Andrew “Weev” Auernheimer was convicted of violating the Computer Fraud and Abuse Act ("CFAA") in New Jersey federal court and sentenced to 41 months in federal prison in March of 2013 for revealing to media outlets that AT&T had configured its servers to allow the harvesting of iPad owners’ unsecured email addresses. EFF was part of Auernheimer’s legal team on appeal before the Third Circuit Court of Appeals, arguing that fundamental problems with computer crime law result in unfair prison sentences like the one in this case.

In April 2014, the Third Circuit reversed Auernheimer's conviction, ruling the criminal case should not have been brought in New Jersey.