What should we make of Jeremy Hammond’s steep prison sentence and the people who tried to fight it?
It’s 10am in New York City, about two hours before Jeremy Hammond will be sentenced to 10 years in federal prison for hacking into the websites of law enforcement agencies and a private security firm that was contracted by the U.S. government to spy on human rights activists. The line to get inside the courtroom is long. In fact, it’s exceptionally long, a court officer tells me—not because of Hammond but because of the number newly minted U.S. citizens waiting to swear their allegiance to the very laws Hammond has been convicted of defying.
Hammond is guilty. There’s no questioning that, back in 2011, he hacked into the server of the private security firm Strategic Forecasting, Inc. and downloaded millions of emails and credit card numbers. He published the emails through whistleblower organization WikiLeaks and, as the prosecution would later present at trial, encouraged members of the hacker group Anonymous to charge hundreds of thousands of dollars on the credit cards with the intent of destroying the company.
“An equally important part is destroying their servers and dumping their user/address list and private e-mails…I’m hoping bankruptcy, collapse,” he would chat to a cohort. To all these crimes, Hammond admitted his guilt, motivated in part by the fact that doing so would limit his possible sentence to 10 years.
During the two-hour sentencing hearing, the defense argued that Hammond’s actions were civil disobedience, directed at a private security firm that spied on activists at the government’s behest. His attorney called him an “extraordinary young man.” And this is in many ways true. Hammond has done more for his Chicago community than most could claim: He collected food from restaurants and cooked it for the city’s homeless. And during his last stint in prison, some eight years ago, for essentially the same crime for which he is now on trial, Hammond helped prisoners get their GEDs.
“The government’s view of the malicious nature of Jeremy’s actions is not real,” his attorney argued.
That view, the government responded, was informed by the fact that Hammond also hacked law enforcement systems, targeting retired police officers, and crippled an Amber alert system in Arizona. In what sense was this civil disobedience? they wondered. The prosecution pointed out that when he thought his identity was safe, he chatted that his aim was “financial mayhem,” a clear sign that his intent in hacking Stratfor was not political activism but malicious destruction. And in this way the crux of the sentencing hearing emerged. It became a question of intent: Why did Hammond do it?
Long after the judge handed down her 10-year sentence to the unrepentant Hammond—noting his “striking” propensity for recidivism and the evidence against his claims of good intentions—these questions linger in the U.S. District Court House. And they are sure to surface again as they have before in the sad case of Aaron Swartz, the Internet activist who took his own life after downloading a massive trove of journal articles and facing similar charges as Hammond in the very same court.
The New York City court house is an institution: It sits on the woeful-turned-powerful-turned-something-in-between southern tip of Manhattan. It is here that Wall Street and the courts both figuratively and literally collide. It is here, one could argue, that the heavy-handedComputer Fraud and Abuse Act (CFAA) used to prosecute Hammond and commuter hackers like Swartz before him, was first created.
The CFAA was passed in 1986 to control cybercrimes at a time when “cybercrime” meant hacking into financial institutions and doing the sort of white-collar damage that would later become synonymous with the latter half of the 2000s. For this reason, the penal discretion it affords judges is severe.
But consider a bit of context: The CFAA was signed into law five years before the World Wide Web existed, 15 years before the U.S. National Security Agency took any real interest in the Internet (which occurred after 9/11), 18 years before Facebook was founded, and 18 years before the hacker group Anonymous came to be (the group with which Hammond associated himself). To be tried under this almost three-decade-old act for hacking on the Internet today is to answer to a law written by a Congress that truly couldn’t have imagined modern cybercrimes. It is, in other words, to exist in a legal no-man’s land, right inside a U.S. Courthouse.
During Hammond’s sentencing, the defense raised this very point again and again. Technology, they argued, had simply moved faster than the law. And this couldn’t be more true. As Electronic Frontier Foundation attorney Hanni Fakhoury told me over the phone the day before the sentence: “In the Internet world punishment is far more draconian.” Hammond, Fakhoury said, clearly broke the law. “But do we equate that behavior with financial fraud? I think we shouldn’t.” Yet we do: In April, the very same U.S. District Court in New York City sentenced a man who fraudulently billed Medicare for over $100 million to 125 months in prison—only five more months than Hammond received.
This happens, of course, because the two crimes are understood by the court to be the same crime—a violation of the CFAA. And so all that remains is for the judge to decide the sentence, which, as in Hammond’s case, ends up coming down to a question of intent. The Medicare defrauder got 10 years because, quite simply, there is no dignified way to illegally extract $100 million dollars from a national health program. Hammond got his 10 years because, the judge deemed (perhaps not wrongly) that his wasn’t an act of civil disobedience. But should one ever receive 10 years for hacking into securities corporations?
“It shows you how harsh American sentencing is, how we treat computer crimes,” Fakhoury said. “We have a problem.” Simply put: we’ve so far been operating on the notion that hacking is hacking, no matter the consequences. The only difference is some people see hacking as a scourge; others see it as the future.