An interesting decisionwas handed down by the 9th Circuit Court of Appeals, written by Chief Judge Alex Kozinski.
The case involved employees who had downloaded confidential company information which they were permitted to access, but not permitted to share. The issue wasn’t whether the employer had a remedy, such as a civil injunction or money damages, but whether the conduct constituted a federal crime.
As described by The Wall Street Journal, the Court held that the conduct did not constitute a violation of the Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 103, if the only basis for criminal liability was violation of the employer’s work rules:
No, checking Facebook on work computer isn’t a federal crime.
That’s the opinion of the U.S. Court of Appeals for the Ninth Circuit, anyway. In a ruling by Chief Judge Alex Kozinski Tuesday, the court rejected the government’s broad interpretation of an anti-hacking statute called the Computer Fraud and Abuse Act.
Judge Kozinski, writing for an 11-judge panel, explained the stakes in the introduction of his ruling:
Many employers have adopted policies prohibiting the use of work computers for nonbusiness purposes. Does an employee who violates such a policy commit a federal crime? How about someone who violates the terms of service of a social networking website? This depends on how broadly we read the Computer Fraud and Abuse Act.
The government argued that CFAA targeted both hackers and people who are authorized to use a computer, but do so for an unauthorized purpose. The Ninth Circuit, however, ruled that the law doesn’t extend to violations of use restrictions.
“Were we to adopt the government’s proposed interpretation, millions of unsuspecting individuals would find that they are engaging in criminal conduct,” Kozinski wrote.
But, as the WSJ notes, this puts the 9th Circuit at odds with several other Circuits, where violation of employer policies using a computer, even surfing the web, could be considered a crime.