Computer Fraud and Abuse Defense Fund – Access Unauthorized!!
United States v. Andrew Auernheimer (Weev)
You have just violated the Computer Fraud and Abuse Act because we did not authorize you to look at our website.
Absurd? You bet, but courts have held that unauthorized access to a computer occurs whenever the computer owner says so, and the Department of Justice has enforced this point of view. Someone can violate the law even where there is no notice and where no password was hacked. All that is required is that a person, corporate or natural, subsequently says you don’t belong. This is precisely what happened in United States v. Auernheimer, 11-CR-470 (D.N.J.) (SDW), an important Computer Fraud and Abuse Act (CFAA) case currently on appeal to the United States Court of Appeals for the Third Circuit. This is a dangerously broad view of the Computer Fraud and Abuse Act that potentially criminalizes Google searches.
We are fighting back. Donate today to the legal defense fund as the appeals process begins. All donations will be anonymous.
Computer Fraud and Abuse Defense Fund – What Happened to Weev
On November 20, 2012, controversial computer security researcher Andrew Auernheimer was convicted by a jury sitting in the Federal District Court for the District of New Jersey of one count of conspiracy to violate the Computer Fraud and Abuse Act (18 U.S.C. 1030(a)(2)(C)) and one count of identity theft (18 U.S. C. 1028(a)(7)). The verdict has startled and alarmed many legitimate computer security researchers and it should be of concern to anyone who uses the Internet on a regular basis.
The facts are simple. In June of 2010, Andrew Auernheimer’s co-defendant Daniel Spitler discovered that AT&T’s servers were publishing email addresses of iPad subscribers on the servers authentication log in page when queried with a SIM card number that matched an existing AT&T subscriber’s SIM card number. Upon discovering this, Spitler wrote an iterative script that queried AT&T’s publicly accessible iPad servers and copied over 120,000 email addresses. No password or any type of security was ever hacked, nor was any attempt ever made to hack any password or bypass any existing security measures. In essence, what Spitler’s script did is what countless computer users do every day when they type information into their web browser’s URL. Auernheimer immediately went to the press with this information, and emailed some of the people whose email addresses were obtained. Neither Auernheimer nor Spitler did anything else with the information. At trial there was no evidence of any harm to anyone except for the allegation that AT&T was embarrassed by its failure to protect what it claimed was confidential information.
On March 18, 2013, the Honorable Susan D. Wigenton sentenced Andrew Auernheimer to 41 months on each of the Indictment’s counts, to run concurrently, as well as three years of supervised release with special terms, and ordered him to pay restitution in the amount of $73,167.00. The basis for the restitution was that AT&T had to pay for a direct mailing to its customers roughly one week after it had emailed them about the so called breach.
On March 21, 2012, Tor Ekeland P.C. filed a Notice of Appeal with the Third Circuit Court of Appeals. Joining Tor Ekeland P.C. on the appeal are Orin Kerr, Marcia Hoffman and Hanni Fakhoury of the Electronic Frontier Foundation, and Nace Naumoski.
What We Need Money For
Recognizing the importance of the case, Tor Ekeland, P.C. represented Andrew Auernheimer at trial pro bono on a shoe string budget. We spent countless hours and our limited funds on trying to win at trial while at the same time establishing a record for appeal. Now that the time for appeal has come we need funds to cover, among other things:
- Legal fees & Expenses
- Legal Assistants
- Filing fees
- Transcript Fees
- Assembling the record for appeal (the Appendix)
- Transportation and lodging during the Appeal to the Third Circuit
- Filing fees for a petition of certiorari to the United States Supreme Court should we lose at the Third Circuit Court of Appeals
- Other costs and expenses reasonably related to the case.
Donations to this legal defense fund are not tax deductible and will be used at the sole discretion of Tor Ekeland, P.C. for expenses related to the appeal of Andrew Auernheimer’s verdict. Auernheimer’s appeal will be based on numerous legal arguments, including ones not exclusive to the Computer Fraud and Abuse Act. All donations will be kept anonymous. If you can help with funding this appeal in this important case, please click the link below and donate to the cause. The government’s expansive view of unauthorized access to a computer under the Computer Fraud and Abuse Act needs to be stopped!
Why This Is Important
The verdict has caused understandable outrage in the computer security research community and beyond. The theory of unauthorized access that prevailed at trial risks criminalizing computer behavior that millions of Americans engage in daily and subjecting them to arbitrary prosecution at the government’s whim. Here are some links describing what some prominent people are saying about this case:
The latest news about the CFAA and our legal fight.
Weev’s Appeal Filed
Washington Post on U.S. v. Auernheimer
New York Times on Andrew Auernheimer
Press & Media
For more materials and interview requests, please contact Tor Ekeland, PC.