Spitlerâs case. When asked by prosecutors why he had hacked the servers, he said he didnât think he was doing anything illegal. When asked why, he replied, ââcause I didnât hack anything.â
E-mail: bilton@nytimes.com