Yesterday the Digital Media Law Project, with help from the Cyberlaw Clinic, filed an amicus brief in the United States Court of Appeals for the Third Circuit in United States v. Auernheimer, arguing that the First Amendment prohibits the government from punishing Auernheimer’s disclosure of true, newsworthy information. The case is on appeal from the United States District Court for the District of New Jersey, which found Andrew “Weev” Auernheimer guilty of felony charges under the Computer Fraud and Abuse Act (“CFAA”) and federal identity theft law.
Auernheimer was indicted after he and a partner discovered that AT&T was posting the email addresses of iPad customers on publicly-accessible websites. The two developed a script to copy all of the emails that AT&T exposed and then reported to Gawker and other members of the media the existence and evidence of the vulnerability, including the email addresses. The prosecution in this case determined that such action was punishable by the CFAA’s provisions prohibiting unauthorized access to computers, which is normally a misdemeanor, but the prosecution escalated the charge to a felony by claiming that the access was committed in furtherance of the New Jersey state equivalent to the CFAA. The only difference between the two laws is that New Jersey’s law also requires that the defendant disclose the information obtained. Therefore, the punishment of Auernheimer went from a maximum of one year to a maximum of five years because he disclosed what he found to the public. Auernheimer was sentenced to over three years in prison.
The DMLP asks the Third Circuit to apply First Amendment scrutiny to this escalation of punishment and overturn the conviction. The DMLP notes that Supreme Court precedent prevents punishment for the disclosure of true, newsworthy information, and that courts that have considered disclosure of information obtained illegally have been careful to distinguish between punishment of any unlawful access to information and punishment for harms caused due to publication of the information obtained, only allowing the latter when the government can show a state interest of the highest order, or that the speech was categorically unprotected as a matter of First Amendment doctrine.
This matter is of particular concern to DMLP’s constituency of online journalists, especially those covering technological vulnerabilities or data mishandling. Under the government’s dangerous theory, additional punishment is warranted whenever a person who discovers another’s bad data management practices decides to inform the press and the public about such practices. As argued in the brief, the First Amendment protects such disclosures in order to educate the public, inform policymakers, protect Internet security research and reporting, and serve as a caution to other who may be engaged in similar behavior.
The brief was filed by Clinical Fellow Kit Walsh of the Cyberlaw Clinic, along with DMLP Director Jeff Hermes and Staff Attorney Andy Sellars. The brief was written with the strong support of Cyberlaw Clinic interns David Collado (Cardozo Law ’14) and Kerry Sheehan (BU Law ’15), and DMLP intern Kristin Bergman (William & Mary Law ’14).
The Digital Media Law Project is based at the Berkman Center for Internet & Society at Harvard University. The DMLP produces a wide range of legal resources for independent online journalism projects and media ventures, including filing amicus briefs responding to breaking legal issues affecting online speech.
The Harvard Law School Cyberlaw Clinic provides high-quality, pro-bono legal services to appropriate individuals, small start-ups, non-profit groups and government entities regarding cutting-edge issues of the Internet, new technology and intellectual property. Harvard Law School students enhance their preparation for high-tech practice and earn course credit for working on a variety of real-world litigation, client counseling, advocacy, legislation, and transactional/licensing projects and cases.