Constitutional Law

3rd Circuit frees email hacker 'weev'; says feds tried and convicted him in wrong venue

The controversial conviction of an email hacker has been vacated by a federal appeals court, not because of issues with the Computer Fraud and Abuse Act but because Andrew Auernheimer was tried and convicted in the wrong venue.

Known as “weev,” Auernheimer was released on Friday from a federal prison in Allenwood, Penn., where he was serving a 41-month sentence imposed in 2013, the Associated Press reports. He was convicted in 2012 by a federal jury in Newark, N.J., of identity theft and conspiring with others to illegally access AT&T servers. The hackers obtained email addresses for more than 100,000 iPad users, including then-New York City Mayor Michael Bloomberg and several other well-known individuals.

While the case raised “complex and novel” issues under CFAA, the 3rd U.S. Circuit Court of Appeals explained in its Friday written opinion (PDF) that Auernheimer’s conviction had to be reversed because the case was tried in the wrong venue. That violated constitutional protections intended to prevent defendants from being tried in a distant or unfriendly forum selected by the prosecution.

“As we progress technologically, we must remain mindful that cybercrimes do not happen in some metaphysical location that justifies disregarding constitutional limits on venue,” the appellate panel wrote. “People and computers still exist in identifiable places in the physical world. When people commit crimes, we have the ability and obligation to ensure that they do not stand to account for those crimes in forums in which they performed no ‘essential conduct element’ of the crimes charged.”

New Jersey, the state in which Auernheimer was tried, is the residence of thousands of individuals whose email addresses were obtained. However, Auernheimer lived in Fayetteville, Ark.; a claimed co-conspirator was in San Francisco; and AT&T’s hacked computer servers were located in Atlanta and Dallas. The Gawker reporter with whom the hackers shared their findings was also not located in New Jersey, the court noted.

“The indictment needs to be dismissed immediately,” Auernheimer’s attorney, Tor Ekeland, told Bloomberg on Monday. “We still have an extremely strong case on the substantive issue, and my client is more than happy to litigate it again. We’ll bring a lot more firepower to this issue than we did when we started this case and were working out of a closet.”

The U.S. Attorney’s Office in Newark is reviewing its options, according to the Associated Press.

See also:

ABA Journal: “Hacker’s Hell: Many want to narrow the Computer Fraud and Abuse Act” “Hackers Used ‘3G Account Slurper’ to Steal iPad Info and Promote Security Co., Feds Say”

We welcome your comments, but please adhere to our comment policy and the ABA Code of Conduct.

Commenting is not available in this channel entry.