An employee's violation of an employer's computer use policy can support a criminal charge of exceeding authorized access under the Computer Fraud and Abuse Act, a district court ruled. The appeals court reinstated charges under 18 U.S.C. § 1030(a)(4) that a former employee and his co-conspirators "knowingly and with intent to defraud," exceeded their authorized access to the employer's computer network when they copied the employer's proprietary information for the benefit of another enterprise. The court noted that the employees were subject to a computer use policy that imposed "clear and conspicuous restrictions" on both the employees' access to the computer network, that they had "fair warning that they were subjecting themselves to criminal liability." The court further commented that "as long as the employee has knowledge of the employer’s limitations on that authorization, the employee “exceeds authorized access” when the employee violates those limitations. It is as simple as that."
United States v. Nosal, No. 10-10038 (9th Cir. Apr. 29, 2011) Opinion
Editor's Note: The ruling is discussed further on the Proskauer New Media and Technology Law blog.