2nd Group of Professional Security Researchers File Amicus in Support of Auernheimer ~pj
Groklaw 2013-07-13
Summary:
They even draw pictures, so there is no chance the court can miss the point of the tech lesson. And they ask the court to overturn his conviction, because otherwise the implications of private, ex post facto law-setting by private corporations is terrible to contemplate and may be unconstitutional:
Mr. Auernheimer's conviction on charges of violating the Computer Fraud and Abuse Act, 10 U.S.C. §1030, implies that his actions are in some material way different than those of any web user, and that beyond this, his actions violated a clearly-delineated line of authorization as required by §1030(a)(2)(C). Neither of these statements is true. The data Mr. Auernheimer helped to access was intentionally made available by AT&T to the entire Internet, and access occurred through standard protocols that are used by every Web user. Since any determination that the data was somehow nonpublic was made by a private corporation in secret, with no external signal or possibility of notice whatsoever, such a determination amounts to a private law of which no reasonable Internet user could have notice. On this basis alone, Mr. Auernheimer's conviction must be overturned....The US Constitution forbids making a law after an act has been committed and thus sweeping into the arms of tha law someone who had no reason to believe the action was illegal at the time it was committed, because in fact it wasn't illegal at that time:The United States asks this Court to endorse the use of the criminal justice system to cover up a private corporation's failures. AT&T published private consumer data in an inappropriate fashion. Rather than take responsibility for their act, they have asked the criminal justice system to punish the researcher who uncovered their mistake. If this tactic is allowed to flourish, it will allow corporations to choose to terminate any safety oversight of their actions, and instead rely on the criminal process to serve as a cover-up for bad acts. Corporations will have no incentive to treat consumer data with adequate care in the future, since no one but the corporations themselves will be aware of any possible danger. In essence, the precedent that the respondent seeks to create is one that will make the American taxpayer subsidize the irresponsibility and misfeasance of private corporations through the courts on a scale never before seen.
With this case, this Court has an opportunity to state that it is not acceptable for private corporations to warp the criminal justice system to shield themselves from public scrutiny in their digital public accommodations, any more than it is acceptable in any physical accommodation. Mr. Auernheimer's "crime" was to discover that a public corporation was giving anyone access to private consumer information; he discovered this by, in essence, repeatedly adding 1 to a number. The Court should not condone the metaphorical shooting of a messenger who acted for the safety and security of all. We ask that this Court overturn Mr. Auernheimer's conviction.
It is a fundamental violation of the basic concept of due process for an act to be secretly criminal; AT&T's determination that access to documents it had made public was unauthorized, without making such a determination public in any way, amounts to the creation of a private law.