Internet troll Andrew "Weev" Aurenheimer currently sits in federal prison for using publicly accessible information on a public website to piss off the giant corporation that published the information. This is an injustice. But in a promising move, a legal team including one of the most respected cyberlaw experts in the country has just filed an appeal.
The criminal conspiracy for which Auernheimer was sentenced to 41 months in prison was technically no different than what you or I do when visiting any website. In 2010 Auernheimer's co-defendant collected email addresses that AT&T accidentally made publicly available to anyone who visited a URL corresponding to a particular AT&T customer's iPad on their browser. He did this by creating a program that systematically guessed all possible iPad ID numbers and entered them into a browser. Auernheimer then gave the email addresses to former Gawker, and we published an article exposing the security hole.
But the court found that Auernheimer's embarrassment of AT&T was criminal hacking, even though there was no breaking of passwords, cracking accounts, or real "hacking" at all: The program used to scrape the emails simply guessed the URLs of many different public websites then visited them.
Respected cyberlaw expert Orin Kerr, who is representing Aurenheimer pro bono during his appeal, is right when he writes: "At bottom, the case is about the freedom to surf the web." The appeal (pdf) argues that if you criminalize what Aurenheimer did, someone could get you locked up simply because they didn't want you to access information they published online themselves.
As Electronic Frontier Foundation's Hanni Fakhoury, who is also helping Aurenheimer's appeal, writes on Wired:
How’s a person surfing the internet supposed to know when they can or can’t view information if there’s no technical barrier to access? If Wired decided only people from the U.S. could read its otherwise publicly available Opinion pieces, and someone tries to access the site from the U.K., get ready for a prison jumpsuit.
The case will be closely watched because Auernheimer was convicted for his stunt under the Computer Fraud and Abuse Act (CFAA), an outdated, overly-broad computer crimes law that garnered much scrutiny after activist Aaron Swartz killed himself while being prosecuted under it for downloading academic journal articles.
Post-Aaron Swartz, we are in an upswing of America's reoccuring cycle of hackermania. It's good to be skeptical of the current trend to turn every random dude charged with computer crimes into an unfairly persecuted martyr, regardless of the merits of their case. (Orin Kerr, for example, argued Aaron Swartz's controversial prosecution was "pretty much legit," which shows just how egregious Auernheimer's was, to spark his involvement.) Weev is admittedly not the most sympathetic guy! But Auernheimer's case does merit the outrage, because if embarrassing someone using information they published on the internet is a crime, all bloggers are going to be sent to prison forever. Think of the bloggers.