United States v. David Nosal

EFF has filed three separate amicus briefs in this criminal case, explaining why the government’s repeatedly expansive interpretation of the Computer Fraud and Abuse Act (CFAA) threatens people engaging in innocent behavior with criminal liability.

David Nosal, an ex-employee of the Korn/Ferry executive recruiting firm, was charged with violating the CFAA on the theory that he induced current company employees to use their legitimate credentials to access the company's proprietary database and provide him with information in violation of the company’s computer-use policy. The government claimed the violation of this policy was a federal crime, but a lower court disagreed, throwing out some of the CFAA charges. When the government appealed to the Ninth Circuit Court of Appeals, we filed an amicus brief explaining how imposing criminal liability for merely violating a company policy would dramatically expand the CFAA and turn millions of law abiding citizens into criminals. In an important 2012 decision, the Ninth Circuit agreed with us, ruling that accessing a workplace computer in violation of a corporate policy is not a CFAA violation.

The Ninth Circuit returned the case to the lower court to handle the remaining CFAA charges. These were based on the government’s theory that Nosal violated the CFAA when other ex-employees acting on Nosal’s behalf allegedly used the legitimate access credentials of a current company employee, with that employee’s knowledge and permission, to access Korn/Ferry’s propriety database. The district court refused to dismiss these charges, and Nosal was convicted at jury trial and sentenced to one year and one day in prison.

With his case on appeal before the Ninth Circuit again, EFF filed another amicus brief in his support, arguing that interpreting the CFAA to criminalize using an authorized user’s login credentials with their knowledge and permission ignores Congress’ intent to make the CFAA an anti-hacking statute. More importantly, this interpretation of the CFAA makes criminals out of the millions of people who use login credentials of family members or friends with their knowledge and permission.

The Ninth Circuit will hear oral argument on October 20, 2015 at 1:00 pm at Courtroom 1, 3rd Floor Rm 338, James R. Browning U.S. Courthouse, 95 Seventh Street, San Francisco, CA.

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

Backdoors have been discovered in Arris cable modems. This is why we need a security research exemption to the DMCA. http://w00tsec.blogspot.com/2...

Nov 27 @ 2:15pm

Censorship powers, data retention, and vague hacking crimes: Pakistan's terrible cybercrime bill has it all: https://www.eff.org/deeplinks...

Nov 25 @ 5:11pm

While Bangladesh blocks social messaging apps, locals are turning to Tor and Twitter: https://globalvoices.org/2015...

Nov 25 @ 3:50pm
JavaScript license information