In our ongoing efforts to rein in the Computer Fraud and Abuse Act (CFAA), we submitted a support letter on behalf of Jeremy Hammond on Wednesday, asking for leniency from the New York federal judge who is about to sentence him for hacking into private intelligence contractor Stratfor.
Hammond pleaded guilty to CFAA charges, admitting that he obtained credit card numbers and internal emails that documented Stratfor's surveillance on political protesters at the behest of both private companies and the government. He leaked the emails to the media and major news outlets like Rolling Stone, Wikileaks and McClatchy published material from the leaks. It was clear that Hammond's motivation was the public interest rather than personal financial gain.
Under his plea agreement, Hammond faces a maximum sentence of 10 years in prison, a sentence the government is likely to ask for. Our letter asks the sentencing judge to reject a lengthy prison sentence for Hammond and ultimately keep in mind that his actions were politically motivated. We've written at length how the CFAA and the federal sentencing guidelines work together to create excessive and draconian sentences in computer crime cases, effectively creating an unfair sentencing tax on defendants who use computers and are convicted under the CFAA. Hammond is receiving the full tax here, seeing enhancements tacked onto his sentence because he used "computer skills" and because he obtained personal information in a CFAA case. These enhancements increased the recommended sentencing range by more than three years.
Federal judges are instructed to avoid unwarranted sentencing disparities between defendants convicted of similar conduct, but in Hammond's case the CFAA and the guidelines result in an enormous sentencing disparity. First, the maximum 10 year sentence likely to be sought by prosecutors here is closer to the sentences handed down to defendants in New York federal court convicted of financially motivated fraud crimes. For example, a defendant involved in a $100 million Medicare fraud scheme received a 125 month sentence. Hammond shouldn't be looking at a similar sentence, notwithstanding his prior convictions, for politically motivated behavior that involves a far smaller amount of loss.
Second, a 10-year sentence would be far greater than the punishment Hammond's co-defendants received in the UK for the Stratfor hack. They received sentences ranging from 200 hours of community sentence to 32 months in prison. Hammond's potential sentence dwarfs these sentences and reveals just how excessive the American brand of criminal justice truly is. In fact, the CFAA's excessive sentencing scheme has undermined the effectiveness of the CFAA, as at least one defendant arrested abroad and indicted for violating the CFAA in the US has not yet been extradited out of concern about the CFAA's harsh penalties.
Hopefully, the sentencing judge will not impose the computer tax on Hammond and take into account Hammond did not profit financially as a result of his actions, but rather, exposed uncomfortable truths.
Hammond will be sentenced on Nov. 15, 2013 in Manhattan.