Third Circuit Vacates Andrew Auernheimer’s CFAA Conviction

The United States Court of Appeals for the Third Circuit has held that defendant Andrew Auernheimer’s conviction for violating the Computer Fraud and Abuse Act rested on an incorrect determination by the United States District Court for the District of New Jersey that venue was proper in that district.  The Court of Appeals vacated Auernheimer’s conviction. The Cyberlaw Clinic submitted an amicus brief in support of Auernheimer, on behalf of the Digital Media Law Project.

That amicus brief argued that Auerhmeimer’s conviction was improper, because the charge against him was escalated based on his alleged disclosure of information to a news website. The lower court punished Auernheimer for engaging in protected speech, and — as set forth in the brief — “the First Amendment bars the escalation of penalties for the publication of true and newsworthy information under any circumstance that does not fall into any existing exception to First Amendment protection.”

The Third Circuit’s decision is important, insofar as it reinforces key constitutional limits on the government’s power to prosecute criminal defendants in jurisdictions far removed from where they reside or where their allegedly criminal acts took place.  As the Court noted:

Auernheimer   was   hauled   over a thousand  miles  from Fayetteville,  Arkansas  to New Jersey.  Certainly if he had directed his criminal activity toward New Jersey  to  the  extent that  either  he  or  his  co-conspirator committed  an  act  in furtherance  of  their  conspiracy there, or performed   one   of   the   essential   conduct   elements   of   the charged   offenses there,   he   would   have   no   grounds   to complain about  his uprooting.    But  that  was  not  what was alleged or what happened.

That having been said, by focusing on the venue determination, the Third Circuit avoided issues raised by Auernheimer, DMLP, and other amici regarding the propriety of charging him under the CFAA for accessing and sharing information that was publicly accessible over the web via an unprotected URL. The lower court’s decision raised troubling issues regarding, among other things, the meaning of the term “access without authorization” in the Computer Fraud and Abuse Act, and the Third Circuit’s decision leaves those issues largely unresolved.

We previously blogged about the case (and our amicus brief) last July, and Andy Sellars of DMLP addressed the government’s response to the arguments we raised last September.

This entry was posted in Uncategorized. Bookmark the permalink.