Monday, October 31, 2011

More on the Computer Fraud and Abuse Act

My post of May 5, 2011 discussed the recent Ninth Circuit criminal case of US v. Nosal applying the Criminal Fraud and Abuse Act to actions by an employee that violate an employer's rules of computer usage. Two out of three members of the Ninth Circuit panel determined that an employee's violation of an employer's computer use restrictions can constitute a felony under the CFAA. In effect, the Ninth Circuit's opinion permits a private entity -- an employer -- to define what is or is not criminal liability under the CFAA. Utah District Judge Tena Campbell, sitting by designation on the Ninth Circuit panel, dissented from the majority decision, arguing that if every violation of an employer's computer use rules, including innocuous, personal usage, created felony liability under the CFAA, then the arbitrary application of the CFAA would render the CFAA unconstitutionally vague.

A majority of the rest of the Ninth Circuit must believe that Judge Campbell's view has merit. Last Thursday, the Ninth Circuit entered an order agreeing to rehear the Nosal case en banc. The prior Nosal opinion is no longer valid. More to come.

No comments: