The Ninth Circuit held that under the Computer Fraud and Abuse Act, the definition of unauthorized access to a computer extends to in-house fraud and data theft, not just outside systems computer hacking
United States v. Nosal, 2016 BL 214844, 9th Cir., No. 14-10275, 7/5/16.
A former employee at a software company had is credentials revoked after resigning from his position, although he was temporarily retained for some contract work. During this period, the former employee began building his own business with the aid of several employees in the company. Through using the credentials of one such employee, he accessed information on a private server restricted to company employees, which he then used for his new business, violating the company policy and his non-compete agreement. While violating his agreement, the company, with the help of prosecutors, sought to pursue charges under the Computer Fraud and Abuse Act (CFAA) for using a password “without authorization.”
In this decision, the Ninth Circuit extended using a computer “without authorization” to include in-house data theft and fraud in addition to computer use by outside sources. The court found that the CFAA does not define “without authorization” in terms of access to a computer for the purpose of conducting fraud, but the plain language meaning encompasses this action as well. By following the language of the statute, the court remained consistent with other previous decisions regarding the CFAA, as well as joining the Second and Fourth Circuits in reaching similar decisions.
https://www.bloomberglaw.com/public/desktop/document/United_States_v_Nosal_No_1410037_2016_BL_214844_9th_Cir_July_05_2?1469045870
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.