Statutory Interpretation - Computer Fraud and Abuse Act - Ninth Circuit Holds That Employees' Unauthorized Use of Accessible Information Did Not Violate the CFAA

Harvard Law Review, March 2013 | Go to article overview

Statutory Interpretation - Computer Fraud and Abuse Act - Ninth Circuit Holds That Employees' Unauthorized Use of Accessible Information Did Not Violate the CFAA


In 1986, Congress passed the Computer Fraud and Abuse Act (1) (CFAA) to address the growing problem of intentional trespass into others' computer files, (2) known as "hacking." One of the CFAA's provisions, [section] 1030(a)(4), targets individuals who access a computer "without authorization" or "exceed[] authorized access," provided that certain fraud and materiality requirements are met. (3) Another provision of the statute, [section] 1030(a)(2)(C), sweeps far more broadly by omitting the fraud and materiality requirements. (4) Under the CFAA, a person "exceeds authorized access" if she accesses a computer "with authorization" and uses the access "to obtain or alter information in the computer that [she] is not entitled so to obtain or alter." (5) The scope of this definition, and of the CFAA more generally, has been widely debated. (6)

Recently, in United States v. Nosal, (7) the Ninth Circuit, sitting en banc, held that defendant employees did not "exceed[] authorized access" bytransmitting confidential information in violation of company policy. (8) The court interpreted the phrase "exceeds authorized access" to target only restrictions on access to information, not limitations on its use. (9) That is, an employee can exceed her authorized access only if she is either barred from the information altogether or accesses it in an impermissible manner. (10) The majority multiplied two canons of statutory interpretation -- the presumption of consistent usage and the avoidance canon -- to select an interpretation of "exceeds authorized access" that would resolve the concern that [section] 1030(a)(2)(C) may be unconstitutionally vague. Neither canon alone was determinative; the majority's interpretation emerged only when the presumption of consistent usage created an interpretive problem and the avoidance canon re-solved it. Nosal's "multiplying canons" technique is a potentially powerful tool of statutory interpretation, and future scholarship should explore its merits. Yet even if sensible, this technique did not achieve the majority's goal in Nosal: [section] 1030(a)(2)(C) remains vulnerable to constitutional attack.

From approximately April 1996 to October 2004, David Nosal worked at Korn/Ferry International (KFI), an executive search firm. (11) Shortly after leaving the firm to start a competing business, Nosal convinced his former coworkers to use their account credentials to download information from a confidential database on KFI's computer system and transfer that information to Nosal. (12) The coworkers had authorization to access the database, but KFI's policy forbade disclosure of confidential information. (13) The government charged Nosal with, inter alia, violations of [section] 1030(a)(4) for aiding and abetting his former coworkers in "exceeding [their] authorized access" with intent to defraud. (14) Nosal filed a motion to dismiss the indictment, arguing that the CFAA targeted hacking, not misuse of information obtained with permission. (15)

The district court initially denied Nosal's motion, holding that accessing a computer "knowingly and with the intent to defraud ... renders the access unauthorized or in excess of authorization." (16) The court determined that the CFAA was unambiguous and refused to apply the rule of lenity. (17) However, the court reconsidered Nosal's motion in light of the Ninth Circuit's intervening decision in LVRC Holdings LLC v. Brekka, (18) in which the Ninth Circuit narrowly interpreted the phrases "without authorization" and "exceeds authorized access." On reconsideration, the court held that an employee "exceeds authorized access" only if she does not have permission to access the information for any reason. (19) The court dismissed five CFAA counts against Nosal, (20) and the government appealed. (21)

The Ninth Circuit initially reversed and remanded. (22) The court held that an employee "exceeds authorized access" when she "violates the employer's computer access restrictions -- including use restrictions. …

The rest of this article is only available to active members of Questia

Already a member? Log in now.

Notes for this article

Add a new note
If you are trying to select text to create highlights or citations, remember that you must now click or tap on the first word, and then click or tap on the last word.
One moment ...
Default project is now your active project.
Project items

Items saved from this article

This article has been saved
Highlights (0)
Some of your highlights are legacy items.

Highlights saved before July 30, 2012 will not be displayed on their respective source pages.

You can easily re-create the highlights by opening the book page or article, selecting the text, and clicking “Highlight.”

Citations (0)
Some of your citations are legacy items.

Any citation created before July 30, 2012 will labeled as a “Cited page.” New citations will be saved as cited passages, pages or articles.

We also added the ability to view new citations from your projects or the book or article where you created them.

Notes (0)
Bookmarks (0)

You have no saved items from this article

Project items include:
  • Saved book/article
  • Highlights
  • Quotes/citations
  • Notes
  • Bookmarks
Notes
Cite this article

Cited article

Style
Citations are available only to our active members.
Buy instant access to cite pages or passages in MLA, APA and Chicago citation styles.

(Einhorn, 1992, p. 25)

(Einhorn 25)

1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

Cited article

Statutory Interpretation - Computer Fraud and Abuse Act - Ninth Circuit Holds That Employees' Unauthorized Use of Accessible Information Did Not Violate the CFAA
Settings

Settings

Typeface
Text size Smaller Larger Reset View mode
Search within

Search within this article

Look up

Look up a word

  • Dictionary
  • Thesaurus
Please submit a word or phrase above.
Print this page

Print this page

Why can't I print more than one page at a time?

Help
Full screen

matching results for page

    Questia reader help

    How to highlight and cite specific passages

    1. Click or tap the first word you want to select.
    2. Click or tap the last word you want to select, and you’ll see everything in between get selected.
    3. You’ll then get a menu of options like creating a highlight or a citation from that passage of text.

    OK, got it!

    Cited passage

    Style
    Citations are available only to our active members.
    Buy instant access to cite pages or passages in MLA, APA and Chicago citation styles.

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn, 1992, p. 25).

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn 25)

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences."1

    1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

    Cited passage

    Thanks for trying Questia!

    Please continue trying out our research tools, but please note, full functionality is available only to our active members.

    Your work will be lost once you leave this Web page.

    Buy instant access to save your work.

    Already a member? Log in now.

    Author Advanced search

    Oops!

    An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.