The Ninth Circuit Court of Appeals dismissed a federal hacking charge against a California man on Tuesday, finding that the Computer Fraud and Abuse Act (CFAA), which outlaws computer use that “exceeds authorized access,” was inapplicable to the case.

The government indicted Nosal on 20 counts for his role in the data acquisition, including trade secret theft, mail fraud, conspiracy and violations of the CFAA, The Wall Street Journal reports. A district court dismissed the CFAA charge in an interlocutory appeal, and the Ninth Circuit Court of Appeals affirmed that decision.

The CFAA defines “exceeds authorized access” as “to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter.” The government claimed that provision could refer to someone who has unrestricted physical access to a computer, but is limited in the use to which he can put the information. (In Nosal’s case, that would extend to an employee who was authorized to access customer lists in order to do his job, but not to send them to a competitor.)

Kozinski observed that the CFAA was designed to penalize hackers, and the government’s interpretation of the “exceeds authorized access” provision could yield absurd results. “The government’s construction of the statute would expand its scope far beyond computer hacking to criminalize any unauthorized use of information obtained from a computer.” According to Kozinski, that interpretation would make criminals of unsuspecting people who shop online, watch video clips, or use social networks during the work day in violation of their employers’ computer-use policies.

The decision conflicts with rulings from the Fifth, Seventh, and Eleventh Circuits. (Both the Fifth and Eleventh Circuits have explicitly held that employees who knowingly violate clear company computer restrictions agreements “exceed authorized access” under the CFAA.) While the Ninth Circuit is no stranger to life as an outlier, Judge Kozinski noted the conflict, and urged the other circuits to reconsider their CFAA interpretation.

Related Resources:

  • U.S. v. Nosal (Ninth Circuit Court of Appeals)
  • Appeals Court Rules That Violating Corporate Policy Is Not a Computer Crime (Electronic Frontier Foundation)
  • U.S. v. Rodriguez (FindLaw’s CaseLaw)
  • U.S. v. John (FindLaw’s CaseLaw)

You Don’t Have To Solve This on Your Own – Get a Lawyer’s Help

Civil Rights

Block on Trump’s Asylum Ban Upheld by Supreme Court

Criminal

Judges Can Release Secret Grand Jury Records

Politicians Can’t Block Voters on Facebook, Court Rules