Court: Violating work computer-use policies not a crime

An appeals court says that a DOJ prosecution of a former employee would have expanded computer crime law

By , IDG News Service |  IT Management

An ex-employee who persuaded former coworkers to access their company's customer lists and give them to him is not guilty of computer hacking crimes, a U.S. appeals court has ruled.

The U.S. Court of Appeals for the Ninth Circuit ruled Tuesday that David Nosal, a former employee of executive search firm Korn/Ferry, did not violate the Computer Fraud and Abuse Act (CFAA), a 1986 law that outlaws the act of knowingly accessing a protected computer with the intent to defraud.

Nosal "convinced" some of his former colleagues working for Korn/Ferry to assist in his efforts start a competing business, wrote Judge Alex Kozinski, in the appeals court opinion. The employees used their log-in credentials to download source lists, names and contact information from a confidential company database, despite a Korn/Ferry policy forbidding employees from disclosing confidential information.

The U.S. Department of Justice indicted Nosal on 20 counts, including trade secret theft, mail fraud, conspiracy and violations of the CFAA. Nosal was charged with violations of the CFAA for aiding the Korn/Ferry employees in exceeding their authorized access with an intent to defraud.

The DOJ appealed a U.S. District Court for the Northern District of California ruling dismissing the CFAA charges against him.

The appeals court agreed with the lower court, saying the DOJ's reading of the CFAA was too expansive and would allow criminal charges against any employee that accesses company computers in violation of policy.

The law focused on criminal hacking, not employee access to information, Kozinski wrote. "The government's construction of the statute would expand its scope far beyond computer hacking to criminalize any unauthorized use of information obtained from a computer. This would make criminals of large groups of people who would have little reason to suspect they are committing a federal crime."

The DOJ's interpretation could mean criminal charges for employees that play games on company computers, Kozinski wrote.

"Minds have wandered since the beginning of time and the computer gives employees new ways to procrastinate, by chatting with friends, playing games, shopping or watching sports highlights," he said. "Such activities are routinely prohibited by many computer-use policies, although employees are seldom disciplined for occasional use of work computers for personal purposes. Nevertheless, under the broad interpretation of the CFAA, such minor dalliances would become federal crimes."

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question
randomness