June 23, 2011 | By Marcia Hofmann

Do-Over, Please: EFF Asks Court to Revisit Ruling That Disloyal Employees Violate Hacking Law

Today EFF filed a "friend of the court" brief (pdf) urging the Ninth Circuit Court of Appeals to reconsider its troubling decision (pdf) that employees face jail time when they access work computers for purposes that violate company policy.

In United States v. Nosal, the former employee of an executive recruiting firm convinced current employees to access the company's proprietary database and pass along information that he could use for competitive advantage. The company's computer-use policy, however, said that employees were only allowed to access the database to further the company's business interests. The government prosecuted the former employee under the federal Computer Fraud and Abuse Act (CFAA), arguing that his accomplices had authority to access the database for some purposes, but exceeded that authority when they accessed it for a purpose that violated corporate policy. Unfortunately, the Ninth Circuit agreed.

This is a dangerous precedent because it gives employers the power to make behavior illegal just by saying in a written policy that it's not allowed. For example, a worker could be sued or prosecuted for reading personal email or checking the score of a baseball game if her employer's policy says that company computers may be used only for work.

That might sound far-fetched, but it's not. Earlier this year, a company sued (pdf) a former employee under the CFAA for making too much personal use of the Internet at work in violation of company policy—apparently in retaliation for a wrongful termination lawsuit that she filed first. The court dismissed (pdf) the company's claim, but Nosal gives a solid foothold to those who would make similar arguments in the future.

The decision also offers ammunition for the argument that people run afoul of the CFAA when they violate web sites' terms of use—a theory that has been rightfully rejected by other courts in cases like United States v. Drew.

We hope the Ninth Circuit will reconsider its approach in this case. The CFAA is broad enough already—it shouldn't be interpreted to criminalize the everyday behavior of millions of employees and (potentially) Internet users.

Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

Recording Academy says "lock us in a room" to rewrite the copyright law. We say that room must be open to all. https://eff.org/r.i4jg

May 6 @ 12:02pm

Secrecy in the judicial process has "risen to literally unprecedented levels," according to Judge Stephen Wm. Smith https://www.justsecurity.org/...

May 6 @ 10:40am

Fighting patent trolls, curbing NSA surveillance, and encrypting the Web. 2015 was a big year for EFF. https://www.eff.org/files/ann...

May 6 @ 9:56am
JavaScript license information