Tech’s Appeal: 5 Facts about US v Auernheimer, the CFAA, and the Future of Coders’ Rights
Today marks an important day in history for cybercrime laws. At 10am EST, the courts in the 3rd Circuit in Philadelphia are going to hear the oral arguments for US v Auernheimer—which is currently on appeal. Although it is not highly publicized, this case is extremely important for the future of coders’ rights. It asks crucial questions about our current federal laws for cyber crime and it challenges the ways in which they are interpreted.
That said, I present to you—
Let’s get you up to speed:
1) A Hacker Nicknamed ‘Weev’ Found a Critical Security Flaw in AT&T’s System (Without Much Hacking at All) in 2010.
In 2010, news reports all over the country warned that AT&T’s 3g network had been hacked. An unnamed source was said to have exploited a security flaw and obtained over 114,000 e-mails belonging to AT&T’s network of iPad early-adopters. In addition to the general public, this email list included high-profile addresses of generals, celebrities, and other high-ranking government officials.
Once the dust settled, Andrew Auernheimer (known by the nickname ‘Weev’) and a fellow cohort were revealed as the duo that discovered the critical flaw in AT&T’s network.
Meet Andrew “Weev” Auernheimer. He is the face behind the AT&T Hack back in 2010. (pic: Penguinio K, “Weev,” July 28, 2012 via Flickr, Creative Commons Attribution.)
According to Weev, this AT&T “hack” took very little work to accomplish. Because the e-mail information was alleged to be unprotected by any security measures, the duo took very little time to gain access to the list of addresses.
2) Weev Let Gawker Media Know About the AT&T Security Flaw. A Federal Investigation and Lawsuit Followed.
When Weev uncovered the network vulnerability, his first inclination wasn’t to go directly to AT&T. He instead went to Gawker Media—a popular blog network. According to Weev, this was done with the purpose of letting the general public know about this critical flaw.
The news went viral, and soon AT&T and the Federal Government started investigating the hack. A federal lawsuit was filed for Weev’s actions shortly after.
3) Weev was charged with 3.5 years of jail time, 3 years of probation, and owed over $74,000 in fines.
After his trial, the district court sentenced Weev with this hefty criminal punishment under the Computer Fraud and Abuse Act (known commonly as the “CFAA”) for exploiting the AT&T security flaw. Weev’s partner in crime pled guilty, and received a lesser sentence.
(pic: .V1ctor Casale., “Handcuffs,” January 16, 2012 via Flickr, Creative Commons Attribution.)
4) After nearly a Year in Prison, Weev’s Case Is Now on Appeal. Today, His Attorneys Will Argue that the CFAA is Much too Old, Much too Broad and Much too Harsh.
Weev’s attorneys will argue on appeal today that the CFAA under which he was charged is being used too broadly by the government.
The CFAA is a federal computer crime law that is receiving a lot of press in recent months. While it was originally created in the 1980’s as a way to stop hackers from accessing and harming government computers,it is now construed by the courts in a much broader fashion. In recent cases the CFAA has been used to prosecute the actions of internet users and hacktivists. Among the list of people charged under the CFAA is the late Aaron Swartz, who faced a maximum sentence of 35 years of prison time and over 1 million dollars of fines for accessing and downloading a large volume of academic files from a database called JSTOR.
As we shift into a more modern and interactive Internet, internet activists, technologists, and other groups stress that the CFAA is outdated, and that it is too broad and its penalties are too harsh for the crimes committed.
Because Weev obtained arguably “public” information on AT&T’s servers, his attorneys argue that his actions were unjustly punished under the CFAA and that everyday internet usage is being criminalized.
5) This Circuit Decision Could be Crucial to the Way Our Laws are Interpreted!
This upcoming ruling on Weev’s appeal has the potential to play a pivotal role with the way in which our federal cybercrime laws are interpreted. If Weev’s conviction isn’t overturned, the ruling could have potentially harsh effects on internet users. For people like Weev who tinker with, analyze and research security on the internet—it could mean there are serious criminal implications that could be tied to their actions.
(pic: Raymond Bryson, “Question Box,” December 16, 2011 via Flickr, Creative Commons Attribution.)
How the CFAA will evolve is anyone’s guess. Cases like US v. Auernheimer help shape this evolution.
To learn more about the CFAA and the proposed changes that are currently making their way to Congress, click here.
Of course, I will update as this case develops.
Question of the Day:
What Do you think of this case? Do you feel that the CFAA is being applied fairly to Weev’s case and others?