GW Law Professor Joins Andrew Auernheimer's Legal Team

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Orin S. Kerr, a professor at The George Washington University Law School, recently announced in a blog post that he's joining Andrew "Weev" Auernheimer's legal team pro bono (h/t The Verge).

Auernheimer was sentenced to 41 months in prison for leveraging a flaw in AT&T's Web site to view 114,000 iPad owners' e-mail addresses.

"I think the case against Auernheimer is deeply flawed, and that the principles the case raises are critically important for civil liberties online," Kerr wrote.

First, Kerr said, the case will set a major precedent regarding the definition of unauthorized access under the Computer Fraud and Abuse Act. Because Auernheimer simply wrote a script to pull publicly available data from AT&T's Web site, Kerr said it's hard to call that unauthorized access.

"The fact that AT&T would not have wanted Spitler to visit those particular URLs doesn’t make visiting the public website and collecting the information a criminal unauthorized access," Kerr wrote. "If you make information available to the public with the hope that only some people would bother to look, it’s not a crime for other people to see what you make available to them."

Kerr also noted that the alleged crime was only defined as a felony rather than a misdemeanor by virtue of the fact that similar laws are in place in all 50 states as well as on the federal level. "The government argues that the existence of state unauthorized access crimes transform unauthorized access misdemeanor crimes into felonies: The overlap means that every federal unauthorized access crime is a federal crime 'in furtherance of' the analogous state crime," Kerr wrote. "I think that kind of double-counting can’t be permitted."

Finally, Kerr wrote, Auernheimer's prison sentence seems highly disproportional to the actual damages suffered by AT&T, which experienced no interruption of service and apparently didn't have to conduct a damage assessment. The only actual loss was tied to AT&T's effort to notify its customers that their e-mail addresses had been exposed. Following e-mail notifications, AT&T followed up with mailed letters, which the company says cost $73,000 to send.

"Auernheimer’s 41-month sentence was based in substantial part on that $73,000 in loss, and he was also ordered to pay restitution in that amount," Kerr wrote. "But I don’t think that cost of paper and mailing counts as loss that can be attributed to [him]."