This Hacker Is Getting Out of Jail — But Not For the Reason His Supporters Hoped

Prosecutors claim “Weev” stole thousands of email addresses from iPad users

Andrew Auernheimer
National Journal
Brendan Sasso
Add to Briefcase
See more stories about...
Brendan Sasso
April 11, 2014, 1:54 p.m.

A fed­er­al ap­peals court struck a blow on Fri­day against the Justice De­part­ment’s cam­paign to crack down on com­puter hack­ing.

The Third Cir­cuit Court of Ap­peals over­turned the con­vic­tion of An­drew Auernheimer, bet­ter known by his on­line ali­as “Weev,” who was charged with steal­ing thou­sands of email ad­dresses from AT&T’s serv­ers.

His case be­came a ral­ly­ing cry for In­ter­net act­iv­ists, who ar­gue it is an ex­ample of pro­sec­utori­al over­reach and shows why Con­gress needs to re­form a vague anti-hack­ing law. Auernheimer’s sup­port­ers claim that all he did was point out a se­cur­ity vul­ner­ab­il­ity and that he didn’t break any laws.

The court threw out the case on jur­is­dic­tion­al grounds — say­ing pro­sec­utors brought charges in the wrong state. The fight over what’s ac­tu­ally il­leg­al un­der the Com­puter Fraud and Ab­use Act will have to wait for an­oth­er day.

The ba­sic facts of Auernheimer’s case aren’t in dis­pute. In 2010, Daniel Spitler, Auernheimer’s co-de­fend­ant, no­ticed a flaw in AT&T’s ac­count re­gis­tra­tion sys­tem for iPads. A per­son could enter any iPad ID num­ber, and the AT&T sys­tem would auto­mat­ic­ally re­veal the cor­res­pond­ing email ad­dress of the iPad’s own­er.

Spitler wrote a script to auto­mat­ic­ally guess ID num­bers, and he was able to col­lect about 114,000 email ad­dresses, ac­cord­ing to court doc­u­ments. Auernheimer then emailed the in­form­a­tion to a Gawker re­port­er, who pub­lished an art­icle that de­tailed the flaw and in­cluded re­dac­ted email ad­dresses of a vari­ety of celebrit­ies and gov­ern­ment of­fi­cials.

The Justice De­part­ment brought charges against both men un­der the Com­puter Fraud and Ab­use Act, which makes it a felony to ac­cess a com­puter “without au­thor­iz­a­tion.” Spitler pled guilty and re­ceived three years of pro­ba­tion. A fed­er­al jury in New Jer­sey con­victed Auernheimer in 2012, and he was sen­tenced to 41 months in pris­on.

Pro­sec­utors ar­gued that Auernheimer knew what he was do­ing was il­leg­al and that he was only try­ing to pro­mote his own “se­cur­ity re­search” busi­ness.

But Auernheimer’s case at­trac­ted at­ten­tion from di­git­al free­dom act­iv­ists at groups such as the Elec­tron­ic Fron­ti­er Found­a­tion. His sup­port­ers ar­gue that guess­ing ID num­bers on a pub­lic site shouldn’t qual­i­fy as “hack­ing” and that his pro­sec­u­tion could dis­cour­age se­cur­ity re­search­ers from com­ing for­ward when they dis­cov­er vul­ner­ab­il­it­ies.

The Third Cir­cuit Court of Ap­peals threw out the con­vic­tion on Fri­day, say­ing pro­sec­utors should have filed the case in Arkan­sas, where Auernheimer lived, in­stead of New Jer­sey. Just be­cause some of the email ad­dress own­ers lived in New Jer­sey wasn’t enough to make it an ap­pro­pri­ate ven­ue, the court ruled.

“Al­though this ap­peal raises a num­ber of com­plex and nov­el is­sues that are of great pub­lic im­port­ance in our in­creas­ingly in­ter­con­nec­ted age, we find it ne­ces­sary to reach only one that has been fun­da­ment­al since our coun­try’s found­ing: ven­ue,” the court wrote.

Orin Kerr, a law pro­fess­or at George Wash­ing­ton Uni­versity who is rep­res­ent­ing Auernheimer, ar­gued that the is­sue of the right ven­ue for a case is not a tech­nic­al­ity.

“It’s an im­port­ant prin­ciple of lim­it­ing gov­ern­ment power,” he said. “Be­cause if the gov­ern­ment has uni­ver­sal ven­ue, then any of­fice can charge any de­fend­ant any­where in the coun­try.”

Al­though the judges did not base their rul­ing on the scope of the Com­puter Fraud and Ab­use Act, they hin­ted in a foot­note that they are skep­tic­al of the Justice De­part­ment’s claim that Auernheimer com­mit­ted any crime.

To have vi­ol­ated the law, Auernheimer would have to had cir­cum­vent a “code- or pass­word-based bar­ri­er to ac­cess,” the judges wrote.

