The FBI in 2011 filed charges against Andrew Auernheimer, known as "weev," for exploiting a security hole on AT&T's servers and obtaining approximately 114,000 email addresses of iPad users who accessed the web via a 3G connection.
The security breach made headlines, in part, because weev was able to obtain the email addresses of some high-profile individuals, including NYC Mayor Michael Bloomberg, Diane Sawyer and Rahm Emanuel.
Weev was subsequently convicted on one count of identity fraud and another count of conspiracy to access a computer without authorization. In November 2012, he was sentenced to 41 months in prison.
This week, Auernheimer filed an appeal.
The appeal contends that Auernheimer did not violate law by accessing AT&T servers. The company had linked the Integrated Circuit Card ID (ICC-ID), a serial number on the SIM card of an iPad with mobile connectivity, with the user's email address.
When a user visited AT&T's website, the email field would automatically be populated based on the ICC-ID, which was apparently intended to help users save time when logging in.
But Auernheimer's friend, Daniel Spitler, discovered that changing the ICC-IDs by a single digit would return a new user's email address. Then the two men developed an application called the "iPad 3G Account Slurper" to pull the names and email addresses en masse.
Since the data was freely available on the internet, Auernheimer's actions did not constitute theft, the appeal contends.
The appeal also relays that one of the counts levied against Auernheimer should not have been designated as a felony.
Auernheimer, when he was arrested in 2010, was charged with possession of cocaine, ecstacy, LSD and schedule 2 and 3 pharmaceuticals. He also has an online history of making derogatory and hateful comments against a slew of minority groups.
Auernheimer's deplorable personal beliefs aside, some are arguing that his conviction under the Computer Fraud and Abuse Act (CFAA) sets a dangerous precedent. Wired has more on that angle.