New Georgia Decision Clarifies Scope Of Computer Trespass Statute

Jackson Lewis P.C.
Contact

Just as the United States Supreme Court recently limited the reach of the federal Computer Fraud and Abuse Act (“CFAA”) in Van Buren v. United States, the Georgia Supreme Court has now reined in the Georgia state law counterpart to the CFAA.

Background

In Kinslow v. State, No. S20G1001 (June 21, 2021), the defendant was an IT employee of the City of Norcross. The defendant allegedly altered the City’s computer network settings to cause his boss’s incoming emails to be copied and forwarded to the defendant’s personal email account. The jury found the defendant guilty of state-law computer trespass, and the defendant appealed.

The Georgia computer trespass statute defines the offense, in part, as “us[ing] a computer or computer network with knowledge that such use is without authority and with the intention of . . . [o]bstructing, interrupting, or in any way interfering with the use of a computer program or data.” OCGA § 16-9-93(b)(2) (emphasis added).

No “Obstruction” or “Interference” in Copying Emails

There was no question the defendant in Kinslow lacked authorization to access and forward his boss’s emails. But the majority concluded that the evidence at trial could not prove the defendant acted “with the intention of obstructing or interfering with the use of data.”

Relying on dictionary definitions of the words “obstruct” and “interfere,” and applying the canons of construction, the court interpreted the statute as requiring proof that the defendant “hindered” the use of data in some way. According to the court, the evidence showed, at most, the defendant enabled a copy of computer data to flow to another recipient. Because “[t]here [was] no evidence that [the defendant] by his actions hindered the flow of data to any intended recipient or otherwise hindered the use of data,” the court overturned the conviction for computer trespass under the Georgia statute.

The majority ruling drew a sharp dissent. The dissent would have held the defendant’s actions to “manipulate” the data stream and “intermeddle” data intended to go to others satisfied the “in any way interfering” provision of the statute. The dissent reasoned, “[T]respass does not require the theft of data from its intended recipient—it requires only that one accesses that data from a place one is not authorized to be.” (This interpretation would have tracked the CFAA, which prohibits merely “obtain[ing]” information without authorization.)

Takeaways

The dissent warned that this decision “educates wrongdoers that they are better off from both a detection standpoint and from prosecution as a matter of law if they simply copy data rather than block its delivery.” At least for application of the Georgia computer trespass statute, that point is hard to argue. That said, the defendant’s alleged conduct here might have violated a host of other laws, including the CFAA and possibly trade secret laws.

Employers should keep in mind that many states have computer trespass statutes that do not necessarily rise and fall with the CFAA. Some may be broader, and some, like Georgia’s, may be narrower. Whenever an employee accesses information to which the employee lacks authorization, or improperly uses information to which access is authorized, employers should work with counsel to carefully analyze the possible legal implication of such conduct.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Jackson Lewis P.C. | Attorney Advertising

Written by:

Jackson Lewis P.C.
Contact
more
less

Jackson Lewis P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.