On Thursday, April 28, 2011, the Ninth Circuit, in a split decision, held that an employee could be criminally liable under the Computer Fraud and Abuse Act, 18 U.S.C. § 1030 (the “CFAA”), for exceeding authorized access to an employer’s computer system by accessing proprietary information in violation of the employer’s written policies. In so holding, the Ninth Circuit joined several other circuits in interpreting the CFAA’s “exceeds authorized access” prong to cover violations of an employer’s clearly disclosed computer use policy to misappropriate proprietary company information. This interpretation of the CFAA also has ramifications outside the employment context, and potentially extends to enforceable terms of use policies and other contracts restricting network access.
The facts of the case read like a garden-variety civil trade secret dispute. David Nosal had worked for the executive search firm Korn/Ferry International, which he left to start a competing firm. Soon after leaving the firm, Nosal engaged three Korn/Ferry employees to help set up the rival company. Those employees downloaded information about executive candidates from Korn/Ferry’s password-protected leads database and provided that information to Nosal. All Korn/Ferry employees had been required to sign employment agreements prohibiting disclosure of such information.
Please see full publication below for more information.