Skip to main content
Please enter a legal issue and/or a location
Begin typing to search, use arrow keys to navigate, use enter to select

Find a Lawyer

More Options

DOJ Files Brief in Hacker's Appeal; Security Experts Disagree

By Gabriella Khorasanee, JD on September 27, 2013 | Last updated on March 21, 2019

Hackers have a bad rap -- but not all hackers are bad. For instance, those wearing "white hats" are A-OK, according to the government in its recently filed appellate brief in the Auernheimer case.


Andrew "Weev" Auernheimer ("Weev") is a self-proclaimed hacker who, together with a colleague, found a gap in AT&T's website that allowed him to harvest more than 100,000 email addresses of iPad users, according to The Washington Post.

Weev made the addresses available to the media (namely, Gawker), exposing the security loop hole on the AT&T website.

For that, Weev was sentenced to 41 months in prison for conspiring to violate the Computer Fraud Abuse Act ("CFAA"). Prior to sentencing, Weev stated in a press conference: "I'm going to jail for doing arithmetic."

Appellate Briefs

On July 1, Weev filed his opening brief to appeal to the Third Circuit, and last week the government filed its response. Weev argues that he merely accessed public information because AT&T did not password-protect the page where he found the email addresses.

In its 133-page brief, the government argues that weev was deceptive by spoofing a user agent and impersonating AT&T customers, according to The Washington Post.

Dangerous Precedent?

On July 8, a group of privacy experts and computer scientists filed an amicus brief in support of weev's appeal. Though many consider Weev a "jerk" (The Washington Post's words, not mine), experts agree that he should not be considered a felon. The reason? Because the way he obtained the email addresses -- through a process called "scraping" -- is widely used among businesses, journalists, academics, and security researchers.

Matt Blaze, a University of Pennsylvania computer scientist who signed on to the amicus brief told the Post: "I'm not sure how else a person would know whether or not they're supposed to access a Web site or not." Password protection, he continued, is "the standard way a Web service tells you whether you're supposed to be doing something or not."

The case will turn on how the Third Circuit chooses to define "unauthorized access" under the CFAA. While Congress has still not voted on Aaron's Law, it's up to the Third Circuit (for now) to clarify the CFAA. The outcome will have huge ramifications on many things, from company marketing research and strategies, to computer security research. Let's hope the Third Circuit doesn't cast an overly wide net.

Related Resources:

You Don’t Have To Solve This on Your Own – Get a Lawyer’s Help

Meeting with a lawyer can help you understand your options and how to best protect your rights. Visit our attorney directory to find a lawyer near you who can help.

Or contact an attorney near you:
Copied to clipboard