A student-run resource for reliable reports on the latest law and technology news

Ninth Circuit Creates Circuit Split by Narrowly Construing the Computer Fraud and Abuse Act
By Abby Lauer – Edited by Charlie Stiernberg

United States v. Nosal, No. 10-10038 (9th Cir. April 10, 2012)
Slip Opinion

The Ninth Circuit affirmed the Northern District of California in an en banc decision construing the scope of the Computer Fraud and Abuse Act (“CFAA”). The court held that a person who violates an employer’s computer use policy is not criminally liable for federal penalties under the Act.

The Ninth Circuit held that the provision of the CFAA that prohibits a person from “exceed[ing] authorized access” to information on the Internet does not extend to violations of use restrictions, such as an employer’s computer use policy or a website’s terms of service. In so holding, the court applied the rule of lenity to this provision of the CFAA. The court expressed concern that adopting a broader interpretation of “exceeds authorized access,” which appears five times in the first seven subsections of the statute, would inadvertently criminalize innocuous activity that was not intended to be captured. For example, the court noted that “lying on social media websites is common,” and concluded this is not the type of behavior that Congress intended to punish by passing the CFAA.

Ars Technica provides an overview of the case. The Volokh Conspiracy provides further commentary and excerpts from Chief Judge Kozinski’s majority opinion.

Federal prosecutors brought criminal charges under 18 U.S.C. § 1030(a)(4) against a former employee of an executive search firm who had convinced some of his former colleagues to download and transmit names and contact information from the company’s confidential database. A district court judge initially dismissed the CFAA charges against the defendant on the grounds that his former colleagues were legally authorized to access the information and only violated the firm’s policy regarding how the information could be used. A Ninth Circuit panel reversed the district court and reinstated the CFAA charges before the court agreed to hear the case en banc.

The en banc decision limited the scope of the “exceeds authorized access” language in the CFAA to apply only to violations of restrictions on access to information, not restrictions on its use. Chief Judge Kozinski’s majority opinion emphasized the rule of lenity: “We construe criminal statutes narrowly so that Congress will not unintentionally turn ordinary citizens into criminals.” U.S. v. Nosal, No. 10-10038 at 3872. To hold otherwise, the court reasoned, would criminalize even casual violations of terms of service imposed by social networking sites, online retailers, and search engines.

Judge Barry G. Silverman, joined by Judge Richard C. Tallman, dissented. The dissent accused the majority of construing the CFAA in a “hyper-complicated way that distorts the obvious intent of Congress.” Id. at 3873-74. The dissent argued that the court should have focused on the serious crimes committed by the defendant and his former colleagues, rather than deciding the case based on “far-fetched hypotheticals involving neither theft nor intentional fraudulent conduct.” Id. at 3873.

The decision is significant because it creates a circuit split. Three circuit courts—the Fifth, Seventh, and Eleventh—have interpreted the CFAA broadly to cover violations of corporate computer use restrictions or violations of a duty of loyalty. The Ninth Circuit accused these other circuits of looking “only at the culpable behavior of the defendants before them, and fail[ing] to consider the effect on millions of ordinary citizens.” Id. at 3871. The circuit split renders the scope of “exceeds authorized access” within the CFAA ripe for review by the Supreme Court.

Posted On Apr - 18 - 2012 1 Comment

One Response so far.

  1. [...] more on this, as I promised, check out the EFF, Volokh Conspiracy and Harvard Journal of Law & Technology. Share this:EmailFacebookTwitterPrintStumbleUponRedditDiggLike this:LikeBe the first to like this [...]

  • RSS
  • Facebook
  • Twitter

Insuring Patents

Part I.  Overview Historically, intellectual property insurance has been available for ...

Senate Judiciary Committee

Defend Trade Secrets

While individuals who misappropriate trade secrets are punishable by federal ...

Flash Digest

Federal Circuit Flas

HP Setback in Challenging the Validity of MPHJ’s Distributed Virtual ...

Illinois Flag

Amicus Brief by EFF

The case comes before the Illinois Supreme Court on appeal ...

Fed. Cir. Flash Digest

Flash Digest: News i

By Gia Velasquez – Edited by Ken Winterbottom Federal Court Grants ...