A 24-year-old former American Online software engineer pleaded guilty Friday to stealing 92 million screen names and e-mail addresses and selling them to spammers, setting off an avalanche of up to seven billion unsolicited e-mails.
The soft-spoken Jason Smathers of Harpers Ferry, W. Va., entered the plea to conspiracy charges in U.S. District Court in Manhattan, where he was likely to face from 18 months to two years in prison at a May 20 sentencing.
Smathers also faces mandatory restitution of between $200,000 and $400,000, the amount the government estimates AOL spent as a result of the e-mails.
In December, Judge Alvin Hellerstein had rejected a similar plea by Smathers, saying he was not convinced he had actually committed a crime. But the judge said prosecutors now had sufficiently explained why he had.
Smathers told the judge that he accepted $28,000 from someone who wanted to pitch an offshore gambling site to AOL customers, knowing that the list of screen names might make its way to others who would send e-mail solicitations.
"Do you wish to accept responsibility for what you did?" the judge asked Smathers.
"Yes sir, I do," he answered.
Federal prosecutor David Siegal said Smathers had engaged in the interstate transportation of stolen property and had violated a new federal "can-spam" law meant to diminish unsolicited e-mail messages about everything from Viagra to mortgages.
In December, the judge said he had dropped his own AOL membership because he received too much spam.
The company has since launched a major assault on spam, significantly reducing unsolicited e-mails. America Online Inc. is a wholly owned subsidiary of Time Warner Inc.
Smathers was fired by AOL last June. Authorities said he used another employee's access code to steal the list of AOL customers in 2003 from its headquarters in Dulles, Va.
Smathers allegedly sold the list to Sean Dunaway, of Las Vegas, who used it to send unwanted gambling advertisements to subscribers of AOL, the world's largest Internet provider. Charges are pending against Dunaway.
The stolen list of 92 million AOL addresses included multiple addresses used by each of AOL's estimated 30 million customers. It is believed to be still circulating among spammers.