Latest Court Ruling Makes Us All Computer Felons
from the whoo-hoo dept
Last week we briefly mentioned a court ruling about overly broad subpoenas – which many people spun around to point at the RIAA (suggesting that people may be able to sue them for issuing such subpoenas themselves). Mark Rasch takes a much more thorough look at the ruling and points out why it might not be such a great ruling, after all. The details of the case are a bit complex, and Rasch does a good job summarizing them. The really short version is that a law firm subpoenaed all email from the ISP of a company they were suing. The ISP, without consulting a lawyer (or their customer) simply handed over every single email from the company. The court ruled (correctly) that the subpoena was overly broad and invalid. However, it then ruled that, because of this, the law firm that used them and then got access to all those private emails had committed a computer crime – unauthorized access – to get the emails. Basically, in wiping the subpoena out of existence, and not even acknowledging its existence, they claim that the only way the law firm could have obtained those emails, then, was by breaking into the computer systems and stealing them. See the problems with this ruling? It basically goes back in time, erases what actually happened, and assumes that (absent the erased event) a felony must have occurred. Based on this, Rasch does some reductio ad absurdum, to show how sending an email or putting a link on a webpage could be considered a felony computer crime. Clearly, this wouldn’t actually happen, but it does show how the court ruling may have overstepped its bounds. The law firm should be penalized for issuing an overly broad subpoena but charging them with a computer crime is questionable. I understand all of this, but I still think the law firm clearly deserve pretty serious punishment for going so overboard – as it was a clear case of fraud, and they did end up with lots of confidential information. How do you balance out the fraud with the fact that if the ISP had done the simplest thing (called a lawyer) the original law firm never would have received all the confidential information? Seems like a fine line.