Marcia Hofmann of EFF writes:
The Electronic Frontier Foundation (EFF) urged a federal appeals court Tuesday to dismiss charges that would turn any employee use of company computers in violation of corporate policy into a federal crime.
In U.S. v. Nosal, an ex-employee is being prosecuted on the claim that he induced current company employees to use their legitimate credentials to access the company’s proprietary database and provide him with information, in violation of corporate computer-use policy. The government claims that the violation of this private policy constitutes a violation of the Computer Fraud and Abuse Act (CFAA). Following a decision issued just last year by the U.S. Court of Appeals for the 9th Circuit, the District Court ruled against the government, holding that violations of corporate policy are not equivalent to violations of federal computer crime law. The government appealed to the 9th Circuit.
In an amicus brief filed in the case on Tuesday, EFF argues that turning mere violations of company policies into computer crimes could potentially create a massive expansion of the CFAA, turning millions of law-abiding workers into criminals.
“Companies’ policies often prohibit personal use of company computers. The government’s argument here would potentially turn employees into criminals if they check the baseball scores or update their Facebook statuses at an office where such a policy is in place,” said EFF Senior Staff Attorney Marcia Hofmann. “Company policies aren’t written with the care and precision that we require in a criminal statute. Instead, they are often vague, arbitrary, confusing and contradictory. It’s not fair or reasonable to turn any violation of company policy into a crime.”
The extension of the CFAA into company policies is only one of the places where EFF has been combating overbroad use of the statute to criminalize what are essentially breaches of contract. Over the last several months, EFF has filed amicus briefs in two other cases where the government attempted to use computer crime laws to turn a violation of a website’s terms of service into a criminally punishable act.
“A district court has already made the correct decision here, and ruled that these indictments are contrary to law,” said Hofmann. “We’re urging the appeals court to affirm that important decision, and reject this dangerous expansion of the CFAA.”
For the full amicus brief: