Andrew 'weev' Auernheimer, whose struggles with federal prosecutors have fueled calls for reforming the Computer Fraud and Abuse Act (CFAA), wants the government to pay him $13 million for taking away his freedom for the past three years.
In an impassioned open letter to the FBI, the U.S. Justice Department and others, Auernheimer claimed he had been unfairly hounded and incarcerated over charges that he illegally accessed data belonging to about 120,000 iPad 3G customers of AT&T.
"I want history to record that I made an honest and public attempt to get reasonable compensation," from the government, Auernheimer said in comments via email to Computerworld. "Whatever I do in the future, I want people to know that I tried peaceful civil actions first."
The U.S. District Court for the District of New Jersey in March 2013 sentenced Auernheimer to 41 months in prison for violating provisions of the Computer Fraud and Abuse Act (CFAA). Last month, the United State Court of Appeals for the Third Circuit vacated that sentence on a technicality, holding that the case had been pursued in the wrong venue.
Auernheimer made headlines in June 2010 when he and his partner, Daniel Spitler, used an automated script they called iPad 3G Account Slurper to extract email addresses and SIM card ID numbers of more than 100,000 iPad owners from AT&T's servers.
The data included email addresses belonging to New York Mayor Michael Bloomberg, New York Times CEO Janet Robinson, ABC's Diane Sawyer, movie producer Harvey Weinstein, former White House Chief of Staff Rahm Emmanuel and numerous others.
Auernheimer claimed he had pulled off the caper purely to highlight AT&T's lack of controls for protecting customer data. He noted that he did not have to subvert any AT&T security controls to access the data because it was readily available on the company's website to anyone who knew where to look.
Prosecutors argued that Auernheimer knew he was breaking the law when he accessed the customer data from AT&T's servers and then made it available to the media. They charged him with violating the CFAA, which makes it a crime for anyone to bypass security controls, like passwords and firewalls, to access data to which they're not authorized.
The case attracted widespread attention from several advocacy groups who saw it as another example of the CFAA being used by overzealous federal prosecutors to pursue cases for which it was never intended.
Concerns over misuse of the law peaked last year after noted Internet activist Aaaron Swartz committed suicide, apparently over the prospect of a long prison sentence stemming from CFAA charges against him.
Several legal experts and groups like the Electronic Frontier Foundation stepped in to help Auernheimer, noting that he had not hacked or subverted any AT&T security controls to access the data. The mere fact that he had used a script to automatically collect data from the AT&T site was not a CFAA violation, they claimed.
Sign up for Computerworld eNewsletters.