Prosecutors Admit They Don't Understand What Weev Did, But They're Sure It's Like Blowing Up A Nuclear Plant
from the wtf? dept
We’ve been covering the ridiculous DOJ case against Andrew “weev” Auernheimer for quite some time. If you don’t recall, Auernheimer and a partner found a really blatant security hole on AT&T’s servers that allowed them to very easily find out the email addresses of iPad owners. There was no breaking in to anything. The issue was that AT&T left this all exposed. But, with a very dangerous reading of the CFAA (Computer Fraud and Abuse Act) and a bunch of folks who don’t understand basic technology, weev was sentenced to 3.5 years in jail (and has been kept in solitary confinement for much of his stay so far). Part of the case is complicated by the fact that weev is kind of a world class jerk — who took great pleasure in being an extreme online troll, getting a thrill out of making others miserable. But that point should have no bearing on whether or not exposing a security hole, by basically entering a URL that AT&T failed to secure, becomes a criminal activity.
Throughout the case, it’s been clear that the DOJ was trying to make up an interpretation of the law that had no basis in the actual technology world. And it became abundantly clear at a hearing before the appeals court concerning weev’s case, that the DOJ really has no idea what weev did. They’re just sure it’s bad because it involves computers and stuff. Seriously, as reported by Vice:
“He had to decrypt and decode, and do all of these things I don’t even understand,” Assistant US Attorney Glenn Moramarco argued.
Say what? If that’s the basis for being declared a felon and locked up for 3.5 years, almost everyone is a felon. It’s likely that under that “standard” Moramarco himself is a felon, because I’ll bet he “decrypts and decodes and all of these things he doesn’t understand” on pretty much a daily basis. But, a tip to the US Attorneys’ office: when prosecuting a computer crime, you might want to at least try to have someone who actually understands the fundamental basics of what the person you’ve locked up has done.
But, Moramarco apparently doesn’t want to let his complete ignorance of what actually happened (someone putting a URL into a box and seeing the page that AT&T failed to secure) to get in the way of insane hyperbole about what he thinks weev did:
In its opening statement, the government made an incendiary comparison that seemed to reflect the nature of its understanding of the crime: the prosecution compared Auernheimer’s deeds to hackers “[blowing] up a nuclear power plant in New Jersey” in an attempt to illustrate how it was a relevant venue.
Yes, apparently exposing the fact that AT&T left its customers’ info wide open to anyone is the equivalent of blowing up a nuclear power plant. Yikes.
As the article notes, much of the hearing actually focused on the question of venue, and it appears that weev may get off on something of a technicality. Prosecutors had moved the case to New Jersey for no known reason and so it may get rejected for being the improper venue, which potentially could mean that the appeals court never even addresses the issue of just how badly the DOJ twisted the CFAA to bring down weev. The judges appear to be considering this, as they noted that based on the details of the case, there was no apparent connection to New Jersey and no reason why the DOJ couldn’t have brought the case anywhere (one judge apparently mentioned Hawaii).
The case is important because of all the CFAA abuse we’ve seen by the DOJ over recent years, and now it sounds like the appeals court may be able to just skip over that issue entirely. Given the DOJ’s own admissions of its lack of understanding about weev’s actions, that actually might be the best thing for the DOJ, allowing it to continue to make completely bogus CFAA arguments to take down technologically sophisticated people that the DOJ doesn’t like and doesn’t understand.