United States v. David Nosal

EFF has filed three separate amicus briefs in this criminal case, explaining why the government’s repeatedly expansive interpretation of the Computer Fraud and Abuse Act (CFAA) threatens people engaging in innocent behavior with criminal liability.

David Nosal, an ex-employee of the Korn/Ferry executive recruiting firm, was charged with violating the CFAA on the theory that he induced current company employees to use their legitimate credentials to access the company's proprietary database and provide him with information in violation of the company’s computer-use policy. The government claimed the violation of this policy was a federal crime, but a lower court disagreed, throwing out some of the CFAA charges. When the government appealed to the Ninth Circuit Court of Appeals, we filed an amicus brief explaining how imposing criminal liability for merely violating a company policy would dramatically expand the CFAA and turn millions of law abiding citizens into criminals. In an important 2012 decision, the Ninth Circuit agreed with us, ruling that accessing a workplace computer in violation of a corporate policy is not a CFAA violation.

The Ninth Circuit returned the case to the lower court to handle the remaining CFAA charges. These were based on the government’s theory that Nosal violated the CFAA when other ex-employees acting on Nosal’s behalf allegedly used the legitimate access credentials of a current company employee, with that employee’s knowledge and permission, to access Korn/Ferry’s propriety database. The district court refused to dismiss these charges, and Nosal was convicted at jury trial and sentenced to one year and one day in prison.

With his case on appeal before the Ninth Circuit again, EFF filed another amicus brief in his support, arguing that interpreting the CFAA to criminalize using an authorized user’s login credentials with their knowledge and permission ignores Congress’ intent to make the CFAA an anti-hacking statute. More importantly, this interpretation of the CFAA makes criminals out of the millions of people who use login credentials of family members or friends with their knowledge and permission.

We expect the Ninth Circuit will hear oral argument sometime in the spring of 2015.

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

Happening now: TPP negotiators trading away our digital rights in the backrooms of a luxury hotel in Maui. https://eff.org/r.zr7c

Jul 28 @ 6:11pm

We're calling on the Copyright Office to ask USTR to re-think its copyright term proposals in TPP. Join us: https://eff.org/r.4etj

Jul 28 @ 4:41pm

Ethiopian PM Desalegn promised reform, but the country has a long way to go on civil liberties: https://eff.org/r.rl7b

Jul 28 @ 3:37pm
JavaScript license information