On October 27, 2011, the United States Court of Appeals for the Ninth Circuit agreed to rehear the  appeal in United States v. Nosal, 642 F.3d 781 (9th Cir. Apr. 28, 2011). Nosal involves a prosecution under the Computer Fraud and Abuse Act for alleged employee theft of confidential data from an employer’s network for the benefit of a competitor. The circumstances under which an insider with a disloyal purpose, such as an employee who has permission to use the employer’s network resources, can be charged either civilly or criminally under the CFAA with unauthorized access to a network, or access exceeding authorization, has been the subject of disagreement in the federal courts.

As we wrote last April, the panel in Nosal ruled that an employee exceeds authorized access within the meaning of the CFAA “when he or she obtains information from the computer and uses it for a purpose that violates the employer’s restrictions on the use of the information.”  The Nosal ruling narrowly interpreted a prior Ninth Circuit panel opinion in a civil action under the CFAA, LVRC Holdings, LLC v. Brekka, 581 F.3d 1127 (9th Cir. 2009). (See prior blog post here.) There, a different panel ruled that under the plain language of the CFAA, an act of disloyalty to an employer, e.g., access to a employer’s network for purposes of providing data to a competitor, does not render the employee’s access unauthorized within the meaning of the CFAA.

The key distinction that the panel in Nosal made from the facts of LVRC v. Brekka, was the existence in Nosal of “a computer use policy that placed clear and conspicuous restrictions on the employees’ access” both to employer’s computer system in general and to specific data in question. No such agreement was in place in LVRC v. Brekka.

The implications of the issues in LVRC v. Brekka and Nosal go beyond the employer-employee context. In its Amicus Brief filed urging the Ninth Circuit to rehear the Nosal case en banc, the Electronic Frontier Foundation argued that the panel opinion in Nosal would criminalize routine, mundane acts committed by Internet users that were deemed to violate provisions in broadly written Internet Terms of Service.

It is important to note that other federal courts of appeal have upheld broad readings of the CFAA in the employee-employer context. In the civil context, see, e.g., International Airport Centers, LLC v. Citrin, 440 F.3d 418 (7th Cir. 2006); and in the criminal context, see, e.g., United States v. John, 597 F.3d 263 (5th Cir. 2010), United States v. Rodriguez, 628 F.3d 1258 (11th Cir. 2010).

Oral argument in the rehearing en banc is scheduled for some time in the week of December 12, 2011.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Jeffrey Neuburger Jeffrey Neuburger

Jeffrey Neuburger is co-head of Proskauer’s Technology, Media & Telecommunications Group, head of the Firm’s Blockchain Group and a member of the Firm’s Privacy & Cybersecurity Group.

Jeff’s practice focuses on technology, media and intellectual property-related transactions, counseling and dispute resolution. That expertise…

Jeffrey Neuburger is co-head of Proskauer’s Technology, Media & Telecommunications Group, head of the Firm’s Blockchain Group and a member of the Firm’s Privacy & Cybersecurity Group.

Jeff’s practice focuses on technology, media and intellectual property-related transactions, counseling and dispute resolution. That expertise, combined with his professional experience at General Electric and academic experience in computer science, makes him a leader in the field.

As one of the architects of the technology law discipline, Jeff continues to lead on a range of business-critical transactions involving the use of emerging technology and distribution methods. For example, Jeff has become one of the foremost private practice lawyers in the country for the implementation of blockchain-based technology solutions, helping clients in a wide variety of industries capture the business opportunities presented by the rapid evolution of blockchain. He is a member of the New York State Bar Association’s Task Force on Emerging Digital Finance and Currency.

Jeff counsels on a variety of e-commerce, social media and advertising matters; represents many organizations in large infrastructure-related projects, such as outsourcing, technology acquisitions, cloud computing initiatives and related services agreements; advises on the implementation of biometric technology; and represents clients on a wide range of data aggregation, privacy and data security matters. In addition, Jeff assists clients on a wide range of issues related to intellectual property and publishing matters in the context of both technology-based applications and traditional media.