A federal appeals court overturned a conviction for a hacker who managed to gain access to data of over 100,000 Apple iPad users on AT&T’s network back in 2010.
The conviction wasn’t overturned because of the controversial law Andrew “Weev” Auernheimer was tried under, but because the U.S. Court of Appeals for the 3rd Circuit said he was tried in the wrong state, reports CNET.
Weev, who is part of a group called Goatse Security, shouldn’t have been tried in New Jersey, since he lived in Arkansas and the servers were in Dallas and Atlanta. His co-defendant Daniel Spitler also lived in San Francisco.
The trial was held in New Jersey, because prosecutors in the original trial claimed the servers actually were in the state. In the Friday decision, Judge Michael A. Chargares wrote Auernheimer had a “substantial right to be tried in the place where his alleged crime was committed.”
Auernheimer was found guilty and sentenced to 41 months in prison under the Computer Fraud and Abuse Act. According to The New York Times, Spitler got only probation as he opted to plead guilty to identity theft and conspiracy to gain unauthorized access to computers.
Auernheimer and Spitler had found a security loophole in the AT&T website, which they found would give them information on the customers and their iPads. Auernheimer had tried to claim that he initially tried to contact the carrier about the security flaw and never sold or revealed the information he accessed.
CNET notes the CFAA is considered controversial since it was originally passed to make it illegal to access NORAD and has since been allowed to be expanded in its use.