Article Lead Image

Andrew “Weev” Auernheimer appeals conviction in AT&T “hacking” case

"The fundamental question in this case is whether it is a crime to visit a public website."


Kevin Morris

Internet Culture

Posted on Jul 2, 2013   Updated on Jun 1, 2021, 12:17 pm CDT

Legendary Internet troll and unlikely Internet rights martyr Andrew “Weev” Auernheimer is currently sitting in prison in White Deer, Pa. and wondering, quite literally, if the world has forgotten about him. His legal team has not. 

A team of cyber crime lawyers working with the Electronic Frontier Foundation filed an appeal Monday to overturn his 41 month prison sentence on felony hacking charges.

Auernheimer conviction came under the Computer Fraud and Abuse Act (CFAA), the same legislation used to indict Aaron Swartz, the digital rights advocate who committed suicide a month before his trial was scheduled to begin. In that case, Swartz had been threatened with up to 35 years in prison for essentially breaking the terms of service of digital journal publisher JSTOR.

The CFAA, which was mostly written in 1986, before the Internet as we know it even existed, has been roundly criticized for both the vagueness of its language and the severity of its punishments. Under the CFAA, you can be sentenced to ten years in prison for gaining “unauthorized” access to a computer system. Prosecutors have interpreted that to mean everything from malicious hacking to, as in Swartz’s case, violating TOS.  

In Auernheimer’s case, the CFAA’s vague language was stretched to an even broader interpretation, becoming almost a parody of itself. In 2010, Auernheimer’s co-defendant, Daniel Spitler, discovered a security flaw on AT&T’s site that published the email addresses of iPad owners. Spitler wrote a script and downloaded more than 114,000 of them.

Auernheimer took this list and handed it over to media outlets like Gawker, who ran stories on the leak but never published the email addresses themselves. AT&T fixed the hole, and no one was hurt. But federal prosecutors accused Auernheimer and Spitler of identity theft and conspiracy to violate the CFAA. Auernheimer was sentenced to 41 months on March 18. Spitler, who pleaded guilty to all charges, received a somewhat lighter 12-18 month sentence.

The key line from the appeal speaks to the heart of the CFAA’s flaws: 

“The fundamental question in this case is whether it is a crime to visit a public website.”

Read the full appeal below.

Photo by Weev/Wikimedia Commons

Share this article
*First Published: Jul 2, 2013, 2:51 pm CDT