In its most basic sense, a venue is the place where an event is held. In law, it’s pretty much the same—venue refers to the location of the court where a trial takes place. In many, if not most circumstances, it’s not difficult to determine the proper venue for a trial, especially in criminal cases, where venue is laid, usually, in the county or jurisdiction where the crime was committed. Historically, the only time when venue wasn’t decided that way was if the crime happened simultaneously in more than one jurisdiction—e.g., conspiracies, and other crimes that are carried out in multiple steps. But what about when the accused is charged with committing a crime in a state that’s 1000+ miles away from where he lives, and to which he’s never even been? That’s what happened to Andrew “Weev” Auernheimer, an Arkansas native and resident who was charged, tried, and found guilty in a New Jersey federal court, and then sentenced to three-and-a-half years in federal prison. You’re probably thinking that he must’ve done something really bad, right? You be the judge—Auernheimer was convicted of violating a federal statute because, essentially, he forwarded a list of email addresses to a reporter.
A couple weeks ago, Weev was released from federal prison, after this decision was entered by the Third Circuit Court of Appeals. Arguably there were a number of defects in Weev’s conviction, but Circuit Judge Michael A. Chagares focused on one particular issue—venue.
Although this appeal raises a number of complex and novel issues that are of great public importance in our increasingly interconnected age, we find it necessary to reach only one that has been fundamental since our country’s founding: venue… Venue in criminal cases is more than a technicality; it involves “matters that touch closely the fair administration of criminal justice and public confidence in it. This is especially true of computer crimes in the era of mass interconnectivity. Because we conclude that venue did not lie in New Jersey, we will reverse the District Court’s venue determination and vacate Auernheimer’s conviction.
Writing for the unanimous three-judge panel, Judge Chagares dug deep—not just to the U.S. Constitution, but all the way back to the Declaration of Independence (objecting to “transporting us beyond seas to be tried for pretended offenses”). Citing the Third Circuit’s 1980 opinion in U.S. v. Passodelis, Judge Chagares wrote: “Though our nation has changed in ways which it is difficult to imagine that the framers of the Constitution could have foreseen, the rights of criminal defendants which they sought to protect in the venue provisions of the Constitution are neither outdated nor outmoded.” He noted that our founding fathers were so concerned with the location of a criminal trial that they placed the venue requirement in our Constitution in not one, but two places (U.S. Const. Art. III, § 2, cl. 3; and Amend. VI). “They did so for good reason,” he said, because “A defendant who has been convicted “in a distant, remote, or unfriendly forum solely at the prosecutor’s whim, has had his substantial rights compromised. Auernheimer was hauled over a thousand miles from Fayetteville, Arkansas to New Jersey. Certainly if he had directed his criminal activity toward New Jersey to the extent that either he or his co-conspirator committed an act in furtherance of their conspiracy there, or performed one of the essential conduct elements of the charged offenses there, he would have no grounds to complain about his uprooting. But that was not what was alleged or what happened.
Auernheimer—who prefers the nickname “Weev”—is a self-proclaimed computer hacker (“hacktivist” is the term he uses on his Twitter bio @rabite) but ironically, he did no hacking in connection with the events that landed him in federal prison. So what did he do to get convicted of conspiracy to violate the Computer Fraud and Abuse Act, and identity fraud? Weev was a member of a loosely associated group of Internet trolls that called themselves Goatse Security. A few days after Apple launched its first iPad, in June 2010, members of Goatse, led by Daniel Spitler, discovered that there was a flaw in AT&T’s network that made the email addresses of its iPad 3G wireless subscribers publicly accessible. Spitler then wrote a computer program called an “account slurper” to automate the process of collecting the email addresses of over 100,000 AT&T iPad subscribers. At some point, Spitler reached out to Weev, who, although he’d never actually met in person, allegedly helped him “refine” account slurper program. Weev’s primary contribution to the conspiracy was spreading the word about AT&T’s security flaw, to reporters and journalists, like Ryan Tate (@ryantate), then-staff writer at Gawker.
About a year and a half after the iPad security breach went public, the FBI launched an investigation into Goatse Security, and on Jan. 18, 2011, the feds broke down Auernheimer’s door in Fayetteville, Ark. and arrested him. He was then charged with one count each of conspiracy to violate the Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. § 1030, and identity fraud, under 18 U.S.C. § 1028(a)(7)—in New Jersey. Auernheimer was not only arrested in Fayetteville, Ark., he was also born there, and had no connection with the state of New Jersey—except that about 4,500 of the email addresses harvested from AT&T’s networks belonged to New Jersey residents. Spitler was also arrested and charged, but he took a plea deal and avoided prison in lieu of three years probation.
Auernheimer rejected the plea deal because he didn’t believe he’d committed any crime. He told CNET: “I contend there is no crime in telling the truth or using AT&T’s, or anybody’s, publicly accessible data, to cite it to talk about how they made people’s data public.”
Was collecting the email addresses actually a crime? If somebody mistakenly puts information out there on the web and somebody mistakenly gets that information, that’s not illegal.
Said Jennifer Granick, a lawyer and the director of the Center for Internet and Society at Stanford. This is why Auernheimer decided to fight his charges instead of take a plea deal, as Spitler did last year. After a five-day trial, however, the jury disagreed, finding Auernheimer guilty on both counts.
There is no indication, yet, that the government will seek review of Third Circuit’s decision by the U.S. Supreme Court, however, they have until July 10 to file a petition for writ of certiorari. But regardless of what may or may not happen in this case, the discussion of venue in Internet-related cases is certain to be continued. In the meantime, Weev is once again a free man. So, in a sense, we are all safe again.