Network Security
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Court: Disloyal Computing Is Not Illegal
- From: Howell, Paul
- Date: Mon Sep 21 11:26:38 2009
At http://www.wired.com/threatlevel/2009/09/disloyalcomputing/
Court: Disloyal Computing Is Not Illegal
By David Kravets September 18, 2009 | 2:02 pm | Categories:
Cybersecurity, Hacks and Cracks
A federal appeals court says employees are not liable for damages under
anti-hacking laws for accessing their employers' computers for disloyal
purposes.
The 9th U.S. Circuit Court of Appeals ruled that workers authorized to
access company computers do not lose or exceed that access under the
Computer Fraud and Abuse Act even if their intent was to acquire data to
open a competing business (.pdf).
There is no language in the 1984 anti-hacking statute, the San
Francisco-based appeals court said Wednesday, supporting the "argument
that authorization to use a computer ceases when an employee resolves to
use the computer contrary to the employer's interests."
The decision marks the second time in as many months the courts have
restrained the use of the CFAA.
In July, for example, a Los Angeles federal judge tossed the guilty
verdicts against Lori Drew, who was charged criminally of participating
in a MySpace cyberbullying scheme against a 13-year-old Missouri girl
who later committed suicide. The case against the 50-year-old Drew
hinged on the government's novel argument that violating MySpace's terms
of service was the legal equivalent of computer hacking and a violation
of the CFAA.
The appellate court's decision Wednesday, meanwhile, sets the stage for
possible review by the U.S. Supreme Court. The ruling conflicts with a
2006 decision by the Chicago-based 7th U.S. Circuit Court of Appeals
that said employees lose "authorization" to company computers if their
motives are disloyal.
Congress adopted the CFAA to enhance the government's ability to
prosecute hackers who accessed computers to steal information or to
disrupt or destroy computer functionality. The CFAA prohibits a number
of computer crimes, but the majority focus on accessing computers
without authorization or in excess of authorization.
At issue before both appellate courts was the area of the law granting
the public the right to sue for damages.
In both cases, the employers maintained the employees forfeited their
"authorized access" when using a company computer to acquire
confidential information to further their personal interests rather than
the company's interests.
The San Francisco court ruled that, if a company has provided employees
authorization to access internal materials, workers couldn't be sued
under the anti-hacking statute unless they encroach into files in which
they were not given permission.
However, the Chicago appellate court said that an employee lost
authorized access privileges to a laptop and was liable for damages for
breaching a "duty of loyalty." The employee accessed confidential
company data even though he was planning to quit his job to start a
competing business, the court noted.
By having such motives, the court concluded, the employee forfeited "his
authority to access the laptop."
------------------------------------------------------------------------
To unsubscribe from netsec, send mail to majordomo@merit.edu
with a body consisting of the words "unsubscribe netsec" --
without the quotes. For more help, send a message to majordomo@merit.edu
with the word "help" as the body.
------------------------------------------------------------------------
|
