Some observations from today’s appeal hearing of Weev (the notorious case of someone convicted of
accessing public info).
What was it?
Andrew "Weev" Auernheimer was convicted of conspiring to violate the CFAA, and was sentenced a year ago to 41 months in jail. His lawyers appealed, the prosecutors submitted a reply brief, his lawyers submitted a reply to the reply brief. Today they got in front of the three judges of the Third Circuit Court to fight it out. Each side got to talk for 15 minutes, and the judges peppered them with questions.
What was it?
Andrew "Weev" Auernheimer was convicted of conspiring to violate the CFAA, and was sentenced a year ago to 41 months in jail. His lawyers appealed, the prosecutors submitted a reply brief, his lawyers submitted a reply to the reply brief. Today they got in front of the three judges of the Third Circuit Court to fight it out. Each side got to talk for 15 minutes, and the judges peppered them with questions.
The online-media
I saw representatives from Verge, Vice, and DailyDot – the
typical sort of online journalism sites. I didn’t see the traditional media –
judging by who I saw scribbling in their little reporter’s notebooks.
NO ELECTRONICS
All electronics were banned -- including laptops and Kindles. I asked the guard about this.
He confirmed it was “highly unusual” (his words). He showed me the signed order that
for today, and only today, nobody was allowed to have electronics.
...except for Weev's attorneys. It was fun watching other attorney's complaining as they had to give up their cellphones, too.
By the way, the bomb sniffing dog I saw coming out of the courtroom was perfectly normal. According to the guards, he does it every day.
Update: I should mention, "highly unusual" for this building. There are actually two different authorities: one authority (I think they said "federal marshals") who gated access to the building, and then a Third Circuit Court guards gating access to the court room. It's the court room guards who banned everything.
Update: I asked if Hanni Fakhoury, one of Weev's lawyers who therefore could have a cellphone, could take a picture of the daily order for me. The guard got upset, stressing that all pictures inside the courthouse were completely forbidden. Hanni didn't appear too pleased getting caught up in my drama, either. :)
By the way, the bomb sniffing dog I saw coming out of the courtroom was perfectly normal. According to the guards, he does it every day.
Update: I should mention, "highly unusual" for this building. There are actually two different authorities: one authority (I think they said "federal marshals") who gated access to the building, and then a Third Circuit Court guards gating access to the court room. It's the court room guards who banned everything.
Update: I asked if Hanni Fakhoury, one of Weev's lawyers who therefore could have a cellphone, could take a picture of the daily order for me. The guard got upset, stressing that all pictures inside the courthouse were completely forbidden. Hanni didn't appear too pleased getting caught up in my drama, either. :)
The courtoom
.JPG) |
| The courthouse from the outside -- because photos inside are strictly verbotten. |
The supporters
I’m not sure how many showed up. The room filled quickly and
many were turned away. Unlike the sentencing hearing last year, where apparently some
demonstrators were rambunctious, everyone was calm and respectful. Many wore
suits, only a few had the stereotypical blue hair and piercings.
I did refrain from tearing off my clothes being dragged away shouting “HACK
THE PLANET” – barely.
The appeal
You can read the issues involved in the various briefs, such
as this one:
There are two major points. The first is that the defense
claims the reading of the CFAA is too broad. Weev was convicted of conspiring
to access a website without authorization. But, the defense argues, AT&T
had made information public, implicitly authorizing the public to access it.
The second major issue is “venue”. Weev was in Arkansas, his
partner Spitner was in California, the servers in Georgia, and the company in
Texas. There is absolutely nothing about New Jersey that makes it a more appropriate place to try the case.
Orin Kerr was the lead lawyer for the appeal, the guy
standing up and arguing the position. He has experience appealing CFAA
convictions (namely, the Lori Drew case). He has spent an enormous amount of
time prepping for this. It’s the CFAA issue that he (and the cybersec
community) wanted to argue.
However, the judges weren’t interested in the CFAA. What they were
interested in was the “venue” issue. Orin started with the CFAA, the judges interrupted him, and spent almost all the half hour discussing the venue issue.
The Venue Issue
There are 94 federal districts in the United States. Right
now there are some prosecutors in some of those districts with light case loads
who want to make a name for themselves by prosecuting you for hacking. You
might find yourself snapped up and shipped off to Alaska to face charges for
something that has nothing to do with Alaska. (Not my argument -- reflecting the argument Orin made.)
This is the crux of the “venue” argument. Back in the 1770s,
one of the “grievances” that led to the American Revolution was that colonists
would be arrested and shipped back to England, where they’d be unable to defend
themselves (for example, all the witnesses were back in the United States).
Therefore, not once, but twice the Constitution mentions
venue (as one of the judges helpfully pointed out). According to our constitution, you can only be tried “where
the crime was committed”, not shipped off to an arbitrary location to face
charges.
The judges seemed partial to this issue, grilling the
prosecutor to come up with a good justification why New Jersey was a
constitutionally acceptable venue to try Weev – since as mentioned above, no
bits of the crime were committed in New Jersey. The prosecutor had weak reasons: the FBI agent read the Gawker article in New Jersey, and some people
from New Jersey were in the database grabbed by Weev’s partner – even though
none of them were disclosed by Gawker.
