TECH

Hacker Weev's Chilling Conviction Is Overturned

04/11/2014 12:07 pm ET | Updated Apr 11, 2014

A federal appeals court on Friday overturned the conviction of Andrew "Weev" Auernheimer, reversing a verdict that was viewed as having a chilling effect on the work of researchers who help keep the Internet safe.

Prosecutors said Auernheimer, 28, is a publicity-hungry hacker who broke the law when he found a security flaw in an AT&T website three years ago that allowed him to collect 114,000 email addresses belonging to iPad 3G users. Auernheimer turned over that information to the gossip site Gawker, which posted some partially redacted addresses, prompting an FBI investigation.

Auernheimer's attorneys have argued that he did not commit a crime because AT&T's security was so lax that those email addresses were publicly available.

In 2012, a jury in New Jersey found Auernheimer guilty of violating the Computer Fraud and Abuse Act, the same law used to prosecute the late Internet activist Aaron Swartz. Auernheimer has served about 12 months of his 41-month prison sentence.

On Friday, a federal appeals court overturned the conviction, saying the case did not have any connection to New Jersey so it should not have been tried there.

Neither Auernheimer nor AT&T's servers were located in the state. Auernheimer was in Arkansas at the time and AT&T's servers were in Texas and Georgia, the court said.

"Because we conclude that venue did not lie in New Jersey, we will reverse the District Court’s venue determination and vacate Auernheimer’s conviction," the federal appeals court said in a decision filed Friday.

Auernheimer will be released from prison Friday night, according to his legal team.

"We're obviously pleased the court reversed the conviction," said Hanni Fakhoury, one of Auernheimer's attorneys.

"While the case was primarily about the CFAA, the government's venue theory was very dangerous, presenting a real risk that defendants could be hailed anywhere in the country to face a criminal trial," Fakhoury said. "The court was very critical of the government's theory which is important going forward in criminal cases to come, especially as the Internet makes the world more inter-connected."

The court, however, only ruled on the venue of case and not on the larger question of whether Auernheimer's actions violated federal computer crime law.

A spokesman for the U.S. Attorney's office in New Jersey, which prosecuted the case, said the government was still reviewing the decision.

"The court determined that the Department of Justice brought this case in the wrong state," said the spokesman, Matt Reilly. "It only ruled on venue and not on the merits of the case and the strength of the evidence."

Computer security researchers watched the federal appeals court decision closely. They say Auernheimer's conviction has made them more reluctant to report the security and privacy flaws they find for fear of being prosecuted.

Partly for that reason, Auernheimer's case has gained the support of some of the country’s most respected cyber law experts. His legal team includes Fakhoury, a staff attorney at the Electronic Frontier Foundation, a digital rights group, and Orin Kerr, a cyber law professor at George Washington University Law School.

In addition, a group of prominent computer scientists, academics and researchers have called on the appeals court to reverse Auernheimer's conviction. They include the Mozilla Foundation, which makes the popular Web browser Firefox, and Edward Felten, a former technologist for the Federal Trade Commission.

These advocates "are convinced that overturning [Auernheimer's] conviction will help security and privacy, not harm it," according to their court brief, which was filed by Stanford Law professor Jennifer Granick. "The alternative empowers private entities to force the public to turn a blind eye to their security and privacy missteps."

Auernheimer is not the most sympathetic figure. As a notorious Internet troll, he frequently says outrageous things to evoke emotional responses from people. The name of his security company, Goatse Security, refers to an obscene Internet shock site, and is linked to an Internet trolling group whose name includes a racial slur.

Auernheimer is currently serving his sentence at Allenwood Federal Correctional Complex in White Deer, Pa., about 170 miles west of New York City.

This article was updated after publication to note that Auernheimer will be released Friday evening.

Suggest a correction
143 Comments

CONVERSATIONS