Court Overturns Controversial Hacker's Conviction, but Dodges the Hard Question

The Citizen's Guide to the Future
April 11 2014 4:55 PM

Court Overturns Controversial Hacker's Conviction, but Dodges the Hard Question

Weev-selfportrait-prophet
Andrew "weev" Auernheimer

Photo by weev/Wikimedia Commons.

Andrew Auernheimer, the infamous hacker and Internet troll imprisoned for revealing a security flaw in AT&T's website, will soon be walking free after more than a year behind bars. Today, the 3rd Circuit Court of Appeals in New Jersey vacated Auernheimer's conviction under the Computer Fraud and Abuse Act, a decades-old anti-hacking law which has been increasingly used to prosecute things that don't really seem like “hacking” at all.

In 2011, Auernheimer (aka “weev”) and his partner Daniel Spitler discovered that by simply incrementing an iPad serial number and entering the results into AT&T's website, they were able to obtain the personal data of 114,000 AT&T iPad customers, including celebrities and government officials. Last year, he was sentenced to 41 months in federal prison on counts of identity theft and “unauthorized access to protected computer,” despite that the sensitive data in question was readily available from AT&T's website. As weev has put it on multiple occasions after his conviction, “I'm going to jail for doing arithmetic.”

But the reasoning behind the court's reversal today didn't have anything to do with the nature of the charges, or computer crime law in general. Neither did it touch on Auernheimer's off-putting attitude and controversial trolling, which was an intense focus for the prosecution prior to his conviction. The case was vacated on the basis that the New Jersey venue was improper, because neither AT&T's server nor Auernheimer was physically located there.

Advertisement

Interestingly, a footnote in the court opinion points out that New Jersey law would have specifically required prosecutors to prove that Auernheimer “circumvented a code- or password-based barrier to access”—a task that given the facts would have been challenging, to say the least. This would have been made more difficult, given that the government doesn't seem to understand what Auernheimer actually did. During a recent appellate hearing in Philadelphia, assistant U.S. attorney Glenn Moramarco argued that what Auernheimer and Spitler did was “hacking” because they “had to download the entire iOS system on his computer, he had to decrypt it, he had to do all of these things I don't even understand." Later, he compared weev's actions to blowing up a nuclear power plant.

Auernheimer's legal team, led by the firm Tor Ekeland, P.C. and attorneys from the Electronic Frontier Foundation, has announced that they are seeking his immediate release, which could come as early as Friday night. But what happens next depends on whether the Department of Justice decides to retry the case in a different legal venue. That scenario would be bad for weev, who has spent much of his sentence in solitary confinement. But if the case ends here, it would also be a lost opportunity to for courts to finally clarify the vague laws governing what constitutes “hacking.”

On the other hand, it's not like there aren't other questionable CFAA cases to choose from. Former Reuters employee Matthew Keys faces up to 25 years in prison under the statute, for giving a password to the Los Angeles Times website to a member of Anonymous, which led to a headline being defaced for 30 minutes. (The court has bizarrely charged the act as “transmission of malicious code.”)

Auernheimer may be free, but the more important legal question of what separates petty mischief and security research from “hacking” remains unanswered—at least for now.

Future Tense is a partnership of SlateNew America, and Arizona State University.

Joshua Kopstein is a cyberculture journalist who studies policy, activism, and the dystopian present.

TODAY IN SLATE

History

The Self-Made Man

The story of America’s most pliable, pernicious, irrepressible myth.

Michigan’s Tradition of Football “Toughness” Needs to Go—Starting With Coach Hoke

Does Your Child Have “Sluggish Cognitive Tempo”? Or Is That Just a Disorder Made Up to Scare You?

The First Case of Ebola in America Has Been Diagnosed in Dallas

Windows 8 Was So Bad That Microsoft Will Skip Straight to Windows 10

Politics

Mad About Modi


Why the controversial Indian prime minister drew 19,000 cheering fans to Madison Square Garden.


Building a Better Workplace

You Deserve a Pre-cation

The smartest job perk you’ve never heard of.

Don’t Panic! The U.S. Already Stops Ebola and Similar Diseases From Spreading. Here’s How.

Parents, Get Your Teenage Daughters the IUD

The XX Factor
Sept. 30 2014 12:34 PM Parents, Get Your Teenage Daughters the IUD
  News & Politics
Politics
Sept. 30 2014 6:59 PM The Democrats’ War at Home Can the president’s party defend itself from the president’s foreign policy blunders?
  Business
Moneybox
Sept. 30 2014 7:02 PM At Long Last, eBay Sets PayPal Free
  Life
Gaming
Sept. 30 2014 7:35 PM Who Owns Scrabble’s Word List? Hasbro says the list of playable words belongs to the company. Players beg to differ.
  Double X
The XX Factor
Sept. 30 2014 12:34 PM Parents, Get Your Teenage Daughters the IUD
  Slate Plus
Behind the Scenes
Sept. 30 2014 3:21 PM Meet Jordan Weissmann Five questions with Slate’s senior business and economics correspondent.
  Arts
Brow Beat
Sept. 30 2014 4:45 PM Steven Soderbergh Is Doing Some Next-Level Work on The Knick
  Technology
Future Tense
Sept. 30 2014 7:00 PM There’s Going to Be a Live-Action Tetris Movie for Some Reason
  Health & Science
Medical Examiner
Sept. 30 2014 6:44 PM Ebola Was Already Here How the United States contains deadly hemorrhagic fevers.
  Sports
Sports Nut
Sept. 30 2014 5:54 PM Goodbye, Tough Guy It’s time for Michigan to fire its toughness-obsessed coach, Brady Hoke.