Anti-Computer Hacking Law Not for Prosecuting Disloyal Employees, Appeals Court Rules

Employees who misuse their employer’s computerized data to further their own interests cannot be prosecuted under provisions of a federal law meant to punish computer hackers, an appeals court has ruled.

LVRC Holdings had sued its former employee, Christopher Brekka, and his wife, Carolyn Quain, accusing Brekka of misusing company data by emailing himself the company’s list of clients and other internal documents so he and his wife could cherry pick the clients to start their own consulting company. Brekka was employed by LVRC Holdings at the time he forwarded himself the company documents.

The company sought to apply provisions of the Computer Fraud and Abuse Act (CFAA), the federal law passed in 1984 to prosecute people who crack computer codes and commit other computer-related crimes. The Ninth Circuit Court of Appeals recently ruled against the company and held that the law cannot be used against employees like Brekka who are disloyal and misuse company information they obtain during their employment.

‘Unauthorized Access’ or Just Sneaky Employee?

LVRC contended that Brekka had unlawfully gained access to company computers in order to obtain the sensitive data. But Brekka was not a hacker. He used his work computer and company-issued log in while still employed by LVRD to access the client list, a company marketing report, and other documents and send the documents to his home computer.

The appeals court disagreed with LVRC’s claim that Brekka’s accessing of company documents using company computers and a company-issued log on constituted “unauthorized access” under CFAA, largely because his job required him to use the computer.

“We hold that a person uses a computer ‘without authorization’… when the person has not received permission to use the computer for any purpose (such as when a hacker accesses someone’s computer without any permission), or when the employer has rescinded permission to access the computer and the defendant uses the computer anyway,” the judges wrote, according a report on Ars Technica.

The appeals court also rejected LVRC’s argument that Brekka had logged onto the company website using his employee log in after he left the company to obtain additional data. Brekka, the court held, had presented “undisputed evidence” that other employees had used his work computer after he left and they could have been the ones who accessed the company website, according to the Ars Technica report.

No related posts.

FREE Case Review

Defective DrugsAdverse reactions to medications on the market.

Personal InjuryPersonal injuries resulting from negligence may lead to significant medical expenses.

Toxic ExposureDangerous toxins linked to cancers, birth defects, and chronic respiratory problems.

DiseasesDangerous toxins linked to cancers, birth defects, and chronic respiratory problems.

Financial FraudsUnethical actions by large corporations may cause financial hardship.

Medical MalpracticeMedical errors or negligent health care resulting in injury or death.

Anti-Computer Hacking Law Not for Prosecuting Disloyal Employees, Appeals Court Rules

‘Unauthorized Access’ or Just Sneaky Employee?

FREE Case Review

Trending Topics