The defendant, Hunter Moore, founded a now-defunct website at the URL IsAnyoneUp.com, which hosted sexually explicit user-submitted photos and videos. The plaintiff, James McGibney, owns a website called BullyVille, which works to counsel people who have been bullied by offering advice from professionals. McGibney bought the domain name for IsAnyoneUp.com from Moore on April 19, 2012. After the purchase, Moore referenced McGibney in tweets sent from his twitter handles @huntermoore and @is_anyone_up.

On August 20, 2012, McGibney filed a complaint against Moore in the District Court of Clark County, Nevada for defamation per se and false light. McGibney's complaint denied assertions made in Moore's tweets. McGibney claimed that Moore's tweets suggested that McGibney was a pedophile, a child abuser, and that McGibney possessed illegal content obtained from IsAnyoneUp.com. (Moore's full tweets can be viewed as exhibits to the complaint.)

On the defamation claim, the complaint alleged that Moore posted the statements intentionally, with the specific malicious intent to harm McGibney's reputation, and with actual malice, as Moore knew the statements were false at the time he tweeted them or else had reckless disregard for the truth. The complaint asserted damages relating to McGibney's business, as Moore's tweets referenced McGibney's connection to BullyVille.

On the false light claim, the complaint stated that Moore portrayed McGibney as a pedophile and child abuser on Moore's twitter account. The complaint said Moore's statements were categorically false, made with actual malice, and highly offensive to any reasonable person. It alleged that, by publishing the "false and harmful statements" to a Twitter following of over 160,000 people, Moore gave publicity to such statements.

The complaint requested: (1) more than $10,000 on the defamation claim for harm to McGibney's reputation; (2) more than $10,000 on the false light claim for resulting mental harm; (3) more than $10,000 for Moore's willful, deliberate, and malicious defamation of McGibney; (4) attorney's fees and related costs; and (5) any additional relief ordered by the Court.

On February 26, 2013, the plaintiff filed affidavits for Colleen Connolly-Ahern and Steven Rohr in support of an application for a default judgment against Moore. Connolly-Ahern, an Associate Professor of Advertising and Public Relations at the Pennsylvania State University, evaluated the McGibney's defamation claim against Moore. Her affidavit stated that because of Moore's "quasi-celebrity status" he will have a "larger-than-normal percentage" of followers who believe his statements about McGibney are truthful. Rohr, a founder and president of a Public Relations organization, confirmed the statements made in Connolly-Ahern's affidavit and added that with the existence of sites like www.archive.org, an Internet Archive, Moore's allegations may follow McGibney for years to come and damage his professional reputation. Rohr also stated that Moore's tweets caused real and tangible "lifetime reputational harm" to McGibney, which justified a judgment of $250,000.

The next day, on February 27, 2013, the plaintiff filed an affidavit of J. Malcolm DeVoy, one of the plaintiff's attorneys. DeVoy's affidavit included a copy of McGibney's redacted billings totaling $8,003.00.

On March 8, 2013, the court entered a default judgment against Moore for defamation and false light. The court held that Moore falsely accused McGibney of serious crimes and offenses that were defamatory per se. The court stated that Moore had been properly served with process and Moore had acknowledged the service on his tweets. The court referenced the affidavits of both Connolly-Ahern and Rohr and specifically addressed Rohr's mention of a $250,000 judgment, stating that the affidavits and Rohr's oral testimony were sufficient to support a judgment of $250,000 against Moore. Accordingly, the court ordered that Moore pay: (1) $250,000 in damages; (2) Interest accruing at 3.25%/month until the judgment is paid in full; (3) $1,588.50 for suit costs; and (4) $11,581.00 in attorney's fees.

On March 12, 2013, a notice of entry of default judgment was filed and on April 19, 2013, a writ of execution was issued to the Constable of Clark County, Nevada for $263,169.50 against Moore, commanding that the judgment be satisfied via Moore's Bank of America checking, savings, or other financial account.

