14 DAY TRIAL // The case of Andrew Auernheimer continues. The man is better known as “Weev,” the hacker sentenced to 41 months in prison for publishing the email addresses and iPad SIM card IDs of 114,000 AT&T customers back in 2010.
After the sentencing, Auernheimer’s defense team, which also includes the Electronic Frontier Foundation (EFF), filed an appeal. They argued that the activists didn’t actually violate the controversial Computer Fraud and Abuse Act (CFAA) because the telecoms company “deliberately chose to have their users' email addresses published on the web.”
In September, the US government submitted a brief saying that AT&T had technical measures set in place to prevent access to the emails obtained by Auernheimer and his co-defendant Daniel Spitler.
The government has also noted that the serial numbers are actually passwords, and that the hackers had tricked the company’s servers by changing their computer’s user agent.
The actions of Spitler and Auernheimer are said to be criminal because of the “expertise” needed to gain access to AT&T systems. The prosecution also believes their actions violated “norms of behavior that are generally recognized by society.”
On Friday, the defense has submitted a response to this brief, refuting the government’s arguments one by one.
The defense argues that the serial numbers leaked by the hackers are not passwords because they’re not memorized by customers and they’re not required to access AT&T’s website.
Furthermore, Auernheimer’s team notes that there’s nothing “deceptive or criminal” about changing a user agent since this is a common operation performed by web browsers.
“Finally, we explain that criminal liability cannot hinge on a particular user's ‘expertise’ nor on the government's proposed ‘norms of behavior’ standard,” explained EFF Staff Attorney Hanni Fakhoury.
“Courts have long cautioned that criminal liability cannot be based on vague or ambiguous standards, and hinging CFAA liability on ‘norms of behavior’ leaves most computer users with uncertainty about what they can and cannot do.”