A student-run resource for reliable reports on the latest law and technology news

Ninth Circuit Creates Circuit Split by Narrowly Construing the Computer Fraud and Abuse Act
By Abby Lauer – Edited by Charlie Stiernberg

United States v. Nosal, No. 10-10038 (9th Cir. April 10, 2012)
Slip Opinion

The Ninth Circuit affirmed the Northern District of California in an en banc decision construing the scope of the Computer Fraud and Abuse Act (“CFAA”). The court held that a person who violates an employer’s computer use policy is not criminally liable for federal penalties under the Act.

The Ninth Circuit held that the provision of the CFAA that prohibits a person from “exceed[ing] authorized access” to information on the Internet does not extend to violations of use restrictions, such as an employer’s computer use policy or a website’s terms of service. In so holding, the court applied the rule of lenity to this provision of the CFAA. The court expressed concern that adopting a broader interpretation of “exceeds authorized access,” which appears five times in the first seven subsections of the statute, would inadvertently criminalize innocuous activity that was not intended to be captured. For example, the court noted that “lying on social media websites is common,” and concluded this is not the type of behavior that Congress intended to punish by passing the CFAA.

Ars Technica provides an overview of the case. The Volokh Conspiracy provides further commentary and excerpts from Chief Judge Kozinski’s majority opinion.

Federal prosecutors brought criminal charges under 18 U.S.C. § 1030(a)(4) against a former employee of an executive search firm who had convinced some of his former colleagues to download and transmit names and contact information from the company’s confidential database. A district court judge initially dismissed the CFAA charges against the defendant on the grounds that his former colleagues were legally authorized to access the information and only violated the firm’s policy regarding how the information could be used. A Ninth Circuit panel reversed the district court and reinstated the CFAA charges before the court agreed to hear the case en banc.

The en banc decision limited the scope of the “exceeds authorized access” language in the CFAA to apply only to violations of restrictions on access to information, not restrictions on its use. Chief Judge Kozinski’s majority opinion emphasized the rule of lenity: “We construe criminal statutes narrowly so that Congress will not unintentionally turn ordinary citizens into criminals.” U.S. v. Nosal, No. 10-10038 at 3872. To hold otherwise, the court reasoned, would criminalize even casual violations of terms of service imposed by social networking sites, online retailers, and search engines.

Judge Barry G. Silverman, joined by Judge Richard C. Tallman, dissented. The dissent accused the majority of construing the CFAA in a “hyper-complicated way that distorts the obvious intent of Congress.” Id. at 3873-74. The dissent argued that the court should have focused on the serious crimes committed by the defendant and his former colleagues, rather than deciding the case based on “far-fetched hypotheticals involving neither theft nor intentional fraudulent conduct.” Id. at 3873.

The decision is significant because it creates a circuit split. Three circuit courts—the Fifth, Seventh, and Eleventh—have interpreted the CFAA broadly to cover violations of corporate computer use restrictions or violations of a duty of loyalty. The Ninth Circuit accused these other circuits of looking “only at the culpable behavior of the defendants before them, and fail[ing] to consider the effect on millions of ordinary citizens.” Id. at 3871. The circuit split renders the scope of “exceeds authorized access” within the CFAA ripe for review by the Supreme Court.

Posted On Apr - 18 - 2012 1 Comment

One Response so far.

  1. [...] more on this, as I promised, check out the EFF, Volokh Conspiracy and Harvard Journal of Law & Technology. Share this:EmailFacebookTwitterPrintStumbleUponRedditDiggLike this:LikeBe the first to like this [...]

  • RSS
  • Facebook
  • Twitter
  • GooglePlay
Plane_Dirtbox

U.S. Marshals Servic

In addition to questions of communications law, a number of ...

Unknown

Federal Circuit Flas

By Henry Thomas Ads For Content Scheme Held To Be Abstract ...

Photo By: archie4oz - CC BY 2.0

Silk Road 2.0 Takedo

  [caption id="attachment_4363" align="alignleft" width="150"] Photo By: archie4oz - CC BY ...

Unknown

Federal Circuit Flas

By Ken Winterbottom Motion to Dismiss in Hulu Patent Infringement Suit ...

GOOGLE_APTHDVR_1268416f

Spain Passes a “Go

The amendments to Spanish copyright law put Google News snippets ...