On January 13, 2011, Daniel Spitler and Andrew Auernheimer were indicted in federal court in New Jersey for their alleged roles in a data breach that resulted in the theft of personal information of approximately 120,000 AT&T customers. They were charged with (1) conspiracy to access a computer without authorization under the Computer Fraud and Abuse Act ("CFAA"), 18 U.S.C. § 1030; and (2) fraud in connection with personal information, under 18 U.S.C. § 1028. Further, the complaint stated that the conspiracy charge was in furtherance of a criminal violation of a New Jersey statute, NJSA. 2C:20-31, that criminalizes unauthorized computer access and disclosure of the accessed data, thus elevating a misdemeanor charge to a felony charge.

In the criminal complaint, the government alleged that hackers wrote a script called the "iPad 3G Account Slurper" after discovering that each iPad 3G user's Integrated Circuit Card Identifier ("ICC-ID"), which automatically displayed in the URL of AT&T's website when an iPad 3G connected to the site, was connected to the user's e-mail address. The complaint stated that the Account Slurper "attacked AT&T's servers, gained unauthorized access to those servers, and ultimately stole for its hacker-authors approximately 120,000 1CC-ID/email address pairings for iPad 3G customers . . . without the authorization of AT&T, Apple, or any of the individual iPad 3G users."

The complaint claimed that immediately following the theft, the hacker-authors of the Account Slurper provided the gathered information to the website Gawker, which then published the information in redacted form and identified Goatse Security, a loose association of Internet hackers including Spitler and Auernheimer, as the group that obtained the data. According to the complaint, a confidential source provided federal law enforcement with chat logs that "conclusively demonstrate[d] that defendants Spitler and Auernheimer were responsible for the data breach," listing examples from the logs such as Spitler stating he was "stepping through iPad SIM ICCIDs to harvest email addresses" and providing the script to Auernheimer. The government claimed that AT&T had spent approximately $73,000 in remedying the data breach.

On June 22, 2011, Spitler signed a plea agreement. In it, he pled guilty to both counts under the condition that that U.S. Attorney for the District of New Jersey would not initiate any further charges against him for his actions relating to the unauthorized access to AT&T users' personal information.

On August 16, 2012, a grand jury returned a superseding indictment against Auernheimer a/k/a "Weev" a/k/a "Weevlos" a/k/a "Escher." Under Count I, conspiracy to access a computer without authorization, the government claimed that AT&T's servers and individual iPads were considered "protected computers" under the CFAA. The government alleged that Auernheimer, in furtherance of the New Jersey statute, intentionally conspired with Spitler and others to "steal and disclose the personal identifying information of thousands of individuals, to cause monetary and reputational damage to AT&T and to create monetary and reputational benefits for themselves." Under Count II, fraud in connection with personal information, the government claimed that the defendant "knowingly transferred, possessed, and used, without lawful authority, means of identification of other persons . . . in connection with unlawful activity, specifically, the unlawful accessing of AT&T's servers."

On September 21, 2013, Auernheimer filed a motion to dismiss the indictment, claiming that Count I of the indictment violated the Fifth Amendment's Due Process Clause. Auernheimer claimed that the CFAA was unconstitutionally vague as applied, as it provided no definition for unauthorized access. Thus, the motion stated, Auernheimer had no notice that the alleged unauthorized access was illegal. He claimed that Count I also violated the Fifth Amendment's Double Jeopardy Clause because the federal and state statutes for unauthorized access were "virtually identical," requiring the same facts for both the CFAA violation and the felony aggravator. "The Double Jeopardy Clause prohibits this type of bootstrapping because it charges the same criminal act twice," the motion stated, noting that the congressional intent was to "elevate CF AA misdemeanor violations to felonies only when a crime separate and distinct from the act of unauthorized access occurs."

Auernheimer's motion also stated that Count II should be dismissed because the alleged fraud relating to personal information was not "in connection with" a CFAA violation, as is required by the statute. Auernheimer claimed that the alleged CFAA violation from Count I was completed before the conduct underlying Count II began and that the "in connection with" statutory language only refers to present or future criminal acts, not prior criminal acts. Thus, the motion argued, because "the criminal activity that is in connection with the disclosure of the ICC-ID/ e-mail address pairings was finished before the disclosure occurred," Count II must be dismissed. Auernheimer alleged that Count II also violated the First Amendment because it was criminalizing the publication of "publicly available information on matters of important public concern to the press," and he claimed that venue was improper because none of the alleged criminal acts took place in New Jersey.

