DOJ Gives Up On Arguing That Violating Your Employer's Computer Use Policy Is Criminal Hacking
from the about-time dept
For a few years now, we’d been noting serious problems with the Computer Fraud and Abuse Act (CFAA), which was supposed to be about “criminal hacking” of computers. That’s the theory, at least. Except that various prosecutors had defined it so broadly that they felt basically anything people did that violated a computer use policy or terms of use policy could make you a criminal hacker. It’s why prosecutors went after Lori Drew for supposedly “violating” MySpace’s terms of service. There was nothing else they could pin on her, so they twisted the law. Of course, that also creates great power for anyone who creates a terms of service agreement, as it makes it easy to turn your users into criminals.
Early last year, we wrote about a very troubling CFAA ruling, which effectively found that if you do anything on a work computer that your employer doesn’t like, you’re a criminal for violating the CFAA. Yes, by failing to abide by your employer’s broad “computer use policy” you could be charged with a being a criminal hacker under the CFAA. That’s what happened to David Nosal. He had accessed some information from his employer’s computer system — which he was authorized to access. He wanted to use that info because he was going to a competitor. That’s obviously questionable on the ethics scale, but computer hacking? Hardly. Except that the district court thought it was.
Thankfully, earlier this year the 9th Circuit appeals court reversed the ruling, with Judge Kozinski noting that it makes little sense to interpret a statute in a manner that turns “ordinary citizens into criminals.”
A few weeks ago, the DOJ (who seemed to love these kinds of cases) seemed to realize that perhaps it was silly to keep arguing against Nosal here, and admitted that it wouldn’t ask the Supreme Court to hear the case on appeal, meaning the 9th Circuit ruling stands. While it’s good that the DOJ apparently realized that pursuing this any further was a bad idea, it’s still ridiculous that it went forward with this theory in the first place, and argued it all the way through the initial appeal. Either way, while Kozinski’s ruling is only binding on the 9th Circuit, hopefully other courts will pay attention to the reasoning behind it.
Filed Under: cfaa, computer use policy, doj, fraud, hacking, terms of use
Comments on “DOJ Gives Up On Arguing That Violating Your Employer's Computer Use Policy Is Criminal Hacking”
Loser Pays!
I think that not only should we as a country take care of some tort reform by implementing a Loser Pays system for lawsuits (http://www.patentlyo.com/patent/2012/08/loser-pays-system-introduced-in-congress.html), but I think that maybe it is time for that same type of ‘cost recovery’ be implemented against Prosecutors when they try to stretch a law’s meaning in order to ‘get’ you on something.
Too often today Prosecutors use the tactic of throwing as much crap (charges) at a person in hopes something will stick. There are tons of cases that are much more egregious than this example of Prosecutors taking a law and trying to get the courts to reinterpret it to include what is outside the law intent and spirit.
And I don’t really blame them (too much) for doing so. It is how they are graded that is really at fault. Prosecutors are pretty much only graded on their conviction rate. Not whether or not it was the best use of tax payers dollars, or if the case is valid. So in their eyes a conviction is a conviction.
The Prosecutors really have no incentive in bringing only good cases to trial. Or for using the limited resources of the courts wisely. They just care about getting a conviction.
But if there was in place some form a redress for the defendants in cases where the Prosecutors are found to be acting outside a law purpose they might think twice.
The big issue I see with that is that it would create a big incentive to the Prosecutors to keep pressing a case in hopes that some court at some level will side with them.
So catch 22.
The penalty for prosecutorial misconduct should equal the penalty for the crime they are trying.
But I’m not sure piling on charges is really misconduct.
‘it makes little sense to interpret a statute in a manner that turns “ordinary citizens into criminals.”‘
although i totally agree with this statement, this is exactly what the entertainment industries have been doing to people for years, even when those citizens have only been sharing what they legally own with friends.
I guess that means I’m ‘criminally hacking’ right now by reading techdirt instead of working.
Re: Re:
Thank you for your admission of guilt! It will make it so much easier now to convict you.
The reason DOJ did not pursue this to SCOTUS was that it would lose and the limiting of DOJ’s interpretation of CFAA would hinder it’s agenda of making everyone a criminal.
We are at the tipping point of tyranny, as liberty erodes daily.
Re:
That’s really not fair. I wanted to confess first, but AC beat me to it.
DOJ
Useless DOJ (will they ever prosecute Corzine?), yet another violation of our rights. The gov?t constantly violates our rights.
They violate the 1st Amendment by caging protesters and banning books like ?America Deceived II?.
They violate the 4th and 5th Amendment by allowing TSA to grope you.
They violate the entire Constitution by starting undeclared wars.
Impeach Obama, support Ron Paul.
Last link of ?America Deceived II? before it is completely banned:
http://www.amazon.com/America-Deceived-II-Possession-interrogation/dp/1450257437
4th Circuit. ruled the same as NOSAL court
http://www.infolawgroup.com/2012/08/articles/computer-fraud-and-abuse-act-c/fourth-circuit-holds-cfaa-does-not-bar-employees-misappropriation-of-business-information-when-employee-was-authorized-to-access-information-initially/
Note, the issue here is unauthorized USE, not necessarily unauthorized access. So an employee that exceeds his or her access rights may still have criminal and civil CFAA issues to contend with.
You’re all hackers for reading this comment, and you will be punished as such!
/sarc