As reported by The Recorder, the 9th Circuit Court of Appeals has done much to narrow the scope of the Computer Fraud and Abuse Act. In their article about this circuit decision, the Recorder reports that you cannot be criminally prosecuted for checking out Facebook or football scores at work.
“We shouldn’t have to live at the mercy of our local prosecutor”
Below is an excerpt from the original article at law.com:
Don’t worry: it’s not illegal to read this article at work.
In a highly anticipated test of the Computer Fraud and Abuse Act, the U.S. Court of Appeals for the Ninth Circuit construed the law narrowly Tuesday, saying prosecutors can’t use it to go after someone who checks sports scores from a work computer or fibs on Facebook. The 1984 law is an anti-hacking statute, not a tool to make federal criminals of anyone who violates employer computer policies or a website’s terms of service, the en banc panel said in a 9-2 opinion in U.S. v. Nosal, 10-10038.
“The government’s construction of the statute would expand its scope far beyond computer hacking to criminalize any unauthorized use of information obtained from a computer,” Chief Judge Alex Kozinski wrote for the majority. “This would make criminals of large groups of people who would have little reason to suspect they are committing a federal crime.”
In splitting from other circuits and reversing the panel decision, the court said the plain language of the statute prohibiting someone from “exceeding authorized access” to a computer does not extend to violations of use restrictions. The majority said there are other laws the government can use to prosecute someone who steals confidential information, and that a narrow interpretation of the CFAA is necessary because “we shouldn’t have to live at the mercy of our local prosecutor.”
The ruling affirms San Francisco U.S. District Judge Marilyn Hall Patel, who junked five counts in the government’s case against David Nosal. He is the former employee of an executive search firm accused of having colleagues access a confidential database to get information for his new competing business. “Because Nosal’s accomplices had permission to access the company database and obtain the information contained within, the government’s charges fail to meet the element of ‘without authorization, or exceeds authorized access,'” Kozinski wrote.
The court illustrated its point with a series of alarmist scenarios: Under the government’s view of the law, the “short and homely” person’s claim on Craigslist to be tall, dark and handsome could earn the poster a “handsome orange jumpsuit.” Vast numbers of teens who used Google could have been deemed “juvenile delinquents” since until last month the company’s use agreement technically barred minors from using its services.
For the government, the case was not about white lies and people goofing off at work. . Nosal, they argue, was up to no good, and the statute requires an “intent to defraud.” The dissenting judges make that point.
“This case has nothing to do with playing sudoku, checking email, fibbing on dating sites, or any of the other activities that the majority rightly values,” Judge Barry Silverman wrote, with Judge Richard Tallman joining. “It has everything to do with stealing an employer’s valuable information to set up a competing business with the purloined data, siphoned away from the victim, knowing such access and use were prohibited in the defendants’ employment contracts.”
Prosecutors have taken an aggressive posture in this case, appealing even when many criminal counts remained intact at the trial level and bringing in a lawyer from Main Justice, Jennifer Ellickson, to argue. Nosal’s appellate counsel Dennis Riordan said in light of that, he expects there to be a push inside the department to file cert. However, he said, the Solicitor General’s office, which makes the call, may think twice about pursuing this particular CFAA case, considering Kozinski’s “very, very powerful and well reasoned opinion.”
It is difficult to imagine why the dissenting opinion here did not see the ‘slippery slope’ of unintended consequences if the en banc decision of the Ninth Circuit were to have gone the other way.
It reminds me of the Supreme Court’s decision in Gonzales v. Raich which didn’t go as well as this case. In Raich, the Supreme Court decided that marijuana grown for legal, personal use inside a California residence could be federally prosecuted as interstate commerce. This may be confusing to the non-lawyer because the represented facts of the case were neither interstate nor commerce.
I am encouraged when I see appellate decisions that actually curtail federal prosecuting authority, rather than expanding them. Kudos to the 9th!