In response, the government filed a brief in opposition of Auernheimer's motion on October 5, 2012. The government claimed that Auernheimer's void-for-vagueness argument on the reach of the CFAA failed because the definitions of "without authorization" and "exceeds authorized access" were unambiguous in the context of the statute and that other circuit courts had defined them using the terms' ordinary meanings. The government further claimed that the "intentional" mens rea requirement of the CFAA alleviates vagueness concerns because "it reduces the likelihood that a defendant will be convicted for conduct that he committed through inadvertence." The government's motion alleged that Count I did not create a double jeopardy issue because the elements and conduct required for the federal and state statutes were different. While the motion noted that the first two elements of the statutes were similar, it claimed that the New Jersey statute had an additional element-requiring proof of knowing or reckless disclosure of the data-that distinguished it from the federal statute.

With respect to Count II, the government argued that a plain reading of "in connection with" was not subject to a temporal restriction, saying that the legislative intent did not support this construction. "The statute simply criminalizes possessing means of identification of other people, which possession is connected to some other crime - here, the crime of unauthorized computer access." Even if the defendant's "cramped reading" was correct, the government noted, the indictment in this case clearly alleged that Auernheimer's possession of the "victims' e-mail addresses and ICC-IDs took place during the period of unlawful access." The government also claimed that the defendant's First Amendment challenge must fail because the ICC-ID/email pairings were confidential, not public, information, and it alleged that venue was proper because, among other things, the defendant knowingly disclosed personal identifying information for thousands of New Jersey victims.

On October 26, 2012, the court denied Auernheimer's motion to dismiss. On Count I, the court found that the CFAA was not vague based on the circumstances in the case and because several courts had defined "without authorization" based on its ordinary definition. Regarding the defendant's double jeopardy argument, it held that the CFAA and N.J.S.A. 2C:20-31 did not require the same proof of conduct, as the New Jersey statute required proof of conduct-disclosure-that was not required for a CFAA offense. On Count II, the court found that Auernheimer's interpretation of "in connection with" was contrary to the statute's legislative history and unsupported by case law, as neither indicated that the language created a temporal restriction. Even if it did, the court stated, the superseding indictment alleged that at least part of Auernheimer's "unauthorized computer access overlapped with his possession and transfer of persons' identification."

Addressing the defendant's First Amendment argument, the court stated that the ICC-IDs and iPad user email addresses were not available to the public and were kept confidential by AT&T. "The very conduct at issue involves Defendant's allegedly unauthorized access to a protected computer and the subsequent transfer of such confidential information." Because the First Amendment has rarely been extended to protect speech "used as an integral part of conduct in violation of a valid criminal statute," the court noted, Auernheimer's argument failed. Further, the court found that venue was proper "because a defendant can be prosecuted in any district where the crime began, continued, or completed."

On November 20, 2012, the jury found Auernheimer guilty on both counts. The jury instructions and jury charge detailed the law as presented by the court to the members of the jury.

On December 3, 2012, Auernheimer filed a motion for acquittal under Federal Rule of Criminal Procedure 29(c). He claimed there was insufficient evidence for a rational fact finder to find a guilty verdict for both counts. The motion claimed that reasonable doubt existed "as to (1) the knowing transfer, possession, and use without lawful authority, of (2) a means of identification (3) in connection with the unlawful accessing of AT&T's servers referenced in Count One."

The court denied Auernheimer's motion for acquittal on March 18, 2013. The court's judgment, entered on March 19, 2013, sentenced him to 41 months in prison followed by three years of supervised release. The court ordered him to pay $73,167 in restitution.

On March 21, 2013, Auernheimer filed notice that he was appealing his judgment to the Third Circuit.

Auernheimer filed his opening brief on appeal on July 1, 2013. In it, he claimed he had not violated the CFAA because he had visited an unprotected public webpage. He claimed that AT&T had not employed passwords or other protective measures to control access to the pages, configuring its servers to make the information available to everyone. Auernheimer alleged that AT&T had programmed its website so the user's email address associated with a particular iPad would appear automatically, and he claimed that Spitler had changed the ICC-ED number of the website by only one digit and the site "pre-populated" the login email. The brief stated, "It is irrelevant that AT&T subjectively wished that outsiders would not stumble across the data or that Auernheimer hyperbolically characterized the access as a ‘theft.'"

