Prosecutorial Abuse of the Computer Fraud and Abuse Act to be Appealed in Philadelphia Court: US v Auernheimer


By Kenneth Lipp and Dustin Slaughter

Oral arguments will begin tomorrow in the appeal by Andrew Auernheimer of his conviction and sentence to 41 months for identity theft and unauthorized access to a computer under the CFAA, the Computer Fraud and Abuse Act of 1984. – (On July 1, 2013, Tor Ekeland, P.C., with Orin Kerr, Hanni Fakhoury at the Electronic Frontier Foundation, and Marcia Hoffman, filed Andrew Auernheimer’s (weev) appeal with the Third Circuit Court of Appeals. The appeal raises serious questions about the scope and interpretation of the notorious Computer Fraud and Abuse Act (CFAA).)

Auernheimer, known as Weev or his twitter handle @rabite, will not be permitted to attend the proceedings this Wednesday, at 10:30 in the Albert Branson Maris Courtroom on the 19th Floor of the federal building at 6th & Market Street in Old City, He will remain in a federal prison,  where he has been for one year now, with periodic facility transfers, to the day. The BOP has broad discretion in the custody level and transfer limitation for inmates in the federal system, but under the circumstances and given the courtroom antics in the case’s history, one can’t help but pause to wonder if the stricture is at once constructive as well as a little editorial – to keep the hecklers down and to send Weev the message that he should not expect to see daylight prematurely.

The facts themselves in US vs Auernheimer are not so much disputed, but rather the US Government’s uncannily Manichean, character-based theory of guilt.

An attorney from Weev’s defense team, Hanni Fakhoury, outlined the basic circumstance in July of 2013 in You May Not Like Weev, But Your Online Freedom Depends on His Appeal

Here’s a reminder of what happened: Weev and Daniel Spitler discovered and publicized a security hole in AT&T’s website. After spoofing his web browser to look like an iPad, Spitler discovered that AT&T’s website published iPad users’ email addresses when someone entered a URL that included an iPad’s unique identification number. He created a script to keep entering random numbers to emulate the iPad IDs and got more than 114,000 email addresses as a result. Weev disclosed this security hole by telling journalists about the discovery and shared the list with Ryan Tate (then at Gawker, now at Wired), who published a story — not the email addresses — on the incident.

He then explains the government’s interpretation:

Auernheimer and Spitler were treated as criminals. The feds indicted Weev for identity theft and unauthorized access to a computer under the CFAA, even though it was AT&T — not them — that made the email addresses publicly available on the internet. Swayed by the government’s arguments that Weev and Spitler had engaged in “theft” (unfortunately, Weev’s own words) when Spitler “tricked” and “deceived” AT&T’s servers into giving him the email addresses, the jury found Weev guilty in short order.

What Weev and Spitler did was not the equivalent of going through thousands of persons’ mail and obtaining their social security numbers and bank account info. Rather it was more like noticing a landlord whose mailbox overflows with rent checks, with account numbers and addresses written on the front, using a custom program based on rent delivery schedule to predict when more mail would fall out, and then documenting the visible info and sending it with an explanation of the source to a journalist. The receptive press aptly reported the affair as an embarrassment for AT&T

The government’s case relies on its wholesale acceptance of AT&T’s cavalier assertion that Andrew and partner accessed sensitive information illegally, when the access was incidental to the company’s negligent custody of the private data of Apple users subscribing to their service.

Though Andrew will not be present as originally hoped, an event has been organized via Facebook for the beginning of oral arguments tomorrow, to show support for his release.

You can read all the latest filings from the defense in the case on the site of his attorney, Tor Ekeland.

About Kenneth Lipp

Kenneth is a writer and researcher. He’s from Alabama, and will not apologize for it. He moved to Pennsylvania in 2012, but has been in love with Philadelphia since a late-night stroll down Ben Franklin Parkway to the Art Museum in July of 2011 with the love of his life. He is interested in telling Philadelphia’s dynamic and absolutely unique stories with the zeal of a constantly enamored newcomer. Kenneth is also passionate about government transparency and protection of whistleblowers, most notably PFC Chelsea Manning. His research and reporting on law enforcement and surveillance have been featured in various publications, including Rolling Stone (Meet the Private Companies Helping Cops Spy on Protesters) and Popular Science (Boston Tested Crowd-Watching Software That Catalogues People's Skin Color). His training is in both genetics and history and he likes the joke about being a helicase and unzipping your “genes.” He’s driven to know, and thinks you can handle, the truth. Follow him on Twitter @kennethlipp.

There is one comment

  1. “Multiple and Independent” Grounds for Appeal from Defense, Broad View of Computer Crimes Encouraged by Government in Auernheimer Appeal | The Declaration

    […] A three judge panel of the 3rd Circuit U.S. Court of Appeals in Philadelphia heard oral arguments this morning in the case of US v Andrew Auernheimer. The gallery of the 19th floor Albert Branson Maris Courtroom filled with to capacity by 9:45 a.m., with spectators including US attorneys unattached to the case, journalists, supporters, local and visiting private attorneys, and computer professionals and developers talking shop. The court heard 15 minutes of argument from both Orin Kerr for the defense and Albert Glenn, head of the Computer Crimes Unit, for the government, who answered questions from the panel throughout which reflected a genuine interest from the judges in clarifying still vague elements of computer law under the Computer Fraud and Abuse Act, upon which Auernheimer’s conviction hinge. The questioning from the court of both sides focused largely on the issue of venue, specifically the use of New Jersey statutes to assign venue and to enhance a criminal charge under federal law. […]


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s