US hacker-troll-activist Andrew Auernheimer, AKA Weev, has appealed his March conviction for unauthorized access of AT&T’s web site in violation the Computer Fraud and Abuse Act (CFAA). The conviction, and the CFAA – the ever-debated “worst law in technology,” per Columbia Law Professor Tim Wu – are a convenient and apt way to contemplate America’s treatment of the “other” in national security, and to recognize its tendency to criminalize what it cannot subdue.
Weev is in trouble for, essentially, accessing public data, available to anyone, a whole bunch of times. You might also say he’s in trouble for pissing off the FBI. Both are true, probably – Weev queried AT&T’s servers over and over with an automated program, each time accessing public information; for years he has flipped a bird to both authority and good taste. Over the course of doing so – no passwords, no “hacking,” really – he picked up the email addresses of some powerful (and in many cases powerfully awful) people. As a result of this fairly major screw up on the part of AT&T, who brushed off Weev and a colleague when approached about the breach, he went to Gawker with the information, then got locked up.
Reach of the CFAA
This brings us to the law. The CFAA was originally the CADFAA (the Counterfeit Access Computer Fraud and Abuse Act), which might more accurately have been called the, “Ronald Reagan and some Senators saw the movie WarGames and freaked the fuck out Act,” but in any case, today it is the most prominent means of prosecuting crimes that occur on computers and the internet. It is now unfathomably broad, and, depending on what court has the case, could criminalize simple things that everyone does every day, like break web sites’ one-sided Terms of Use by lying about height or weight or age on a dating site. For a statute originally designed to avoid Nuclear War, this is quite an expansion.
What unites some CFAA conflict – and is the central line of criticism within the legal community – is what the phrases “without authorization” and “exceeds authorization” mean. The extreme interpretation mentioned above – the “contract-based” approach – is preferred by the Department of Justice. Other prefer that actual “hacking,” like brute-forcing a pass word or otherwise subverting some security mechanism, be present. Finally, others still rely on theories of agency to discern the meaning of authorization. [One way to improve the law simultaneously across each theory is providing safe harbors for hackers to explore without being criminalized, provided they do not obtain material gain or cause material destruction; ingenuity and network security may in that way work side by side – think, perhaps, of the false dichotomy of privacy and security, actualized, actually.]
In Weev’s case, which consisted of accessing a publicly available web site and then generally being a dick, his lawyers argued on appeal that because AT&T had itself made the information public, the information could not be accessed “without authorization” for purposes of the law. They pointed out that to criminalize his behavior would be to unacceptably criminalize the conduct of many Americans, and made challenges to other aspects of the ruling and the severity of the sentence as well.
Police Trolling and Trolling Police
An important flaw of the CFAA – and there are many – is the amount of power it offers prosecutors and police to arbitrarily or discriminatorily target individuals with politically unpopular views. Here, Weev, a troll with years of political activity under his belt, got 41 months for scraping information from a public web site. In California, a law firm that similarly manipulated URLS to access unintentionally public health records didn’t face prosecution, but instead won a settlement for their actions. Many have argued that seemingly discriminatory results like these force the law afoul of the Constitution’s Due Process prohibition of vagueness, which requires, basically, that citizens know what will be criminalized, and that prosecutors be unable to arbitrarily or discriminatorily enforce the law. This is not the first time that political activists have been targeted for prosecution.
And honestly, while it’s easy to laugh at some of the circumstances, it’s really not funny. Why? Weev is serving a longer sentence than many rapists because… Because he made an enemy of the FBI? Because he showed no contrition? Because he made a multinational company look foolish? Any way you cut it, that’s not justice. The CFAA is dangerous. It’s also episodic of the drama – and it is so often drama and so rarely of substance – playing out on an international stage with Edward Snowden and the PRISM leaks. That debate and the one over Weev’s conviction and the CFAA are in many ways the same one.
Hackers are the New Violent Jihadists
Much of the reason the CFAA is as strict as it is – some, incredibly, want it stricter – is the hyperbolic, alarmist monster that US political discourse has become. Violent jihadists, meet hackers – your replacements as flavor of the week in America’s shop of scary strawmen. Tor Ekeland, who represents both Weev and former Reuters social media editor Matthew Keys in their CFAA cases, said, “hackers are the new communists.” He’s not wrong, and that’s a major problem. It shouldn’t be that we have moved from a Red Scare to a Brown to a Binary one.
But when Gen. Keith Alexander says (by anonymous leak, someone call Oliver Willis) he fears that Anonymous is going to disrupt power grids (surely crocodile tears given the incredible power cyber-hysteria has brought him), this is absolutely the same conversation as the one that demands outsized penalties for political hackers, and the one that leads authoritarians liberal and conservative to demand Edward Snowden’s head. When Janet Napolitano warns of a “Cyber 9/11,” she is making the argument that justifies mass surveillance and lets us barely blink an eye when a Weev gets almost three and a half years in prison for changing the letters and numbers in a URL.
The CFAA in its current form is a powerful mistake, and its use is a reflection of a government that seeks to criminalize and silence what it does not understand. Weev’s conviction, if upheld, will not be just, nor will it be the last.
Help us Prepare for Trump’s Day One
Trump is busy getting ready for Day One of his presidency – but so is Truthout.
Trump has made it no secret that he is planning a demolition-style attack on both specific communities and democracy as a whole, beginning on his first day in office. With over 25 executive orders and directives queued up for January 20, he’s promised to “launch the largest deportation program in American history,” roll back anti-discrimination protections for transgender students, and implement a “drill, drill, drill” approach to ramp up oil and gas extraction.
Organizations like Truthout are also being threatened by legislation like HR 9495, the “nonprofit killer bill” that would allow the Treasury Secretary to declare any nonprofit a “terrorist-supporting organization” and strip its tax-exempt status without due process. Progressive media like Truthout that has courageously focused on reporting on Israel’s genocide in Gaza are in the bill’s crosshairs.
As journalists, we have a responsibility to look at hard realities and communicate them to you. We hope that you, like us, can use this information to prepare for what’s to come.
And if you feel uncertain about what to do in the face of a second Trump administration, we invite you to be an indispensable part of Truthout’s preparations.
In addition to covering the widespread onslaught of draconian policy, we’re shoring up our resources for what might come next for progressive media: bad-faith lawsuits from far-right ghouls, legislation that seeks to strip us of our ability to receive tax-deductible donations, and further throttling of our reach on social media platforms owned by Trump’s sycophants.
We’re preparing right now for Trump’s Day One: building a brave coalition of movement media; reaching out to the activists, academics, and thinkers we trust to shine a light on the inner workings of authoritarianism; and planning to use journalism as a tool to equip movements to protect the people, lands, and principles most vulnerable to Trump’s destruction.
We urgently need your help to prepare. As you know, our December fundraiser is our most important of the year and will determine the scale of work we’ll be able to do in 2025. We’ve set two goals: to raise $110,000 in one-time donations and to add 1350 new monthly donors by midnight on December 31.
Today, we’re asking all of our readers to start a monthly donation or make a one-time donation – as a commitment to stand with us on day one of Trump’s presidency, and every day after that, as we produce journalism that combats authoritarianism, censorship, injustice, and misinformation. You’re an essential part of our future – please join the movement by making a tax-deductible donation today.
If you have the means to make a substantial gift, please dig deep during this critical time!
With gratitude and resolve,
Maya, Negin, Saima, and Ziggy