On March 22, 2012, Patton Boggs LLP posted a client alert (available here) on the antihacking Computer Fraud and Abuse Act (CFAA), discussing that different federal courts were split on whether the CFAA imposes liability on employees who have permission to access computerized information but use the permitted access for an improper purpose. One of the cases discussed in that alert was United States v. Nosal, 642 F.3d 781 (9th Cir. 2011), a panel decision holding that employees who properly access information but then use the information contrary to the employer’s policies or against the employer’s interests “exceeds authorized access” and violates the CFAA.
The full Ninth Circuit agreed to rehear the case, and in an April 11 ruling, a majority held that the CFAA is limited to violations of restrictions on access to information, and not restrictions on its use. The majority gave a narrow interpretation to the statutory phrase “exceeds authorized access.” As a result of this decision, someone who is authorized to access only certain data or files but accesses other data or files would violate the CFAA. In his opinion for the Court, Chief Judge Kozinski gave an example of how a violation could occur: “For example, assume an employee is permitted to access only product information on the company’s computer but accesses customer data: He would ‘exceed authorized access’ if he looks at the customer lists.”
Please see full alert below for more information.
Firefox recommends the PDF Plugin for Mac OS X for viewing PDF documents in your browser.
We can also show you Legal Updates using the Google Viewer; however, you will need to be logged into Google Docs to view them.
Please choose one of the above to proceed!
LOADING PDF: If there are any problems, click here to download the file.