The FBI in 2011 filed charges against Andrew Auernheimer, known as "weev," for exploiting a security hole on AT&T's servers and obtaining approximately 114,000 email addresses of iPad users who accessed the web via a 3G connection.
The security breach made headlines, in part, because weev was able to obtain the email addresses of some high-profile individuals, including NYC Mayor Michael Bloomberg, Diane Sawyer and Rahm Emanuel.
Weev was subsequently convicted on one count of identity fraud and another count of conspiracy to access a computer without authorization. In November 2012, he was sentenced to 41 months in prison.
The appeal contends that Auernheimer did not violate law by accessing AT&T servers. The company had linked the Integrated Circuit Card ID (ICC-ID), a serial number on the SIM card of an iPad with mobile connectivity, with the user's email address.
When a user visited AT&T's website, the email field would automatically be populated based on the ICC-ID, which was apparently intended to help users save time when logging in.
But Auernheimer's friend, Daniel Spitler, discovered that changing the ICC-IDs by a single digit would return a new user's email address. Then the two men developed an application called the "iPad 3G Account Slurper" to pull the names and email addresses en masse.
Since the data was freely available on the internet, Auernheimer's actions did not constitute theft, the appeal contends.
The appeal also relays that one of the counts levied against Auernheimer should not have been designated as a felony.