Auernheimer argued that the court should vacate the felony conviction and, if it found him in violation, reduce the CFAA conviction to a misdemeanor. He claimed that because the elements of the both the CFAA and the New Jersey statute were "inextricably linked," the government could not use the state offense to double-count, as the state offense would need to be independent of the CFAA violation. He also claimed that he did not violate the New Jersey statute, that he did not violate the CFAA "in connection with" another distinct and separate crime, and that venue was improper.

On July 8, 2013, four amicus briefs were filed in support of Auernheimer. The Digital Media Law Project challenged the constitutionality under the First Amendment of elevating Count I from a misdemeanor to a felony based on Aurenheimer's publication of true information on a matter of public concern. The Mozilla Foundation, computer scientists, and security and privacy experts argued that researchers commonly use techniques indistinguishable from the commonplace, legitimate techniques Auernheimer used and that criminalizing privacy and computer security research in that manner would be incompatible with congressional intent. The National Association of Criminal Defense Lawyers claimed that the district court's interpretation of "without authorization" violated the Fifth Amendment's Due Process Clause, which requires a narrow construction, and that the court's finding that venue was proper invites "prosecutorial forum-shopping." A brief by professional security researchers claimed it was unconstitutional to allow a corporation to serve data publicly but later state that access was restricted, thus imposing criminal liability, as this amounted to private criminal law.

As of August 6, 2013, the government had not yet filed its appellee brief; the deadline for filing of that brief has been stayed pending a determination as to whether the government will be allowed additional space in its brief to respond to arguments made by the various amici briefs.

James Rosen is a national news journalist for the Fox News Channel. On June 11, 2009, Rosen published an article on www.foxnews.com entitled "North Korea Intends to Match U.N. Resolution with New Nuclear Test." His Gmail email account is referenced in the case's court documents as "Redacted@gmail.com."

On May 28, 2010, Reginald B. Reyes, a Special Agent for the FBI filed an application for a search warrant for James Rosen's Gmail account, which was maintained by servers located at Google's headquarters in California. The search warrant application stated that the emails concealed information which, under Fed. R. Crim. P. 41(c), contained: (1) evidence of a crime; (2) contraband, fruits of crime, or other items illegally possessed; and (3) property designed for use, intended for use, or used in committing a crime. The warrant application stated that the search was related to a violation of 18 U.S.C. § 793, which governs the "gathering, transmitting or losing defense information."

The search warrant application included an affidavit by Agent Reyes in support of the search warrant. Reyes' affidavit said the warrant was pursuant to 18 U.S.C. § 2703 and 42 U.S.C. § 2000aa and permissible as the U.S. District Court for the District of Columbia has jurisdiction over the offense under investigation. Reyes states that he believes there is probable cause that Rosen violated Section 793(d) as an aider and abettor and/or co-conspirator to Stephen Kim.

That same day, a search and seizure warrant was issued by a U.S. Magistrate Judge to be executed on or before June 11, 2010. The warrant granted the search of electronic e-mails and other electronic data of Rosen's account, and permitted the officer executing the warrant to delay notice to Rosen for 30 days under 18 U.S.C. § 2705. An attachment to the issued warrant stated that Google, Inc. was not permitted to notify "any other person, including the subscriber(s) of Redacted@gmail.com" of the warrant's existence. Google, Inc. was required to make exact duplicates of all information from the email account and send this information to Agent Reyes in overnight mail or facsimile. The attachment asked for any commuications between Rosen's account and 3 other accounts, including anothe Gmail account and two Yahoo! mail accounts; the usernames of all three accounts are also redacted in the public record. The warrant attachment referenced Rosen's connection to Stephen Kim, who was under investigation by the FBI for allegedly telling a reporter that North Korea may test a nuclear bomb.

On May 21, 2013, the government filed a motion to unseal entire docket of Rosen's case, including the application for the search warrant, the attachment to the warrant, Reyes' affidavit, and the granted warrant, with only names and dates of birth redacted for privacy reasons. 

