On April 10, 2012, the Ninth Circuit en banc decision in United States v. Nosal was published, resolving the question of how a person “exceeds authorized access” under the Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030. The CFAA prohibits a person from “exceed[ing] authorized access” and thereby obtaining “information” from a computer “used in or affecting interstate or foreign commerce.” In Nosal, the issue was whether an employee who violated his employer’s “policies prohibiting the use of work computers for nonbusiness purposes” violated the CFAA. In a pithy decision by Chief Judge Alex Kozinski, the Ninth Circuit ruled that the phrase “exceeds authorized access” was not meant to criminalize an employee exceeding his employer’s computer use policies by “g-chatting with friends, playing games, shopping or watching sports highlights” on his work computer, but rather was intended to criminalize “hacking” into an employer’s computer system to access information contained in areas beyond the employee’s access level.
Additionally, the Nosal decision makes clear that computer use restrictions are necessary but not sufficient to protect confidential, electronic information. In addition to use restrictions, companies should limit access to sensitive information on a need-to-know basis instead of merely limiting the appropriate use of that information. Limiting access to confidential information will not only decrease the possibility of misappropriation, but should also preserve use of the CFAA as a litigation tool even under the narrow view of the “without authorization” prong in the case of an employee who misuses electronic information they were not authorized to access.
No. 10-10038 (9th Cir. April 10, 2012) (en banc) (available at http://www.ca9.uscourts.gov/datastore/opinions/2012/04/10/10-10038.pdf).
See 18 U.S.C. § 1030(a)(2)(C)
Nosal, Slip Op. at 2.
Id. at 15.
See 18 U.S.C. § 1030(g)
Nosal, Slip. Op. at 2.
Id. at 15.
Id. at 11-12.
Id. at 13-14.
Potentially saved 756 lives by donating 252 pints of blood during the American Red Cross's 2010-2011 fiscal year.
© 2009 - 2013 Kilpatrick Townsend & Stockton LLP | Attorney Advertising |
Prior results do not guarantee a similar outcome.