United States v. David Nosal

EFF has filed three separate amicus briefs in this criminal case, explaining why the government’s repeatedly expansive interpretation of the Computer Fraud and Abuse Act (CFAA) threatens people engaging in innocent behavior with criminal liability.

David Nosal, an ex-employee of the Korn/Ferry executive recruiting firm, was charged with violating the CFAA on the theory that he induced current company employees to use their legitimate credentials to access the company's proprietary database and provide him with information in violation of the company’s computer-use policy. The government claimed the violation of this policy was a federal crime, but a lower court disagreed, throwing out some of the CFAA charges. When the government appealed to the Ninth Circuit Court of Appeals, we filed an amicus brief explaining how imposing criminal liability for merely violating a company policy would dramatically expand the CFAA and turn millions of law abiding citizens into criminals. In an important 2012 decision, the Ninth Circuit agreed with us, ruling that accessing a workplace computer in violation of a corporate policy is not a CFAA violation.

The Ninth Circuit returned the case to the lower court to handle the remaining CFAA charges. These were based on the government’s theory that Nosal violated the CFAA when other ex-employees acting on Nosal’s behalf allegedly used the legitimate access credentials of a current company employee, with that employee’s knowledge and permission, to access Korn/Ferry’s propriety database. The district court refused to dismiss these charges, and Nosal was convicted at jury trial and sentenced to one year and one day in prison.

With his case on appeal before the Ninth Circuit again, EFF filed another amicus brief in his support, arguing that interpreting the CFAA to criminalize using an authorized user’s login credentials with their knowledge and permission ignores Congress’ intent to make the CFAA an anti-hacking statute. More importantly, this interpretation of the CFAA makes criminals out of the millions of people who use login credentials of family members or friends with their knowledge and permission.

We expect the Ninth Circuit will hear oral argument sometime in the spring of 2015.

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

Come to EFF HQ on July 8 for a book talk with author of "Geek Heresy: Rescuing Social Change from the Cult of Tech" https://eff.org/r.i3fv

Jul 2 @ 4:57pm

EFF is turning 25! Here's the who, what, when, where, how, and—maybe most importantly—why of our celebration: https://eff.org/r.6dov

Jul 2 @ 4:51pm

After 28 years, the US is getting a new Librarian. @jessamyn lays out what to look for in the #nextloc: http://librarianofprogress.com/

Jul 2 @ 3:30pm
JavaScript license information