On May 22, 2013, the court granted the government's motion in a memo and order that directed the case to be a matter of public record. The memo detailed clerical errors which stalled the placement of the redacted warrant and related materials into public record. The memo apologized for the administrative errors and instituted the inclusion of a new tab on the Court's website solely for the publication of search warrants. Executed warrants will be part of the public record unless a "separate sealing order is entered to redact all or portions" upon a showing by the government as required by United States v. Hubbard, 650 F.2d 293 (D.C. Cir. 1980) and Washington Post v. Robinson, 935 F.2d 282 (D.C. Cir. 1991).

In a separate order that same day, the court ordered that the Clerk place on the public docket a redacted version of the government's motion to unseal entire docket and that the government produce unredacted versions of all unsealed material to the defense in United States v. Stephen Jin-Woo Kim.

-->

On November 9, 2012, attorney Richard A. Goren filed a complaint in the Superior Court for Suffolk County against John Doe d/b/a Arabianights-Boston, Massachusetts, and Steven DuPont a/k/a Steven Christian DuPont.

According to the complaint, on January 31, 2012, defendant Doe filed a report entitled "Complaint Review: Richard A. Goren" on the consumer reporting website Ripoff Report. Among other things, the report asserted that "Psycho-Richard Goren" has problems with addiction; commits perjury and fraud; abuses the law; and has a history of child abuse, domestic violence, and bisexuality ("the Report"). The complaint further alleged that an anonymous reply to the Report was posted stating that Steven Christian DuPont was "defaming another person," after which DuPont, under an alias, responded that he was not "guilty of any crimes or 'schemes'" and that the anonymous poster was guilty of many crimes. The complaint stated that Goren had previously represented a plaintiff in a lawsuit filed against DuPont, and that "[u]pon information and belief DuPont is Doe."

The complaint listed three causes of action: libel, equitable and injunctive relief, and intentional interference with prospective contractual relations. Goren claimed that the Report constituted libel per se and was susceptible only of a defamatory meaning, alleging that the defamatory per se publication was first on a Google search for Goren and that he had suffered a loss of income, damage to his reputation, and emotional distress as a direct result of the publication. Under the claim of equitable and injunctive relief, the complaint alleged that the continued republication of the Report on Google, Bing, and other online search engines presented a continuing threat of irreparable harm to Goren, warranting entry of a temporary restraining order, a preliminary injunction, and a permanent injunction enjoining Doe from continuing to publish the Report. The complaint then alleged that Doe's actions constituted intentional interference with Goren's prospective contractual relations and that Goren had suffered damages as a direct and proximate result of this interference.

On November 26, 2012, a justice of the Superior Court entered a preliminary injunction against publishing or republishing the Report. The court held the Report presented a "continuing threat of irreparable harm" to Goren that could not be remedied by an award of damages.

On March 20, 2013, the court entered a default judgment against the defendants and issued a permanent injunction. The judgment noted that Goren had dismissed his claims for libel and intentional interference with prospective contractual relations, leaving only a claim for equitable and injunctive relief. The court permanently enjoined the defendants -- now referred to as Defendant John Doe d/b/a Arabianights-Boston, Massachusetts, n/k/a Christian DuPont, and Defendant Steven DuPont a/k/a Steven Christian DuPont -- from publishing or republishing the Report. The court ordered Doe to "take any and all necessary steps and action necessary or appropriate" to remove, retract, and/or delete the Report from the website. Further, the court appointed Goren as "attorney-in-fact, coupled with an interest, with the power of substitution, in the name and place of" Doe to take all necessary steps to remove the Report.

On March 25, 2013, Goren filed a motion to amend the default judgment and permanent injunction. The motion proposed that the court add an assignment and transfer of the copyright of the Report to Goren "[t]o achieve the purpose of the Default Judgment."

On May 8, 2013, the court entered a judgment and amended permanent injunction. The judgment added to the previous judgment and injunction, explicitly stating that "all rights in and to ownership of the copyright by the author [Doe] of the [Report] is hereby transferred to [Goren], meaning and intending to convey, transfer and assign by this Order and Judgment the full and exclusive ownership of copyright." The order also added that Goren had the power of attorney in his own name, as well as Doe's, to take any action necessary for the Report's removal.

The copyright transfer from this case resulted in a copyright infringement case, Small Justice LLC et al. v. Xcentric Ventures LLC.