I was inundated with intriguing tips in my four years writing gossipy posts for Gawker.com: Which drugs certain company founders were taking, who various adulterous executives were sleeping with, and how, exactly, certain Silicon Valley corporations were screwing over their customers and employees.

Even still, an instant-message tip-off that came over the transom in summer 2010 stood out. A group calling itself "Goatse Security" claimed to have evidence of an amateurish oversight at AT&T – one that exposed personal information on tens of thousands of people who owned Apple iPads, for which AT&T was then the sole U.S. cellular provider.

Further reporting revealed a breach whose significance went beyond the numbers. Among the 114,067 sets of account information that ended up in my possession were those belonging to high-ranking military officers, senators, Congressmen, employees of sensitive federal agencies, and at least one top White House adviser, I reported in a Gawker post dated June 10, 2010. All had the 3G version of the iPad, and for each, AT&T had leaked to the web an e-mail address and an ICC-ID, used to uniquely identify the person’s 3G SIM card. The leak traced back to an openly available public web address called routinely from subscribers' iPads.

The feds are doing their best to punish and deter security whistleblowers, and thus to help large corporations cover up their endless bungling of customer privacy.Today my primary takeaway from the case is the same as when I began working on the story nearly three years ago: AT&T was almost criminally sloppy with customer data, and its partner Apple was negligent in monitoring how AT&T was securing interactions with iPad subscribers.

But federal officials, who began investigating the breach within a day of my report, chose to focus not on AT&T but instead on the people that brought to light the company's careless exposure of private customer data. Goatse member Andrew “Weev” Auernheimer was sentenced to 3.5 years in prison by a U.S. district judge in New Jersey on Monday for one count of identity fraud and one count of conspiracy after being found guilty of those crimes this past November.

The scapegoating of Auernheimer is revolting for two reasons. One, it lets AT&T off the hook for exposing sensitive information to public view, shifting the blame onto those who reported the slip-up, and discouraging future disclosure. Two, the jailing of Auernheimer criminalizes the act of fetching openly available data over the web.

Auernheimer was convicted under the 1986 Computer Fraud and Abuse Act, a dubiously vague federal statute also used to hound internet activist Aaron Swartz, who, before his suicide at age 26, faced seven years in prison for using a laptop in an MIT wiring closet to access academic journal articles through the university’s open-access network. The Computer Fraud and Abuse act, as Tim Wu has ably argued on The New Yorker’s website, could hypothetically be used to prosecute virtually any computer user – and indeed the Justice Department has steadily broadened the scope of enforcement over the years while punishments for violating the law have grown more and more harsh.

Congresswoman Zoe Lofgren has introduced a bill, “Aaron’s Law,” to rein in the Computer Fraud and Abuse Act. Hopefully Auernheimer’s conviction will help underline the importance of such reform, notwithstanding Weev’s history of often unsavory trolling, or the fact that his group shared their PHP script with third parties before AT&T closed the security hole.

In the meantime, however, federal prosecutors are doing their best to punish and deter security whistleblowers, and thus to help large corporations cover up their endless bungling of customer privacy. That only increases the vulnerability of those of us who depend on those corporations. Goatse Security won’t be the last ad hoc band of hackers to stumble on a large-scale web vulnerability. But it could be the among the last to report its findings so openly, a development that’s only going to hurt the very citizens the Justice Department purports to serve.