Lawyers for hacker and Internet troll Andrew “weev” Auernheimer appeared in federal appellate court in Philadelphia on Wednesday morning before a packed house to contest Auernheimer's November 2012 conviction for conspiracy to hack under the Computer Fraud and Abuse Act (CFAA).

Auernheimer is currently serving a 41-month prison sentence (and has been in solitary confinement most days) for a breach of AT&T’s servers by his co-conspirator, Daniel Spitler, that revealed 114,000 e-mail addresses of iPad users. Auernheimer then passed along the e-mail addresses to Gawker, which thereafter published the information in redacted form. Auernheimer was convicted of a felony under the CFAA for conspiracy to access AT&T's servers against the company's will.

Assistant US Attorney Glenn Moramarco, counsel for the government, argued that Auernheimer's CFAA conviction should be upheld:

We have a case here where…[the defense counsel] is arguing that this was completely open to everyone. But you look at the testimony of Daniel Spitler and the steps he had to take to get to this wide open Web and I’m flabbergasted that this could be called anything other than a hack. He had to download the entire iOS system on his computer. He had to decrypt it. He had to do all sorts of things—I don’t even understand what they are.

Moramarco went on to equate Auernheimer's and Spitler's actions to blowing up a nuclear power plant in New Jersey.

Auernheimer's lawyer Orin Kerr responded that visiting a public webpage does not constitute criminal "unauthorized access":

There is no unauthorized access in this case because of the nature of the World Wide Web. When you put information on the World Wide Web so that it’s available... you assume the risk that anyone will access that information. In this case, there was no private account information that was accessed. The only information that was collected was from public website addresses.

Kerr went on to suggest that in order for the CFAA to have applied in this case, there would need to have been some sort of “password-gate” or other way of keeping someone out, which was not present here. Kerr argued that Auernheimer and his conspirator did not hack into servers or steal passwords; rather, they discovered a major network security flaw at AT&T.

Forum shopping

A surprising portion of the argument was taken up talking about jurisdiction, with Kerr arguing that the case against his client shouldn't have been in New Jersey in the first place.

Moramarco explained that New Jersey was a suitable venue under the law because there are 4,500 New Jersey residents whose e-mails were identified and that disclosure occurred when Auernheimer sent the addresses over the Internet to a reporter at Gawker. He further argued that “there is jurisdiction throughout the United States because [Auernheimer] chose to have victims in every state.”

"There are at least four other venues where this case could have been brought," said Kerr. "The crime just did not occur in New Jersey.” There aren't sufficient contacts to justify the location of the case, he said.

Reforming the CFAA

The argument over Auernheimer's conviction comes as serious reforms to the CFAA are being debated in Congress. In their appeal brief, Auernheimer's attorneys advocated against increasingly expansive applications of the CFAA in recent years. Orin Kerr, the lawyer who argued for Auernheimer this morning, is a George Washington University law professor who has testified to Congress about the issue.

The national debate became emotional and heated after prosecutors wielded the law to charge Internet activist Aaron Swartz with wire fraud, computer fraud, unlawfully obtaining information from a protected computer, and various other counts. These charges were brought after Swartz logged into MIT’s network to gain access to the JSTOR database to download journal articles. The prosecutors told Swartz that he could face up to 35 years in prison. He ultimately committed suicide before his scheduled trial in 2013.

Unlike Swartz, who many viewed as a sympathetic defendant, Auernheimer is a polarizing figure. Hanni Fakhoury, staff attorney at the Electronic Frontier Foundation, told The Guardian, "One of the big problems of this case has always been that Auernheimer can be unsympathetic. The thing is, when you couple a very bad law with the prosecutor having brought the decision being able to go after who they like, or who they don't like, that's a problem."