Several US Courts of Appeal have broadly applied the Computer Fraud and Abuse Act (enacted in the 1980s) in a way that criminalizes activities such as using a computer for purposes violating an employer’s Internet use policy or violating the terms of a service of a website. No reasonable person would view such “violations” as a crime and these courts have exposed people to needless prosecution.
But now, the Ninth Circuit has brought some sanity. From The Register:
In a highly anticipated test of the Computer Fraud and Abuse Act, the U.S. Court of Appeals for the Ninth Circuit construed the law narrowly Tuesday, saying prosecutors can’t use it to go after someone who checks sports scores from a work computer or fibs on Facebook. The 1984 law is an anti-hacking statute, not a tool to make federal criminals of anyone who violates employer computer policies or a website’s terms of service, the en banc panel said in a 9-2 opinion in U.S. v. Nosal, 10-10038.
“The government’s construction of the statute would expand its scope far beyond computer hacking to criminalize any unauthorized use of information obtained from a computer,” Chief Judge Alex Kozinski wrote for the majority. “This would make criminals of large groups of people who would have little reason to suspect they are committing a federal crime.”
You can read the decision here.
- Court curbs computer fraud law to prevent overreach (electronista.com)
- Court narrows prosecutors’ use of anti-hacking law (news.cnet.com)
- Appeals Court Rules That Violating Corporate Policy Is Not a Computer Crime (eff.org)
- Terms of service violations not a crime, appeals court rules (arstechnica.com)