Following a 41-month conviction in November 2012 for violation of the U.S. anti-hacking law or the Computer Fraud and Abuse Act, a federal appeals court overturned the conviction of an infamous hacker on the basis that the case has been brought in the wrong court.
The Justice Department convicted security researcher Andrew Auernheimer, along with his co-conspirator Daniel Spitler, in New Jersey for obtaining and accessing approximately 120,000 e-mail address from the AT&T's website in 2010, specifically from its non-password protected area, where he gained access to the e-mails of many iPad users before giving it to Gawker website that, in turn, published these information. For this, the Newark jury convicted the accused of one count of conspiracy and one count of identity theft.
However, the 3rd Circuit Court of Appeals in Philadelphia argued that the alleged hacking activities by the accused happened someplace else, not in New Jersey that is hundred miles from where the AT&T servers and illegal activities supposedly took place. It explained that Auernheimer and Spitler were in Fayetteville, Arkansas and in San Francisco, California, respectively, during the said activities. Meanwhile, the AT&T servers were in Atlanta, Georgia and Dallas, Texas.
"Although this appeal raises a number of complex and novel issues that are of great public importance in our increasingly interconnected age, we find it necessary to reach only one that has been fundamental since our country's founding: venue," the Circuit Court wrote.
Judge Michael Chagares of the Circuit Court, who wrote for the three-judge panel, also reprimanded the prosecutors, saying venue in such cases is more than an issue of technicality.
"...it involves matters that touch closely the fair administration of criminal justice and public confidence in it," he said.
One of those who represented Auernheimer's appeal was Electronic Frontier Foundation, digital rights organization. Hanni Fakhoury, staff attorney at EFF, expressed their joy over the reversal of the conviction.
"Today's decision is important beyond weev's specific case. The court made clear that the location of a criminal defendant remains an important constitutional limitation, even in today's Internet age," Atty. Fakhoury said in a statement. He added that the prosecution showed authentic threats in terms of security research.
Recall that the hacking happened in 2010 when Spitler found out that the AT&T made configuration in its servers that publicly made the e-mail address of the victims available over the Internet. Because of the security flaw, he managed to collect the said e-mail addresses through a script, and then Auernheimer later distributed the e-mails to a media outlet to prove the vulnerability of the said company. AT&T acknowledged the security flaw and eventually fixed it. The authorities arrested the two and charged them in January 2011.
Auernheimer fought but lost his case in the trial, and started to serve the sentence in March 2013. Meanwhile, Spitler took a plea deal.
The defense team, however, said in their appeal in July 2013 that there was no violation of any law because the information was out in public, freely, as a result of the security flaw.
Along with EFF, Orin Kerr, former computer-crimes prosecutor at the Justice Department and now professor at George Washington University, and attorneys Tor Ekeland and Marcia Hofmann also supported the appeal of the accused.
There was no announcement yet as to when Auernheimer, who goes by the name "weev," would be released.
