Andrew “Weev”Auernheimer is currently serving a 41-month prison sentence, and his lawyers are going to appear in a US court in attempt to overturn a conviction representing serious repercussions for online freedom.
Andrew Auernheimer, a self-confessed online troll and hacker, was found guilty 17 months ago of identity theft and conspiracy to obtain illegal access to AT&T public servers, after he got email addresses of iPad owners. Andrew shared his findings with Gawker, and the latter published them in redacted form. The hacker was charged with a felony under the Computer Fraud and Abuse Act.
Now his lawyers claim that his conviction is flawed and threatens civil liberties on the Internet. They are going to argue that his actions didn’t constitute a misdemeanor, let alone a felony, as he simply accessed a public server, which doesn’t equal to“illegal access”.
In response, the government claims that the hacker’s actions were illegal under the CFAA, as AT&T didn’t want him to have the addresses, even though they were available on its public website. Andrew’s lawyers insist that it is not a crime to visit a public website.
The EFF agrees that Auernheimer’s case was an example of a prosecution aimed at a person, not a crime. Since the CFAA calls it a crime to obtain data from a PC “without authorization”, a term that hasn’t been defined in law, the case sets a dangerous precedent. The EFF referred to a case of Isaac Wolf, a journalist threatened with legal action under the CFAA in 2013. He was researching a story on TerraCom, a company providing federally subsidized phone services to people on low incomes, and once ran into social security numbers and other sensitive data while doing a basic Google search. When he revealed that the company had actually left its customers at risk of identity theft, TerraCom called him a hacker and threatened to sue.
Andrew Auernheimer’s appeal will be watched by security researchers and privacy experts. Industry observers admit that the conviction, if not overturned, will have a detrimental effect on security. The problem is that the data the “hacker” helped to access was made available by AT&T to everyone and access was gained via standard protocols used by every user.
A number of third parties, including computer scientists, security researchers and Internet freedom advocates have already filed amicus brief and asked the appeals court to overturn Andrew’s conviction. The list includes the Mozilla Foundation, which argues there are similarities between research tools used by experts to benefit privacy and security and those used by Andrew.
In addition, Andrew’s lawyers argue that the case was improperly brought in New Jersey, because no machine was accessed nor data obtained in New Jersey. Besides, the largest part of Auernheimer’s sentence, due to an alleged $73,000 loss to AT&T, was wrong because the losses weren’t connected with computer costs.
Auernheimer, who is serving his sentence in Pennsylvania, wasn’t allowed to attend the hearing.