Do you use your office

computer to blog, or for other purposes?

There is an interesting case going on in the Ninth, United States v. Nosal.  The case was recently reconsidered en banc.

Howard Bashman at How Appealing quotes an article:

Ginny LaRoe of The Recorder has a report (subscription required) that begins, "Toss together Alex Kozinski and an untested computer-crime statute, and you can imagine the result. At oral arguments before an 11-judge panel on Thursday, the Ninth Circuit chief judge repeatedly challenged the Justice Department’s position on the scope of the Computer Fraud and Abuse Act — a position that could lead to the criminalization of seemingly innocuous computer activity, like providing false information on Facebook or Match.com in violation of terms of use agreements or using work computers in violation of employer policies."

Here is a link to the oral argument on rehearing en banc.

Here is a link to the initial decision in the Ninth.  This case involves criminalization of an employers computer and systems beyond that authorized in the employee handbook or similar policies.  The case itself seems quite reasonable at first blush.  Effectively the employees used their access to the computers to get information which then used to set up a competing business.  But has everyone’s attention is the potential scope of the law and the possibility that the fed’s will criminalize such things as .

One commentator summarizes:

The U.S. Court of Appeals for the Ninth Circuit has given employers a clear path to increased protection for their trade secrets and other proprietary information in its decision in United States v. Nosal, Case No. 10-10038 (9th Cir. Apr. 28, 2011), holding that an employee who misuses a company computer with fraudulent intent violates the Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030 et seq. The CFAA creates both civil and criminal liability for accessing a computer “without authorization” or “exceeding authorized access” and knowingly committing one of several specified unlawful acts.

Rejecting arguments that its interpretation would “make criminals out of millions of employees who might use their work computers for personal use,” the court held that an employee who (1) violates an employer’s use restrictions (2) with an intent to defraud and (3) by that action furthers the intended fraud and obtains something of value, violates the CFAA.

Orin Kerr (an expert in such matters) opines:

I hope the Ninth Circuit grants rehearing [they did], as I think the Nosal case is both wrong on the law and deeply troubling for civil liberties in the Internet age.

Overstatement? I don’t think so. It seems to me that if the federal government can arrest you and throw you in jail for violating a computer use policy — any computer use policy — then the government can arrest pretty much anyone who uses a computer. Most people who use computers routinely violate computer use policies: While we understand that such policies may have force from the standpoint of breach of contract, no one thinks that breaching a computer use policy is the same as hacking into the computer. The Nosal case would change that. Under its reasoning, breaching a written policy is treated the same way as hacking. And as computers become more and more ubiquitous, the power to arrest anyone who routinely uses a computer is the power to arrest anyone.

The Electronic Frontier Foundation site has a number of relevant documents.

Posted in:
Updated:

Leave a Reply

Your email address will not be published. Required fields are marked *