By Kenneth Lipp and Dustin Slaughter
Oral arguments will begin tomorrow in the appeal by Andrew Auernheimer of his conviction and sentence to 41 months for identity theft and unauthorized access to a computer under the CFAA, the Computer Fraud and Abuse Act of 1984. – (On July 1, 2013, Tor Ekeland, P.C., with Orin Kerr, Hanni Fakhoury at the Electronic Frontier Foundation, and Marcia Hoffman, filed Andrew Auernheimer’s (weev) appeal with the Third Circuit Court of Appeals. The appeal raises serious questions about the scope and interpretation of the notorious Computer Fraud and Abuse Act (CFAA).)
Auernheimer, known as Weev or his twitter handle @rabite, will not be permitted to attend the proceedings this Wednesday, at 10:30 in the Albert Branson Maris Courtroom on the 19th Floor of the federal building at 6th & Market Street in Old City, He will remain in a federal prison, where he has been for one year now, with periodic facility transfers, to the day. The BOP has broad discretion in the custody level and transfer limitation for inmates in the federal system, but under the circumstances and given the courtroom antics in the case’s history, one can’t help but pause to wonder if the stricture is at once constructive as well as a little editorial – to keep the hecklers down and to send Weev the message that he should not expect to see daylight prematurely.
The facts themselves in US vs Auernheimer are not so much disputed, but rather the US Government’s uncannily Manichean, character-based theory of guilt.
An attorney from Weev’s defense team, Hanni Fakhoury, outlined the basic circumstance in July of 2013 in You May Not Like Weev, But Your Online Freedom Depends on His Appeal
Here’s a reminder of what happened: Weev and Daniel Spitler discovered and publicized a security hole in AT&T’s website. After spoofing his web browser to look like an iPad, Spitler discovered that AT&T’s website published iPad users’ email addresses when someone entered a URL that included an iPad’s unique identification number. He created a script to keep entering random numbers to emulate the iPad IDs and got more than 114,000 email addresses as a result. Weev disclosed this security hole by telling journalists about the discovery and shared the list with Ryan Tate (then at Gawker, now at Wired), who published a story — not the email addresses — on the incident.
He then explains the government’s interpretation:
Auernheimer and Spitler were treated as criminals. The feds indicted Weev for identity theft and unauthorized access to a computer under the CFAA, even though it was AT&T — not them — that made the email addresses publicly available on the internet. Swayed by the government’s arguments that Weev and Spitler had engaged in “theft” (unfortunately, Weev’s own words) when Spitler “tricked” and “deceived” AT&T’s servers into giving him the email addresses, the jury found Weev guilty in short order.
What Weev and Spitler did was not the equivalent of going through thousands of persons’ mail and obtaining their social security numbers and bank account info. Rather it was more like noticing a landlord whose mailbox overflows with rent checks, with account numbers and addresses written on the front, using a custom program based on rent delivery schedule to predict when more mail would fall out, and then documenting the visible info and sending it with an explanation of the source to a journalist. The receptive press aptly reported the affair as an embarrassment for AT&T
The government’s case relies on its wholesale acceptance of AT&T’s cavalier assertion that Andrew and partner accessed sensitive information illegally, when the access was incidental to the company’s negligent custody of the private data of Apple users subscribing to their service.
Though Andrew will not be present as originally hoped, an event has been organized via Facebook for the beginning of oral arguments tomorrow, to show support for his release.