The Electronic Frontier Foundation (EFF) is joining Andrew ‘Weev’ Auernheimer’s legal team which will be presenting an appeal before the Third Circuit Court of Appeals after he was sentenced to 41 months in federal prison. Auernheimer is facing the sentence after he revealed that AT&T’s servers were configured to allow the access to unsecured email addresses from iPad owners. The EFF is protesting the unfair prison sentences made on the case, stating that it is one of the fundamental problems with computer crime law.
Daniel Spitler, Auernheimer’s co-defendant discovered that the AT&T servers had been configured to collect private customer data in 2010. Whenever the servers would be queried with a number matching an iPad’s SIM card identifier, the owner’s email address would be returned. Spitler was able to collect nearly 120,000 email addresses from this security hole. Auernheimer sent the addresses to several journalist pointing out the issue.
Although AT&T fixed the issue, Spitler and Auernheimer were charged for violating the federal Computer Fraud and Abuse Act (CFAA). Among the charges levelled against them was identity theft. Spitler testified against Auernheimer and the latter was convicted in November. This was after Spitler had made a plea deal with the government.
“Weev is facing more than three years in prison because he pointed out that a company failed to protect its users’ data, even though his actions didn’t harm anyone,” EFF Senior Staff Attorney Marcia Hofmann said. “The punishments for computer crimes are seriously off-kilter, and Congress needs to fix them.”
EFF hopes that the appeal courts will reverse the ruling, urging congress to amend the CFAA in order to avoid such rulings in future. According to EFF the CFAA’s language is vague and the penalties proposed by the act are too heavy.