Auernheimer has often been in solitary confinement for obtaining and disclosing personal data of about 140,000 iPad owners from a publicly available AT&T website. It was seen as a test case on how far the authorities could go under the Computer Fraud and Abuse Act (CFAA) another victim of this purge was Aaron Swartz who killed himself rather than go to jail. The Third US Circuit Court of Appeals didn't squarely address the controversial fraud law and instead said Auernheimer was charged in the wrong federal court.
The judges said that although this appeal raises a number of complex and novel issues that were of great public importance in our increasingly interconnected age, it was only needed to find one and that was the fundamental issue about where the trail took place. Auernheimer should have been tried in Arkansas, where the alleged illegal activity took place, but instead was hauled over a thousand miles from to New Jersey. Auernheimer was accused of passing along the e-mail addresses to Gawker, which thereafter published the information in redacted form in 2010. Auernheimer was convicted in a New Jersey federal court of a felony under the CFAA for conspiracy to access AT&T's servers against the company's will.
Auernheimer argued that in order for the CFAA to have applied in this case, there needed to be some sort of "password-gate" or other way of keeping someone out of the AT&T website. He did not hack into the servers or steal passwords he just used a major network security flaw at AT&T and exploited it.
While the court would not resolve whether Auernheimer's conduct was illegal, it commented, "no evidence was advanced at trial" that "any password gate or other code-based barrier" was breached. This suggests that the case should have failed. Auernheimer said that he regretted is being nice enough to give AT&T a chance to patch before dropping the dataset to Gawker.