Weev Won. Hacker Freed, Judge Reverses Ruling


photo by Pinguino K

Hoards of internet enthusiasts crowed in unison, when Andrew “Weev” Auernheimer was convicted of computer fraud in 2012 and later sentenced to 3.5 years in prison. And on Friday, those cries were justified. A federal appeals panel just overturned the conviction, but not for the reasons some activists might’ve hoped for. Read The 3rd Circuit Court Ruling To Vacate  [pdf] [scribd] 

Rethink Impossible copy

The judges actually threw out the case simply because of where it was filed. Weev, you see, was physically located in Arkansas when he wrote a script that lifted over 120,000 iPad users’ email addresses through a hole in AT&T’s website that they later reported to Gawker.

Meanwhile, his alleged partner in crime, Daniel Spitler, was located in California, and the servers they were targeting were in Dallas. But the case was brought against Weev in New Jersey.


Images via AP / Flickr

“Almost the entire thing was about venue,” Tor Ekeland, an attorney who also represents Auernheimer, told me after the hearing in March. he speculated that weev was tried in New Jersey simply because the state had a major computer crimes division; it had no relevance to the case. “Nothing happened in New Jersey. No victims, no possession.”

Weev Is Free, Because You Can’t Prosecute A Hacker Just Anywhere

So the Computer Fraud and Abuse Act, the one that prosecutors love to accuse hackers of breaking, will remain vague. Internet activists will pat themselves on the back for keeping another hacker (who didn’t actually hack) out jail. And Weev, well, Weev will probably be just as salty as he’s always been.

While it chose to focus on the venue issue, the court did briefly address another crucial aspect of weev’s alleged crime—one that his lawyers and many others in the computer community have argued did not constitute “hacking” in the criminal sense.

“We also note that in order to be guilty of accessing “without authorization, or in excess of authorization” under New Jersey law, the Government needed to prove that Auernheimer or Spitler circumvented a code- or password-based barrier to access [..] The account slurper simply accessed the publicly facing portion of the login screen and scraped information that AT&T unintentionally published.”

In other words, New Jersey law demands that “hacking” requires breaking a password, even though, as the opinion notes, the threshold for hacking is lower under the federal version of the CFAA. The law was also used to originally prosecute Aaron Swartz, the activist whose scraping of journal articles was determined by the government to be theft.

Read Coverage by   Wired   |   HuffingtonPost   |   Motherboard.com  |  Gizmodo  



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s