This Hacker Is Getting Out of Jail — But Not For the Reason His Supporters Hoped

Prosecutors claim “Weev” stole thousands of email addresses from iPad users

Andrew Auernheimer
National Journal
Brendan Sasso
April 11, 2014, 1:54 p.m.

A fed­er­al ap­peals court struck a blow on Fri­day against the Justice De­part­ment’s cam­paign to crack down on com­puter hack­ing.

The Third Cir­cuit Court of Ap­peals over­turned the con­vic­tion of An­drew Auernheimer, bet­ter known by his on­line ali­as “Weev,” who was charged with steal­ing thou­sands of email ad­dresses from AT&T’s serv­ers.

His case be­came a ral­ly­ing cry for In­ter­net act­iv­ists, who ar­gue it is an ex­ample of pro­sec­utori­al over­reach and shows why Con­gress needs to re­form a vague anti-hack­ing law. Auernheimer’s sup­port­ers claim that all he did was point out a se­cur­ity vul­ner­ab­il­ity and that he didn’t break any laws.

The court threw out the case on jur­is­dic­tion­al grounds — say­ing pro­sec­utors brought charges in the wrong state. The fight over what’s ac­tu­ally il­leg­al un­der the Com­puter Fraud and Ab­use Act will have to wait for an­oth­er day.

The ba­sic facts of Auernheimer’s case aren’t in dis­pute. In 2010, Daniel Spitler, Auernheimer’s co-de­fend­ant, no­ticed a flaw in AT&T’s ac­count re­gis­tra­tion sys­tem for iPads. A per­son could enter any iPad ID num­ber, and the AT&T sys­tem would auto­mat­ic­ally re­veal the cor­res­pond­ing email ad­dress of the iPad’s own­er.

Spitler wrote a script to auto­mat­ic­ally guess ID num­bers, and he was able to col­lect about 114,000 email ad­dresses, ac­cord­ing to court doc­u­ments. Auernheimer then emailed the in­form­a­tion to a Gawker re­port­er, who pub­lished an art­icle that de­tailed the flaw and in­cluded re­dac­ted email ad­dresses of a vari­ety of celebrit­ies and gov­ern­ment of­fi­cials.

The Justice De­part­ment brought charges against both men un­der the Com­puter Fraud and Ab­use Act, which makes it a felony to ac­cess a com­puter “without au­thor­iz­a­tion.” Spitler pled guilty and re­ceived three years of pro­ba­tion. A fed­er­al jury in New Jer­sey con­victed Auernheimer in 2012, and he was sen­tenced to 41 months in pris­on.

Pro­sec­utors ar­gued that Auernheimer knew what he was do­ing was il­leg­al and that he was only try­ing to pro­mote his own “se­cur­ity re­search” busi­ness.

But Auernheimer’s case at­trac­ted at­ten­tion from di­git­al free­dom act­iv­ists at groups such as the Elec­tron­ic Fron­ti­er Found­a­tion. His sup­port­ers ar­gue that guess­ing ID num­bers on a pub­lic site shouldn’t qual­i­fy as “hack­ing” and that his pro­sec­u­tion could dis­cour­age se­cur­ity re­search­ers from com­ing for­ward when they dis­cov­er vul­ner­ab­il­it­ies.

The Third Cir­cuit Court of Ap­peals threw out the con­vic­tion on Fri­day, say­ing pro­sec­utors should have filed the case in Arkan­sas, where Auernheimer lived, in­stead of New Jer­sey. Just be­cause some of the email ad­dress own­ers lived in New Jer­sey wasn’t enough to make it an ap­pro­pri­ate ven­ue, the court ruled.

“Al­though this ap­peal raises a num­ber of com­plex and nov­el is­sues that are of great pub­lic im­port­ance in our in­creas­ingly in­ter­con­nec­ted age, we find it ne­ces­sary to reach only one that has been fun­da­ment­al since our coun­try’s found­ing: ven­ue,” the court wrote.

Orin Kerr, a law pro­fess­or at George Wash­ing­ton Uni­versity who is rep­res­ent­ing Auernheimer, ar­gued that the is­sue of the right ven­ue for a case is not a tech­nic­al­ity.

“It’s an im­port­ant prin­ciple of lim­it­ing gov­ern­ment power,” he said. “Be­cause if the gov­ern­ment has uni­ver­sal ven­ue, then any of­fice can charge any de­fend­ant any­where in the coun­try.”

Al­though the judges did not base their rul­ing on the scope of the Com­puter Fraud and Ab­use Act, they hin­ted in a foot­note that they are skep­tic­al of the Justice De­part­ment’s claim that Auernheimer com­mit­ted any crime.

