Last week, Reuters, ran a piece on how the Computer Fraud and Abuse Act (CFAA) may take center stage in legal circles over the coming months. Specifically, the Justice Department has until August 8th to decide whether or not they want to request a U.S. Supreme Court review of a long-running, controversial employment case, in which the CFAA figures prominently.
The CFAA In Ten Seconds
Ratified 28-years ago – when most homes still didn’t have a personal computer – officials passed the Computer Fraud and Abuse Act. Its intended goal was to develop a law to punish hackers. But lately it’s being used to prosecute employees who download sensitive data.
A multi-section bill, the CFAA covers a lot of ground, but perhaps the most controversial line is the explanation of what constitutes illegality, that being: “intentionally access[ing] a computer without authorization or exceed[ing] authorized access.”
The Curious Case of David Nosal & The Dismissal of CFAA Charges
Take the David Nosal case, for example. Gleaning from reports, he and a few colleagues allegedly pulled what sounds like the modern-day equivalent of the Sterling, Cooper, Draper, Pryce midnight pack-up when making moves to open their own company. Irate over the situation, in 2008, their former boss filed lawsuits against all the alleged conspirators. Some accepted the charges and their resultant fate, but David Nosal decided to fight the charges – which included a CFAA count.
After extensive litigation and court appearances, the appeals court, in a 9 to 2 ruling, dismissed the charges related to the CFAA.
The Justice Department Ain’t Happy About the Dismissal
Over the past six years, approximately 1,050 CFAA-related cases (half federal, half civil) have been filed. But lawmakers and law enforcement agencies want to see that number go up in the future. Ostensibly to extend their sphere of influence, the U.S. Justice Department is keen to use the CFAA when prosecuting.
So would a lot of corporations.
Oracle is so invested in the measure that they filed a brief in support of the Justice Department that argued trespass doctrines are rooted in common law standards and should therefore be applicable when defining the scope of the CFAA. They argued that “Among [common law standards] is the concept of restricted authorization: a person commits trespass not only when he or she enters property or a portion of it when told not to; a person commits trespass also when he or she has authorization to enter for some purposes but enters for different ones.”
If the Justice Department does seek a SCOTUS review, and it doesn’t end up in the department’s favor, they risk losing one of their most effective “bullets.” If they win, however, it could theoretically usher in a new “Minitru-esque” era where logging onto Facebook or Twitter, or engaging in a little digital retail therapy at work, could land you in a lot of – possibly criminal — trouble.
Proposed Amendments to The CFAA
In an effort to satisfy the Justice Department’s wishes to make ample use of the CFAA, there has been talk of amending the arguably antiquated act to protect the average employee who may dabble in a little Internet activity during, say, their lunch hour. Specifically, officials are knocking around ways to exclude harmless violations from being prosecuted under the bill (i.e., social network users signing up using a pseudonym).
The Computer Fraud and Abuse Act has been widely interpreted in various courts. If you have a legal issue involving the CFAA, contact us today to explore your options. Our Internet lawyers are well-versed in all things CFAA-related and can help you work out the ideal solution.