United States v. Nosal

Summarized by:

  • Court: 9th Circuit Court of Appeals Archives
  • Area(s) of Law: Civil Law
  • Date Filed: 04-10-2012
  • Case #: 10-10038
  • Judge(s)/Court Below: Chief Judge Kozinski for the Court; Circuit Judges Pregerson, McKeown, Wardlaw, Gould, Paez, Clifton, Bybee, and Murguia; Circuit Judges Silverman and Tallman Dissenting
  • Full Text Opinion

The Court held that “exceeds authorized access” in the Computer Fraud and Abuse Act 18 U.S.C. § 1030 “is limited to violations of restrictions on access to information, and not restrictions on its use.”

The government charged David Nosal with violating the Computer Fraud and Abuse Act (CFAA) under 18 U.S.C. § 1030(a)(4), “for aiding and abetting the Korn/Ferry employees in “exceed[ing their] authorized access” with intent to defraud,” when he left the firm and convinced some of its employees to log in to the company’s computers and send him confidential information. “Nosal filed a motion to dismiss the CFAA counts, arguing that the statute targets only hackers, not individuals who access a computer with authorization but then misuse information they obtain by means of such access.” When the district court rejected his argument, “Nosal filed a motion for reconsideration and a second motion to dismiss.” The district court reversed and “dismissed counts 2 and 4-7 for failure to state an offense. The government appeal[ed].” Nosal’s narrow interpretation of “without authorization” and “exceeds authorized access” “maintains the CFAA’s focus on hacking rather than turning it into a sweeping Internet-policing mandate.” The Court considered that “Congress obviously meant “exceeds authorized access” to have the same meaning throughout section 1030.” The Court reasoned that “the government’s proposed interpretation of the CFAA allows private parties to manipulate their computer-use and personnel policies so as to turn these relationships into ones policed by the criminal law” and “basing criminal liability on violations of private computer use polices can transform whole categories of otherwise innocuous behavior into federal crimes simply because a computer is involved.” The Court held that “exceeds authorized access” “is limited to violations of restrictions on access to information, and not restrictions on its use” and “[b]ecause Nosal’s accomplices had permission to access . . ., the government’s charges fail to meet the element [of the statute] . . .” AFFIRMED.

Advanced Search