updated 07:40 pm EDT, Tue April 10, 2012
Risks prosecution for innocuous infractions
A US appeals court has narrowed the scope with which the government can use the federal Computer Fraud and Abuse Act (CFAA) to prosecute workers for stealing data from their employers' computers. Earlier today, the 9th US Circuit Court of Appeals in San Francisco ruled in a 9-2 decision that the government had overstepped the intention of the law, which was meant to prosecute hackers, and risked turning the statute into a "sweeping Internet-policing mandate" to turn any unauthorized use of a computer or the data on it, no matter how benign, into a criminal offense. The court's ruling is not consistent with rulings in similar cases, and may end up in the Supreme Court.
The case originated in 2004, when David Nosal, a manager at the executive search firm Korn/Ferry, left the company. He then asked some of his former colleagues to help him launch his own competing firm by logging into the company's database and grabbing confidential client data. Nosal was arrested and charged with several crimes, including several counts under the CFAA. Nasal's lawyers sought to have the charges under the CFAA dropped, arguing that the intended target of the Act was hackers, and not people who may have obtained data legally and then misused it, as had been done by Nasal's former colleagues.
In January, 2010, a US District judge sided with Nosal's legal counsel, and dismissed the CFAA-based charges. However, last April, a three-judge panel in the 9th circuit reversed that ruling. Today's decision reinstates the dismissal.
Chief Judge Alex Kozinski, who wrote the majority decision in today's ruling, voiced the view that the government's broad application of the CFAA could lead to people at work being prosecuted for activities as innocent as playing games online, e-mailing family members, social networking, or even watching web video.
Today's decision led to the dismissal of five of 20 counts against Nosal. He is currently still being prosecuted for mail fraud, theft of trade secrets, and conspiracy under statutes other than the CFAA, many of which don't face the same ethical issues.
The 9th Circuit's ruling goes against broader interpretations of the CFAA by three other federal appeals court. This differing view of the act means that continued appeals are likely, and that ultimately, the scope of the act may end up being reviewed by the US Supreme Court at some point in the future. [via Reuters]