Justice?

In 2010, querying a public AT&T database yielded over 114,000 email address for iPad owners who were subscribed to the carrier. One of the people who found these emails, Andrew 'weev' Auernheimer, sent them to a news site to publicize AT&T's security flaw. He later ended up in court for his actions. Auernheimer was found guilty, and today he was sentenced to 41 months in prison. 'Following his release from prison, Auernheimer will be subject to three years of supervised release. Auernheimer and co-defendant Daniel Spitler were also ordered to pay $73,000 in restitution to AT&T. (Spitler pled guilty in 2011.) The pre-sentencing report prepared by prosecutors recommended four years in federal prison for Auernheimer.' A journalist watching the sentencing said, 'I felt like I was watching a witch trial as prosecutors admitted they didn't understand computers.'

 He didn't "break in". He sent requests to a publicly-accessible web server, and AT&T sent back private information. This wasn't hacking, or even a DOS attack. AT&T is at fault here.

  It's a flaw that AT&T never would have addressed without public pressure. Further, Mr. Auernheimer did not release private info to the public -- the news agency to which he released the then already-public information is responsible for further publicizing it.
Bottom line: it is ludicrous-speed absurd to prosecute somebody for publicizing already public information. If a newspaper accidentally prints the names and addresses of its entire subscriber base in the classifieds, and I call them to report it, can I then be held accountable for "releasing" the information?

But he didn't trespass -- he didn't break any laws or even conventions regarding the distinction between public/private property in requesting and being provided this information. If the pile of gold in your unfenced yard was on a conveyor that could be activated from the street, I think you would be hard-pressed to convince anyone that you intended the gold to remain in your yard. Likewise, spewing out customer details in response to a simple sql query to a public-facing DB server, which requires absolutely no circumvention of existing security measures, is difficult to paint as an earnest attempt to make a public/private delineation, and thereby prevent even accidental leakage.

As has already been pointed out, the key charge here is "access[ing] a computer without authorization." Since the publicly-facing DB server was not in any sort of secured or even posted enclave, it can only be presumed that the court finds the mere act of interfacing with this system a crime for no reason other than that AT&T has established the server as "private" after-the-fact. That opens up a terrifying door in that any service provider could suddenly declare you persona non grata retroactively, and bring similar criminal charges against you. While that's certainly a leap, it's not a big one...

  He was convicted of identity fraud and "conspiracy to access a computer without authorization". Think about that: requesting unprotected publicly-accessible webpages is "access[ing]" a computer without authorization". By that standard, anyone who uses the internet could be convicted of a crime.

...sending GET requests to an unprotected, publicly-accessible web server constitute unauthorized access...

Am I reading this right? Someone was convicted of a criminal offence because he did something that search engines like Google do millions of times every day?

Two high school kids just got 1 year each for raping a drunk 16 year old at a party (where people actually filmed and took pictures of it happening).. http://www.sheboyganpress.com/viewart/20130318/SHE0101/130317029/Two-Ohio-high-school-football-players-convicted-raping-girl-16 [sheboyganpress.com]
and this guy gets more than 3 times that for mentioning that a web site will give out people's private email address after AT&T did nothing about it?

 The US government, (our public servants),with assistance from major telecommunications carriers including AT&T, has engaged in a massive program of illegal dragnet surveillance of domestic communications and communications records of millions of ordinary Americans since at least 2001. And they got away with it.
Anyone see anything wrong here!?

So what exactly can the government do?