A lot of discussion centered CFAA language: the the crime was “accessing a computer”. That “access” happened from
California to Georgia. In other words, the CFAA doesn't mention "and disclosed the accessed information", and thus, no matter how much was disclosed in New Jersey, that's not the crime Weev was convicted of.
The “Harmless Error” issue
Assuming the judges agree that New Jersey was an
inappropriate place to try Weev, they still might not overturn the conviction
based on the “harmless error” principle, that result would’ve been the same
regardless of where the trial happened.
A lot of argument was about how it’s not the result of the
trial that is necessarily the harm, but the fact that the prosecutors charged
Weev in the first place. As I mentioned above, it means that any prosecutor
wanting to make a name for themselves can look for vague areas of cyber law and
go after people anywhere in the country.
This prejudiced the prosecution from the very beginning.
For example, if the court throws out the conviction on the
“venue” issue, remanding the case for retrial, it might not be retried. Georgia
and California, possibly the only two appropriate venues, might decided not to
prosecute, reading the CFAA law more narrowly than the New Jersey district.
Orin Kerr
Orin Kerr is a law professor, and it was fun watching him in
action. He stepped up to the podium with binders upon binders of stuff he might
reference when questioned.
Yet, he didn’t have to consult the papers, because he had
everything on the tip of the tongue. Any question the judges came up with, Orin
had a thoroughly prepared answer. I'm ignorant of the law, so this may be normal, but it impressed the heck out of me.
...although Orin isn't perfect, he's wrong about the 4rth Amendment :)
The prosecutor
I know I’m biased, but much of the prosecutor's arguments were extremely
week. Whereas Orin stuck religiously to legal precedent, the prosecutor would
try mere rhetoric, and a bit of snark, like the particular one I describe below.
I don't mean to disparage the prosecutor. He was neither incompetent nor evil. Our side has probably put more resources into this case than the prosecutor. Also, the judges on the panel grilled him harder -- teasing out where his argument was the weakest.
I don't mean to disparage the prosecutor. He was neither incompetent nor evil. Our side has probably put more resources into this case than the prosecutor. Also, the judges on the panel grilled him harder -- teasing out where his argument was the weakest.
What else floats in water
At one point, for no particular reason, the prosecutor
pointed out that Spitler (Weev’s partner) downloaded IOS, did some decryption,
and wrote a script. He said “I don’t even understand it – but I don’t know how
you could call this anything other than hacking”. This isn’t an exact quote, I
had to grab the notebook/pen from the Verge reporter sitting in front of me and
write down as much of the quote that I could remember. We’ll have to wait for the transcripts to be
published to get what he said exactly.
What the prosecutor said was essentially the Monty Python bit from Holy Grail: if she weighs as much as a duck, she must be a witch. BURN
HER.
That the prosecutor doesn’t understand Spitler’s actions
doesn’t mean Spitler is a witch – it just means the prosecutor is an uneducated
villager.
What Spitler did is perfectly normal. Legitimate people do
this sort of thing all the time. Engineers do this. Nerdy teenagers do this. I can teach you how to do
it in a couple hours.
For example, that’s how the Google search engine came about.
Before you do a search, Google must “index” the Internet. It does this by
creating a script that download a complete copy of every website. If Spitler
what did was some sort of evil witchcraft, then what Google does is
even worse.
The precedent set by the CFAA case is to make all us engineers
witches, making what we do illegal, purely because federal prosecutors don’t
understand it.
Maybe there is a good reason to broadly the interpret the
CFAA to cover Weev’s actions, but this snarky comment from the prosecutor isn’t
it. It’s just torches and pitchfork reasoning, not valid legal theory. Weev is a controversial figure; his good will alone wouldn't bring out so many people in support. Likewise, most don't understand legal issues like venue. Instead, the thing that filled the courtroom with activists was precisely this rhetoric by prosecutors.
Predictions on the outcome
It’s impossible to say.
The judges seemed real keen on the venue argument. I suspect
they’ll overturn the conviction based on that, forcing a retrial in another
venue. This may be good or bad for Weev, because it means different charges can
be brought (e.g. to include drug offenses).
Regardless, it’d be an awesome ruling for the cybersec community,
reducing the chance us colonists in cyberspace will get sent to Hawaii for
trial.
As a final note, here's a theory: judges like the venue issue because it's law, not technology. If they can throw out the conviction based on venue, then they won't need to consider the CFAA issue, either "yes" or "no". That they understand legal code better than PERL code may nudge them toward that ruling. If they uphold venue, then they'll have to spend more time reading HTTP RFCs.
Update: After this appeal, there are only two more options. The first is that the Third District re-hears the appeal en banc with all the judges instead of the panel of three in this case. The second is that the Supreme Court might take up the case. Lawyers tell me the chance of either is remote.
As a final note, here's a theory: judges like the venue issue because it's law, not technology. If they can throw out the conviction based on venue, then they won't need to consider the CFAA issue, either "yes" or "no". That they understand legal code better than PERL code may nudge them toward that ruling. If they uphold venue, then they'll have to spend more time reading HTTP RFCs.
Update: After this appeal, there are only two more options. The first is that the Third District re-hears the appeal en banc with all the judges instead of the panel of three in this case. The second is that the Supreme Court might take up the case. Lawyers tell me the chance of either is remote.
No comments:
Post a Comment