PHILADELPHIA (AP) — A federal appeals court reversed the conviction of man imprisoned for illegally gaining access to AT&T’s servers and stealing the email addresses of more than 100,000 of iPad users, ruling Friday that prosecutors tried him in the wrong state.
Andrew Auernheimer, who was living in Arkansas at the time, should not have been indicted in New Jersey, the 3rd U.S. Circuit Court of Appeals found.
“The improper venue here — far from where he performed any of his allegedly criminal acts — denied Auernheimer’s substantial right to be tried in the place where his alleged crime was committed,” the court wrote.
Auernhemier, 28, is serving a 41-month sentence for identity theft and conspiracy. His attorney, Tor Ekeland, said Friday that he’s working to get his client released immediately from the federal prison in Allenwood, Pa.
A spokesman for the U.S. attorney’s office in Newark, N.J., said prosecutors are reviewing their options.
Auernheimer was living in Fayetteville, Ark., in 2010 when he worked with others to trick AT&T’s website into divulging the email addresses, including those of then-New York Mayor Michael Bloomberg, film mogul Harvey Weinstein, and then-White House chief of staff Rahm Emanuel, who is now Chicago’s mayor.
The group shared the addresses with the website Gawker, which published them in redacted form along with a news article about the breach.
The court noted that neither Auernheimer nor his alleged co-conspirator, Daniel Spitler, were in New Jersey when they accessed the servers; the servers themselves were not in New Jersey; and the Gawker reporter was not in New Jersey either.
Prosecutors argued New Jersey was the proper venue because about 4,500 of the stolen email addresses belonged to residents of that state.
The three-judge appellate panel, which sits in Philadelphia, rejected that argument. It also stressed that proper venue is not a technicality, but a basic constitutional right established at a time when the Founding Fathers worried about colonists being hauled back to Britain for trial.
Ekeland agreed, saying the government had been forum-shopping — “trying to find courts that are favorable to them.”
Auernheimer has said he was providing a public service by exposing a flaw in AT&T’s system, but he was convicted by a federal jury in Newark in 2012. The company patched the vulnerability after it was exposed.
Spitler pleaded guilty and testified against Auernheimer.