'weev' Conviction Vacated

An anonymous reader writes "A few years back, Andrew 'weev' Auernheimer went public with a security vulnerability that made the personal information of 140,000 iPad owners available on AT&T's website. He was later sentenced to 41 months in prison for violating the Computer Fraud and Abuse Act (or because the government didn't understand his actions, depending on your viewpoint). Now, the Third U.S. District Court of Appeals has vacated weev's conviction. Oddly, the reason for the ruling was not based on the merits of the case, but on the venue in which he was tried (PDF). From the ruling: 'Although this appeal raises a number of complex and novel issues that are of great public importance in our increasingly interconnected age, we find it necessary to reach only one that has been fundamental since our country's founding: venue. The proper place of colonial trials was so important to the founding generation that it was listed as a grievance in the Declaration of Independence.'"

What happens now?

[gnasher719]

From Wikipedia: "Relief from judgment of a United States District Court is governed by Rule 60 of the Federal Rules of Civil Procedure.[1] The United States Court of Appeals for the Seventh Circuit noted that a vacated judgment "place[s] the parties in the position of no trial having taken place at all; thus a vacated judgment is of no further force or effect."[2] Thus, vacated judgments have no precedential effect.[3]"

That seems to say that he is now in a legal position as if the trial had never taken place. So can he be taken to court in the proper place now?

Interesting

[Capt James McCarthy]

I never understood this. If you break up a rape and beat the crap out of the perpetrator, you are hailed a hero. But expose flaws and you are a criminal. I suppose it's not the crime they are exposing, but the tactics to obtain the information then? So the question would be do the ends justify the means? That would apply to all things governmental/commercial I suppose.

Re:sad day for those who don't like 4chan trolls

[Jeff Flanagan]

Not liking someone isn't a good enough reason to put them in jail.

Then why are people in jail for smoking pot, or being in the wrong location while black?
People go to jail all the time just because some idiot with power didn't like them.

Not just the Declaration

[T.E.D.]

He wasn't kidding in the slightest about venue being a big issue in our break with Britain. You can find the issue at least alluded to as a grievance in just about any pre-war document. My favorite is Franklin's sarcastic Rules by Which a Great Empire May Be Reduced to a Small One [archives.gov]

This King, these Lords, and these Commons, who it seems are too remote from us to know us and feel for us, cannot take from us ... our Right of Trial by a Jury of our Neighbours. ... To annihilate this Comfort, ... let there be a formal Declaration of both Houses, that Opposition to your Edicts is Treason, and that Persons suspected of Treason in the Provinces may, according to some obsolete Law, be seized and sent to the Metropolis of the Empire for Trial; and pass an Act that those there charged with certain other Offences shall be sent away in Chains from their Friends and Country to be tried in the same Manner for Felony. Then erect a new Court of Inquisition among them, accompanied by an armed Force, with Instructions to transport all such suspected Persons, to be ruined by the Expence if they bring over Evidences to prove their Innocence, or be found guilty and hanged if they can’t afford it.

(emphasis his)

Re:To the point...

[Shakrai]

You're seriously going to argue that even though he had to take deliberate steps to impersonate other people he wasn't accessing information "without authorization"? That's what this boils down to at the end of the day, he tricked AT&T's web servers into thinking he was an AT&T customer, and in so doing obtained access to information about that customer. Then he wrote a script to automate the process and repeated it ~140,000 times.

I really don't understand why people defend this kid's actions. The Federal prosecution was bullshit, this should have been charged at the State level, but to claim that he's completely innocent when he went out of his way to obtain access to information he knew he had no right to access? That's absurd.

Re:To the point...

[NatasRevol]

Well, not me, but the appeals court certainly did.
This paragraphy is on page 10 of the ruling:

The charged portion of the CFAA provides that
“[w]hoever . . . intentionally accesses a computer without
authorization or exceeds authorized access, and thereby
obtains . . . information from any protected computer . . . shall
be punished as provided in subsection (c) of this section.” 18
U.S.C. 1030(a)(2)(C). To be found guilty, the Government
must prove that the defendant (1) intentionally (2) access
edwithout authorization (or exceeded authorized access to) a
(3)protected computer and(4) thereby obtained information

Then his paragraph is on page 12 of the ruling:

Because neither Auernheimer nor his co-conspirator
Spitler performed any “essential conduct element” of the
underlying CFAA violation or any overt act in furtherance of
the conspiracy in New Jersey, venue was improper on count
one.

I guess you're smarter than them.

Also, if passing a phone identifier to a query of a web server could access all this information, is that really a 'protected computer'? I'd say no.