Correction: A previous version of this article inaccurately referred to a hacking conviction. The defendant was convicted of theft and coercion not hacking. Courthouse News regrets the error.
ATLANTA (CN) — An Alabama software engineer who was sentenced to a year and a half in prison for the theft of fishing reef coordinates asked the 11th Circuit on Wednesday to overturn his convictions because he was tried in the wrong court.
The appeal asks the court to consider the complexities of putting geographic boundaries around data shared online.
Timothy Smith was convicted by a Florida federal jury in late 2019 of theft of trade secrets and making interstate threatening communications. He was sentenced to 18 months in prison by U.S. District Judge M. Casey Rodgers, who said at the sentencing hearing that Smith's actions were based on "spite” and “arrogance.”
Smith's attorney, William Bradford of Bradford Ladner, told a three-judge panel of the Atlanta-based appeals court Wednesday that the convictions should be reversed because the charges against his client were brought in the Northern District of Florida, a venue that he said has little to do with the actions involved in Smith’s offense.
Bradford said Smith lived and worked in Mobile, Alabama — in other words the Southern District of Alabama — when he accessed the computer systems of StrikeLines, a Pensacola-based company that uses sonar equipment to locate artificial fishing reefs in the Gulf of Mexico.
Although StrikeLines is headquartered in the Northern District of Florida, the company’s servers are in Orlando, which belongs to the Middle District of Florida. Further complicating matters, StrikeLines’ webpage and its data are hosted by Amazon in Newark, New Jersey, in the District of New Jersey.
StrikeLines sells its private sonar coordinates of reefs to fishermen using an interactive map on their website.
Bradford told the panel on Wednesday that it would be “like opening Pandora’s box” to try to put clear lines around the way data is stored on the internet today.
Between April and November 2018, Smith identified a vulnerability in StrikeLines’ website and exploited it to obtain coordinate data. According to a brief filed in the case by the government, each piece of information sells for approximately $200.
Smith was able to steal about 10,000 coordinates and private customer sales data. He admitted to sharing the data with others and later tried to extort the two owners of StrikeLines for more valuable fishing coordinates.
Judges on the panel Wednesday appeared split on the issue of whether the Florida court was the right venue for the case, with Senior U.S. Circuit Judge Frank Hull, a Bill Clinton appointee, pointing out that coordinates were “placed in commerce” by the owner in Pensacola.
U.S. Circuit Judge William Pryor, a George W. Bush appointee, seemed to disagree with Hull’s view, asking an attorney for the government whether the location of the theft is what really matters.
“It’s not where the loss occurred, it’s where the theft occurred,” Pryor said. “I don’t see how that occurred in the Northern District of Florida.”
Pryor added, “There’s nothing about the crime that started or ended in the Northern District of Florida. [There’s] nothing about what defendant did… that in any part occurred in the Northern District of Florida.”
Assistant U.S. Attorney Jordane Learn argued that the Florida court was the proper venue for the case because that is where StrikeLines resides.
Learn told the panel that StrikeLines “constructively possessed the coordinates” in Pensacola, controlled the data from Pensacola, and uploaded it from Pensacola to a server in Orlando.
She described the server as merely “a temporary reservoir” for the data.
Bradford also argued Wednesday that his client did not actually steal the coordinates. He told the panel that StrikeLines failed to secure its data as a trade secret.
At trial, Smith testified that he received the private coordinates by happenstance. He said he had a web developer program called Fiddler open when he went to the StrikeLines website and the website sent the coordinate data to his computer in plain text.
He testified that he never needed a password to access the data.
“What Smith did was what any user could do, which was look at the source code,” Bradford told the panel Wednesday. “In terms of authorization, no authorization was required because it was a public website.”
Smith's sentence has been stayed while his appeal is pending and he is currently out of prison on an appeal bond.
Pryor and Hull were joined on the panel by U.S. Circuit Judge Britt Grant, a Donald Trump appointee. The panel did not indicate when it will issue a ruling in the case.
Read the Top 8
Sign up for the Top 8, a roundup of the day's top stories delivered directly to your inbox Monday through Friday.