- Journal Archives
- Volume 17
- Volume 16
- Volume 15
- Volume 14
- Volume 13
- Volume 12
- Volume 11
- Volume 10
- Volume 9
- Volume 8
- Volume 7
- Volume 6
- Volume 5
- Volume 4
- Volume 3
- Volume 2
- Volume 1
After spending over a year in federal prison, infamous hacker and internet troll Andrew “Weev” Auernheimer had his conviction vacated on Friday by the Third Circuit Court of Appeals. Last March, Auernheimer received a 41-month sentence for conspiracy to violate the Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. § 1030, and identity fraud under 18 U.S.C. § 1028(a)(7). Weev was prosecuted for revealing a security flaw in AT&T’s website, thereby obtaining the email addresses of 114,000 iPad 3G users, and then providing that information to gossip site Gawker. Gawker’s article, which included some of the data partially redacted, prompted an FBI investigation. Weev’s case has been particularly important to some cyber security researchers, as Weev’s prosecution has made them afraid to report the security and privacy flaws they find.
Unfortunately for all those interested in the substantive merits of the charges against Weev, the appeals court vacated his conviction on procedural grounds, finding that venue for his prosecution in the District of New Jersey was improper. The court came to this conclusion because neither AT&T’s server nor Auernheimer were physically located in New Jersey when Auernheimer exposed the security flaw.
As for the CFAA itself, Weev conviction was based specifically on 18 USC § 1030(a)(2)(C), which states: “whoever intentionally access a computer without authorization or exceeds authorized access, and thereby obtains…information from any protected computer…shall be punished as provided in subsection (c) of this section.” Weev’s prosecution was particularly interesting because he did not crack any codes, steal any passwords, or in any way “break into” AT&T’s customer database – something company representatives confirmed during testimony. The team that handled Weev’s appeal wrote in their brief, “The fundamental question in this case is whether it is a crime to visit a public website.” However, since the appeals court vacated the conviction on procedural grounds and punted on the nature of the charges, the question of whether Weev’s actions actually constituted a violation of the CFAA was left unanswered.
Recent Blog Posts
- The Vanderbilt Journal of Entertainment & Technology Law Jumps Thirty-One Spots to Highest Ranking Ever
- Hiding Behind the Computer Screen: James Woods Files Defamation Lawsuit Against a Twitter User
- Let’s Enjoy Fantasy Football…While We Can
- Guest Post: Tweeting Away Patient Privacy
- Naturally Occurring or Mind-made?
- Does China’s 2022 Winter Olympics Song Intentionally Plagiarized ‘Frozen’s’ ‘Let It Go’?
Tagsadvertising antitrust Apple books career celebrities contracts copyright copyright infringement courts creative content criminal law entertainment Facebook FCC film/television financial First Amendment games Google government intellectual property internet JETLaw journalism lawsuits legislation media medicine Monday Morning JETLawg music NFL patents privacy progress publicity rights radio social networking sports Supreme Court of the United States (SCOTUS) technology telecommunications trademarks Twitter U.S. Constitution