The Computer Fraud and Abuse Act makes it illegal to access a computer without permission or to use information for a bad purpose. The Supreme Court recently decided a case that clears up confusion about what “exceeds authorized access” means. This helps companies and prosecutors know how to protect sensitive data. The Computer Fraud and Abuse Act (CFAA) was created in the 1980s to prevent unauthorized access to computers and electronic data. It includes both criminal and civil penalties for accessing a computer without permission or using access to obtain information that the person is not entitled to. It applies to all computers connected to the internet and gives the FBI and Secret Service authority to investigate CFAA offenses. The CFAA also allows individuals or entities harmed by unauthorized access to file a civil lawsuit for damages. There is a debate among courts about what it means to “exceed authorized access” under the CFAA. The court had to decide if the law about unauthorized computer access applies to someone who is allowed to use a computer but not allowed to use certain information on it, or if it only applies to someone who isn’t allowed to use the computer at all. Some courts said it applies to both situations, while others said it only applies to the first situation. The First Circuit Court decided that using a former employer’s information for personal gain violates the Computer Fraud and Abuse Act. In this case, a vice president of a travel company used a computer program to collect pricing information from his old company’s website and then used that information to undercut his old company’s prices. The court ruled that this violated his confidentiality agreement with his old employer, so he exceeded authorized access to the information. Dimetriace Eva-Lavon John, who worked for Citigroup, accessed customer account information and gave it to her half-brother for him to use in a crime. She was found guilty of breaking the law that says you can’t exceed authorized access to a protected computer. Even though she was allowed to use Citigroup’s computers for her job, the court said she still broke the law because she used the computer to help commit a crime and broke her employer’s rules. The 11th Circuit Court said that an employee broke the law by using his work computer to look at people’s personal information for reasons that were not related to his job. The employee argued that he didn’t do anything wrong because he was allowed to use the computer, but the court said he still broke the rules by using the information in a way that he wasn’t supposed to. Meanwhile, the Ninth Circuit Court said that the law only applies to when someone accesses information that they’re not supposed to, not when they use it in a way that goes against the rules. The court case U.S. v. Nosal was about whether using a work computer for personal use, or accessing information from a website against its terms of service, is a federal crime. The defendant, David Nosal, was accused of getting his former coworkers to give him confidential information from their company’s computer after leaving to start his own business. The court argued that the law should only criminalize accessing restricted information, not using it. This means that using information against a website’s terms of service is not a crime. In a later case, the court ruled that accessing publicly available information on the internet is not a crime. The court also said there are other laws that cover situations where someone uses information inappropriately. The Fourth Circuit and Second Circuit ruled in separate cases that the Computer Fraud and Abuse Act (CFAA) does not apply to employees who misuse their access to company computers. In the first case, an employee downloaded confidential information and used it for his new employer, but the court ruled he did not exceed his authorized access. In the second case, a police officer accessed restricted databases for personal reasons, and the court ruled that this also did not violate the CFAA. The Supreme Court made a decision in the Van Buren case, saying that “exceeds authorized access” is about accessing something, not using it. This decision affects Florida lawyers who handle CFAA claims in the 11th Circuit and Florida federal courts. The Supreme Court decided in Van Buren’s case that he did not exceed authorized access when he looked up license plate information in a police database for personal gain. This means that he didn’t break the law even though he used the database for the wrong reasons. This decision will affect how organizations and lawyers in places like Florida understand and apply the law. Employers need to understand that they can’t use the Computer Fraud and Abuse Act (CFAA) to protect against all types of employee misconduct. They need to tighten security and only give access to sensitive information to employees who need it. They should also have clear rules about computer use and access. If someone misuses information, the employer may have other legal options to protect against it, like trade secret laws or breach of contract claims. Overall, employers should be careful about who has access to their information and take steps to protect it. The Computer Fraud and Abuse Act (CFAA) is a law that deals with hacking and unauthorized access to computer systems. It was enacted in 1984 to address computer crimes. The law makes it illegal to access a computer system without permission, and anyone who does so can be punished. Several court cases have dealt with the interpretation and application of this law, with some cases involving employees accessing their employer’s computer systems without authorization. These cases have helped to clarify how the CFAA should be applied in different situations. The citations and legal cases mentioned in this text explain how certain laws were interpreted and applied in court. The two authors, Emily Chase-Sosnoff and Shane T. Muñoz, are lawyers who work with employers and labor disputes. They are part of a section of lawyers who focus on labor and employment law in Florida.
Source: https://www.floridabar.org/the-florida-bar-journal/understanding-the-bounds-of-the-computer-fraud-and-abuse-act-in-the-wake-of-van-buren/
Leave a Reply