Forgot your password?
The Courts Security

'weev' Conviction Vacated 148

Posted by Soulskill
from the finally-drew-the-get-out-of-jail-free-card dept.
An anonymous reader writes "A few years back, Andrew 'weev' Auernheimer went public with a security vulnerability that made the personal information of 140,000 iPad owners available on AT&T's website. He was later sentenced to 41 months in prison for violating the Computer Fraud and Abuse Act (or because the government didn't understand his actions, depending on your viewpoint). Now, the Third U.S. District Court of Appeals has vacated weev's conviction. Oddly, the reason for the ruling was not based on the merits of the case, but on the venue in which he was tried (PDF). From the ruling: 'Although this appeal raises a number of complex and novel issues that are of great public importance in our increasingly interconnected age, we find it necessary to reach only one that has been fundamental since our country's founding: venue. The proper place of colonial trials was so important to the founding generation that it was listed as a grievance in the Declaration of Independence.'"
This discussion has been archived. No new comments can be posted.

'weev' Conviction Vacated

Comments Filter:
  • Not liking someone isn't a good enough reason to put them in jail.

    Usually. For now.

  • Re:To the point... (Score:0, Insightful)

    by Anonymous Coward on Friday April 11, 2014 @01:13PM (#46726947)
    I don't think that is 100% accurate. I'm sure some of the 116,067 emails that were exposed by him are residents from NJ.
  • Not Odd At All (Score:5, Insightful)

    by jratcliffe (208809) on Friday April 11, 2014 @01:27PM (#46727137)

    "Oddly, the reason for the ruling was not based on the merits of the case, but on the venue in which he was tried (PDF)."

    This isn't odd at all. If the venue was incorrect, then all the issues raised in the trial become irrelevant.

    Think of it this way: if he'd been charged with "being a Mets fan," and the appeal was based on (a) there's no law against being a Mets fan, and (b) the evidence that he was a Mets fan (a cap) was obtained through an illegal search, then whether or not the search was illegal would be irrelevant - he had broken no law, so the "conviction" would be tossed out.

  • by Shakrai (717556) * on Friday April 11, 2014 @01:50PM (#46727387) Journal

    Not liking someone isn't a good enough reason to put them in jail.

    He deserved to go to jail. Read the body of evidence against him. This wasn't a simple exposure of a security flaw in AT&T's website. He took deliberate actions to maximize the collection of information, bypassed security measures to obtain said information (that the security measures were woefully inadequate is beside the point, deliberate actions were required to bypass them), and discussed ways to use the obtained information for personal profit with his co-conspirator.

    None of that is to suggest that I agree with dragging him halfway across the country, or even with the Feds getting involved in the first place. His home state (Arkansas) has a computer trespass statute that would have been sufficient to prosecute him under, or the Feds could have at least tried him in his own district. I suspect that the former is what may happen now, since double jeopardy won't apply to a State level prosecution, and if it shakes out fairly he'll get credit for the time served in Federal prison without additional jail/prison time being imposed. First time offender and a non-violent crime after all...

  • Re:To the point... (Score:3, Insightful)

    by Shakrai (717556) * on Friday April 11, 2014 @02:56PM (#46728131) Journal

    Venue was improper. That doesn't mean he isn't guilty, it just means the Federal Government was inept (shocker, I know) and has managed to turn a common criminal into a martyr because they were too stubborn to simply turn this matter over to the authorities in his home state. I suspect the Feds will just prosecute him again in his home Federal District, wherein he will be convicted, though if they were smart they'd let the State authorities handle this matter. AR has a non-controversial computer trespass law that would cover his actions here.

    Also, if passing a phone identifier to a query of a web server could access all this information, is that really a 'protected computer'? I'd say no.

    And you'd be wrong. You're looking at this from the geek perspective, rather than the legal perspective. Google the reasonable person standard and mens rea, those are two of the most important building blocks of our legal system. Bottom line: He knowingly accessed information that a reasonable person would have known they weren't entitled to access. He did so by tricking AT&T's servers into thinking he was someone other than himself. The icing on the cake were his own words entered into evidence, wherein he admitted that he knew he wasn't entitled to access the information.

    Don't take my word for any of this, go read the body of evidence against him. It's all publicly accessible via PACER [].

"Go to Heaven for the climate, Hell for the company." -- Mark Twain