To have vi­ol­ated the law, Auernheimer would have to had cir­cum­vent a “code- or pass­word-based bar­ri­er to ac­cess,” the judges wrote.

“Al­though we need not re­solve wheth­er Auernheimer’s con­duct in­volved such a breach, no evid­ence was ad­vanced at tri­al that the ac­count slurp­er ever breached any pass­word gate or oth­er code-based bar­ri­er,” they wrote in the foot­note. “The ac­count slurp­er simply ac­cessed the pub­licly fa­cing por­tion of the lo­gin screen and scraped in­form­a­tion that AT&T un­in­ten­tion­ally pub­lished.”

It’s un­clear wheth­er the gov­ern­ment will re-file charges against Auernheimer in a dif­fer­ent court. Matt Re­illy, a spokes­man for the U.S. At­tor­ney’s Of­fice in New Jer­sey, said the gov­ern­ment is re­view­ing its op­tions in the case.

Kerr ar­gued that fa­cing an­oth­er tri­al would vi­ol­ate Auernheimer’s con­sti­tu­tion­al right to be pro­tec­ted from “double jeop­ardy.”

Kerr claimed that even if pro­sec­utors do bring the case again, the ap­peals court already “tipped its hand” that Auernheimer didn’t com­mit a crime. Lower courts gen­er­ally de­fer to the leg­al opin­ions of high­er ones.

Some law­makers want to nar­row the lan­guage of the Com­puter Fraud and Ab­use Act to pro­tect against pro­sec­utori­al over­reach. Rep. Zoe Lof­gren, a Cali­for­nia Demo­crat, in­tro­duced a re­form bill last year after Aaron Swartz, an In­ter­net act­iv­ist, com­mit­ted sui­cide while fa­cing hack­ing charges. But the le­gis­la­tion has gone nowhere in the House Ju­di­ciary Com­mit­tee.

Auernheimer might not be the best face for a polit­ic­al move­ment. He was fam­ous for mak­ing of­fens­ive com­ments on on­line for­ums and be­fore his sen­ten­cing, he wrote on dis­cus­sion site Red­dit that his only re­gret was no­ti­fy­ing AT&T of the is­sue. “I won’t nearly be as nice next time,” he warned.

What We're Following See More »
BACKING OUT ON BERNIE
Trump Won’t Debate Sanders After All
21 hours ago
THE LATEST

Trump, in a statement: “Based on the fact that the Democratic nominating process is totally rigged and Crooked Hillary Clinton and Deborah Wasserman Schultz will not allow Bernie Sanders to win, and now that I am the presumptive Republican nominee, it seems inappropriate that I would debate the second place finisher. ... I will wait to debate the first place finisher in the Democratic Party, probably Crooked Hillary Clinton, or whoever it may be.”

AKNOWLEDGING THE INEVITABLE
UAW: Time to Unite Behind Hillary
2 days ago
THE DETAILS

"It's about time for unity," said UAW President Dennis Williams. "We're endorsing Hillary Clinton. She's gotten 3 million more votes than Bernie, a million more votes than Donald Trump. She's our nominee." He called Sanders "a great friend of the UAW" while saying Trump "does not support the economic security of UAW families." Some 28 percent of UAW members indicated their support for Trump in an internal survey.

Source:
AP KEEPING COUNT
Trump Clinches Enough Delegates for the Nomination
2 days ago
THE LATEST

"Donald Trump on Thursday reached the number of delegates needed to clinch the Republican nomination for president, completing an unlikely rise that has upended the political landscape and sets the stage for a bitter fall campaign. Trump was put over the top in the Associated Press delegate count by a small number of the party's unbound delegates who told the AP they would support him at the convention."

Source:
TRUMP FLOATED IDEA ON JIMMY KIMMEL’S SHOW
Trump/Sanders Debate Before California Primary?
2 days ago
THE LATEST
CAMPAIGNS INJECTED NEW AD MONEY
California: It’s Not Over Yet
2 days ago
THE LATEST

"Clinton and Bernie Sanders "are now devoting additional money to television advertising. A day after Sanders announced a new ad buy of less than $2 million in the state, Clinton announced her own television campaign. Ads featuring actor Morgan Freeman as well as labor leader and civil rights activist Dolores Huerta will air beginning on Fridayin Fresno, Sacramento, and Los Angeles media markets. Some ads will also target Latino voters and Asian American voters. The total value of the buy is about six figures according to the Clinton campaign." Meanwhile, a new poll shows Sanders within the margin of error, trailing Clinton 44%-46%.

Source:
×