Appeals Court Reverses Weev Conviction For Incorrect Venue, Avoids Bigger CFAA Questions
from the it's-a-start dept
We've been covering the prosection of Andrew "weev" Auernheimer for over a year, and things were not looking good for him, with the court seemingly stacking the deck in favor of a clueless DOJ. But instead, today the appeals court reversed his conviction and 3.5-year jail sentence (which, let's not forget, was handed to him for exposing a security flaw, under the DOJ's twisted interpretation of the Computer Fraud & Abuse Act).
The hope, of course, was that the court might address the ridiculousness of the charge and the huge problems of the CFAA, which currently permits the government to go after pretty much anyone who uses a computer in a way they don't like. Instead, the conviction was tossed for being in the wrong venue:
Although this appeal raises a number of complex and novel issues that are of great public importance in our increasingly interconnected age, we find it necessary to reach only one that has been fundamental since our country’s founding: venue.
But, while the ruling punts on the CFAA, it raises some issues in its venue analysis that could themselves have a wider impact. Weev was prosecuted in New Jersey based on the flimsy rationale that New Jersey residents were affected by the security flaw exposure (but really because New Jersey has its own anti-hacking laws, and the DOJ was able to pursue a harsher punishment if the CFAA intersected with state laws). But the appeals court found that, since none of the allegedly illegal activities undertaken by weev happened in New Jersey, this was inappropriate:
The statute’s plain language reveals two essential conduct elements: accessing without authorization and obtaining information.
New Jersey was not the site of either essential conduct element. The evidence at trial demonstrated that the accessed AT&T servers were located in Dallas, Texas, and Atlanta, Georgia. In addition, during the time that the conspiracy began, continued, and ended, Spitler was obtaining information in San Francisco, California, and Auernheimer was assisting him from Fayetteville, Arkansas. No protected computer was accessed and no data was obtained in New Jersey.
Since the question of venue is still very muddy when it comes to the internet, this likely isn't the last we'll be hearing about this ruling, and its impact on other cases could prove interesting. It's also likely not an end to weev's story, and certainly not an end to government abuse of the CFAA. But, for now and at the very least, it says that if the DOJ is going to try to throw you in jail for the crime of Vaguely Misusing A Computer While Being Kind Of A Jerk, it at least has to do it in the correct venue instead of going fishing for the most favorable one.
Update: As noted in the First Word comment below, the ruling did make mention of the fact that no crime had been clearly established, which suggests that if the court had addressed the bigger questions about the charge, it may not have gone well for the DOJ. For now, we'll have to be satisfied with a non-binding footnote.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: andrew auernheimer, cfaa, doj, hacking, venue, weev
Reader Comments
The First Word
“Subscribe: RSS
View by: Time | Thread
Moral of the Story
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Venue is important
As an extreme example, imagine how it would be if a person in country A doing something to a server in country B could be tried in country C because in the past someone in country C had used that server in country B.
Or an even more extreme example, someone in one country doing something that is legal in his own country but which would be illegal if done in another country, being detained and tried in that other country.
[ link to this | view in chronology ]
Re: Venue is important
[ link to this | view in chronology ]
Re: Re: Venue is important
The USA is big on extraterritorial jurisdiction, but when other countries want to apply extraterritorial jurisdiction to it the reaction is negative; see for instance the Hague Invasion Act.
[ link to this | view in chronology ]
Re: Venue is important
[ link to this | view in chronology ]
Re: Venue is important
Look up the Amateur Action BBS case. A man and his wife ran a subscription porn BBS in California, where it was investigated and deemed to be legal. A postal inspector from Tennessee started an investigation and they were eventually convicted of violating Tennessee's community standards.
[ link to this | view in chronology ]
Not to mix metaphors ...
Also, the footnoted dicta hopefully will function nicely to convey its true meaning to prosecution: "We get what happened here; and we don't want to see you back here on the same allegations." To wit:
The account slurper simply accessed the publicly facing portion of the login screen and scraped information that AT&T unintentionally published.
[ link to this | view in chronology ]
Re: Not to mix metaphors ...
Throwing it out due to improper venue is good, but it also allows them to re-file the thing elsewhere if they want, whereas if the court had flat out ruled that no laws had been broken, then re-filing the case might have been a titch difficult.
[ link to this | view in chronology ]
Re: Re: Not to mix metaphors ...
[ link to this | view in chronology ]
Re: Not to mix metaphors ...
This will most likely have wider implications and might (one can hope) make the DoJ be more accountable and apply due diligence before they do this again to some poor soul.
[ link to this | view in chronology ]
Bouncing the case on venue instantly kills the conviction. Almost any other reversal requires re-doing part of the trail, which is expensive, time consuming, and risks another bogus outcome.
The footnote is a strong hint to the prosecutors that they were wrong, and should not re-file charges in a different venue. They can save face by claiming "a technicality".
(But I'll go with 'Technically correct, the best kind of correct.')
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
hacking?
[ link to this | view in chronology ]
venue and double jeopardy
[ link to this | view in chronology ]
[ link to this | view in chronology ]