“Al­though we need not re­solve wheth­er Auernheimer’s con­duct in­volved such a breach, no evid­ence was ad­vanced at tri­al that the ac­count slurp­er ever breached any pass­word gate or oth­er code-based bar­ri­er,” they wrote in the foot­note. “The ac­count slurp­er simply ac­cessed the pub­licly fa­cing por­tion of the lo­gin screen and scraped in­form­a­tion that AT&T un­in­ten­tion­ally pub­lished.”

It’s un­clear wheth­er the gov­ern­ment will re-file charges against Auernheimer in a dif­fer­ent court. Matt Re­illy, a spokes­man for the U.S. At­tor­ney’s Of­fice in New Jer­sey, said the gov­ern­ment is re­view­ing its op­tions in the case.

Kerr ar­gued that fa­cing an­oth­er tri­al would vi­ol­ate Auernheimer’s con­sti­tu­tion­al right to be pro­tec­ted from “double jeop­ardy.”

Kerr claimed that even if pro­sec­utors do bring the case again, the ap­peals court already “tipped its hand” that Auernheimer didn’t com­mit a crime. Lower courts gen­er­ally de­fer to the leg­al opin­ions of high­er ones.

Some law­makers want to nar­row the lan­guage of the Com­puter Fraud and Ab­use Act to pro­tect against pro­sec­utori­al over­reach. Rep. Zoe Lof­gren, a Cali­for­nia Demo­crat, in­tro­duced a re­form bill last year after Aaron Swartz, an In­ter­net act­iv­ist, com­mit­ted sui­cide while fa­cing hack­ing charges. But the le­gis­la­tion has gone nowhere in the House Ju­di­ciary Com­mit­tee.

Auernheimer might not be the best face for a polit­ic­al move­ment. He was fam­ous for mak­ing of­fens­ive com­ments on on­line for­ums and be­fore his sen­ten­cing, he wrote on dis­cus­sion site Red­dit that his only re­gret was no­ti­fy­ing AT&T of the is­sue. “I won’t nearly be as nice next time,” he warned.

What We're Following See More »
STAKES ARE HIGH
Debate Could Sway One-Third of Voters
5 hours ago
THE LATEST

"A new Wall Street Journal/NBC News poll found that 34% of registered voters think the three presidential debates would be extremely or quite important in helping them decide whom to support for president. About 11% of voters are considered 'debate persuadables'—that is, they think the debates are important and are either third-party voters or only loosely committed to either major-party candidate."

Source:
YOU DON’T BRING ME FLOWERS ANYMORE
Gennifer Flowers May Not Appear After All
5 hours ago
THE LATEST

Will he or won't he? That's the question surrounding Donald Trump and his on-again, off-again threats to bring onetime Bill Clinton paramour Gennifer Flowers to the debate as his guest. An assistant to flowers initially said she'd be there, but Trump campaign chief Kellyanne Conway "said on ABC’s 'This Week' that the Trump campaign had not invited Flowers to the debate, but she didn’t rule out the possibility of Flowers being in the audience."

Source:
HAS BEEN OFF OF NEWSCASTS FOR A WEEK
For First Debate, Holt Called on NBC Experts for Prep
5 hours ago
THE DETAILS

NBC's Lester Holt hasn't hosted the "Nightly News" since Tuesday, as he's prepped for moderating the first presidential debate tonight—and the first of his career. He's called on a host of NBC talent to help him, namely NBC News and MSNBC chairman Andy Lack; NBC News president Deborah Turness; the news division's senior vice president of editorial, Janelle Rodriguez; "Nightly News" producer Sam Singal, "Meet the Press" host Chuck Todd, senior political editor Mark Murray and political editor Carrie Dann. But during the debate itself, the only person in Holt's earpiece will be longtime debate producer Marty Slutsky.

Source:
WHITE HOUSE PROMISES VETO
House Votes to Bar Cash Payments to Iran
5 hours ago
THE DETAILS

"The House passed legislation late Thursday that would prohibit the federal government from making any cash payments to Iran, in protest of President Obama's recently discovered decision to pay Iran $1.7 billion in cash in January. And while the White House has said Obama would veto the bill, 16 Democrats joined with Republicans to pass the measure, 254-163."

Source:
NO SURPRISE
Trump Eschewing Briefing Materials in Debate Prep
5 hours ago
THE DETAILS

In contrast to Hillary Clinton's meticulous debate practice sessions, Donald Trump "is largely shun­ning tra­di­tion­al de­bate pre­par­a­tions, but has been watch­ing video of…Clin­ton’s best and worst de­bate mo­ments, look­ing for her vul­ner­ab­il­it­ies.” Trump “has paid only curs­ory at­ten­tion to brief­ing ma­ter­i­als. He has re­fused to use lecterns in mock de­bate ses­sions des­pite the ur­ging of his ad­visers. He prefers spit­balling ideas with his team rather than hon­ing them in­to crisp, two-minute an­swers.”

Source:
×