Appeals court overturns conviction of Andrew “weev” Auernheimer in iPad hacking case

Andrew “Weev” Auernheimer, in 2012. Photo: pinguino.

Notorious hacker and troll weev was released from prison this evening. A federal appeals court today overturned his conviction in a case of significance for all security researchers.

Weev exposed a security flaw in AT&T's website and obtained the personal data of more than 100,000 iPad users. He was charged with violating the Computer Fraud and Abuse Act (CFAA), and sentenced to three and a half years in prison. Today's ruling says prosecutors did not have the right to charge him in a state where none of the alleged crimes occurred.

Kim Zetter in Wired:

Andrew “Weev” Auernheimer was in Arkansas during the time of the hack, his alleged co-conspirator was in California, and the servers that they accessed were physically located in Dallas, Texas and Atlanta, Georgia. Prosecutors therefore had no justification for bringing the case against Auernheimer in New Jersey, a federal appeals panel ruled this morning. The appeal was closely watched in cyber law and civil liberties circles, and Auernheimer had a powerhouse legal team that handled his case pro-bono.
From Ars Technica:
The case against Auernheimer, who has often been in solitary confinement for obtaining and disclosing personal data of about 140,000 iPad owners from a publicly available AT&T website, was seen as a test case on how far the authorities could go under the Computer Fraud and Abuse Act (CFAA), the same law that federal prosecutors were invoking against Aaron Swartz. But in the end, the Third US Circuit Court of Appeals didn't squarely address the controversial fraud law and instead said Auernheimer was charged in the wrong federal court.

"Although this appeal raises a number of complex and novel issues that are of great public importance in our increasingly interconnected age, we find it necessary to reach only one that has been fundamental since our country’s founding: venue," the appeals court wrote. "The proper place of colonial trials was so important to the founding generation that it was listed as a grievance in the Declaration of Independence" (PDF).

From the EFF:

Auernheimer was represented on appeal by the Electronic Frontier Foundation (EFF), Professor Orin Kerr of George Washington University, and attorneys Marcia Hofmann, and Tor Ekeland. In an opinion issued this morning by the U.S. Court of Appeals for the Third Circuit, Judge Michael Chagares wrote that the government should not have charged Auernheimer in New Jersey, which had no direct connection to AT&T or Auernheimer.

"We're thrilled that the Third Circuit reversed Mr. Auernheimer's conviction," EFF Staff Attorney Hanni Fakhoury said. "This prosecution presented real threats to security research. Hopefully this decision will reassure that community."

Here is today's court ruling [PDF].

For more on weev, this Gawker profile is a good place to start. Don't miss his thoughts on The Jews.

Notable Replies

  1. Good to see the government required to follow the law on on venue. Disappointing the case is about someone who seems to be a classic sociopath, who is smart, manipulative, superficially charming, and likes to make people suffer on the internet.

  2. "Couldn't have happened to a worse guy," as the saying goes?

  3. Weev is still a dickhead and a douchebag but this is not the thing he should go to jail for good developement for security researchers

  4. Gizmodo is a news outlet in the same sense as a sewer pipe.

  5. I'm sure AT&T was all over fixing that issue long before he found it and told people about it.

    Also, calling "changing some characters in a public URL" a "hack" is a lot less accurate than calling Gizmodo a news outlet.

    Personally, I would have preferred if someone at AT&T had stopped to think about how they were letting personal data of their customers be accessed through public URLs with absolutely no attempt at authentication. That has to have gone past a lot of eyes in the company just to get the servers and the coding set up for it, and evidently no one thought it was a problem then.

Continue the discussion

28 more replies