Ex-AOL Employee Arrested in Spam Caper

I’m sure by now you’ve seen the articles on the AOL employee who stole millions of screen names and sold them to spammers. Jason Smathers was not authorized to have access to the screen name list but used another employees access code to steal it.[1]
According to an article I saw posted over at Harry Waldron’s site, this is expected to be the first prosecution under the CAN SPAM act. The maximum penalties are 5 years $250k. I wonder if harsher penalties would be available if he was tried under theft of trade secrets or some unauthorized computer access law?
Hopefully many companies will take this as a sign that its time to review their layers of protection and review internal procedures to make sure stuff like this cannot happen. That is twice in recent months that AOL has been in the news because their employees have abused their position. Earlier a call center drone admitted to improperly using personal information belonging to celebrity customers to forge relationships with them under false pretenses.
Perhaps audit logs that track patterns of use would have caught the Mr Smathers as he stole an authorized users account.
[1]”Ex-AOL employee arrested in spam caper.” the Washington Times June 24th 2004 C8.