Skip to main content

EFF Joins Andrew Auernheimer Case on Appeal

Hacker Who Revealed Security Flaw in AT&T Servers Sentenced to 3.5 Years in Prison
PRESS RELEASE
March 18, 2013
Hacker Who Revealed Security Flaw in AT&T Servers Sentenced to 3.5 Years in Prison

San Francisco - Andrew "Weev" Auernheimer today was sentenced to 41 months in federal prison for revealing to media outlets that AT&T had configured its servers to allow the harvesting of iPad owners' unsecured email addresses. The Electronic Frontier Foundation (EFF) is joining Auernheimer's legal team to litigate his appeal before the Third Circuit Court of Appeals, arguing that fundamental problems with computer crime law result in unfair prison sentences like the one in this case.

In 2010, Auernheimer's co-defendant Daniel Spitler discovered that AT&T deliberately configured its servers so that when they were queried with a number that matched an iPad's SIM card identifier, AT&T would reveal the email address of the iPad's owner. Spitler wrote a script that used the security hole to collect roughly 120,000 email addresses. Then Auernheimer sent a list of the email addresses to several journalists to spotlight the security problem. AT&T subsequently fixed the vulnerability.

The government charged Spitler and Auernheimer with conspiracy to violate the federal Computer Fraud and Abuse Act (CFAA) and identity theft law. Spitler reached a plea deal with the government in June 2011. In November, Auernheimer was convicted of two felonies after Spitler testified against him.

"Weev is facing more than three years in prison because he pointed out that a company failed to protect its users' data, even though his actions didn't harm anyone," EFF Senior Staff Attorney Marcia Hofmann said. "The punishments for computer crimes are seriously off-kilter, and Congress needs to fix them."

EFF has long criticized the CFAA for its vague language, broad sweep, and heavy penalties. Since the tragic death of programmer and Internet activist Aaron Swartz in January, EFF has redoubled its efforts to reform the law.

"Weev's case shows just how problematic the Computer Fraud and Abuse Act is," EFF Staff Attorney Hanni Fakhoury said. "We look forward to reversing the trial court's decision on appeal. In the meantime, Congress should amend the CFAA to make sure we don't have more Aaron Swartzs and Andrew Auernheimers in the future."

Other attorneys on Auernheimer's appellate team are Tor Ekeland and Mark H. Jaffe of Tor Ekeland P.C., Nace Naumoski, and Professor Orin Kerr of the George Washington University Law School.

For more on this case:
https://www.eff.org/cases/us-v-auernheimer

Contacts:

Marcia Hofmann
   Senior Staff Attorney
   Electronic Frontier Foundation
   marcia@eff.org

Hanni Fakhoury
   Staff Attorney
   Electronic Frontier Foundation
   hanni@eff.org

JavaScript license information