Judges on the U.S. Court of Appeals for the Ninth Circuit are hearing arguments over a criminal case about the legality of sharing passwords and login credentials for computer services such as Netflix, a common activity that might violate federal law.
In 2004, David Nosal resigned from a Los Angeles company but continued to work as an independent contractor for the company, agreeing to not compete with the company for one year. Nosal convinced company employees to give him access to internal databases to help him start his own business.
In 2008, Nosal was charged with multiple violations of the Computer Fraud and Abuse Act (CFAA), a federal law criminalizing unauthorized access to computer systems, and was indicted in 2008. Since 2008, Nosal has been challenging his conviction with legal appeals.
In 2012, the U.S. Court of Appeals for the Ninth Circuit agreed with Nosal’s claim that violating employers’ corporate policy is not a federal crime, requiring the case to return to the U.S. District Court for the Northern District of California to settle the remaining charges.
The lower court upheld the conviction, and Nosal’s case has returned to the Court of Appeals, where arguments over the district court’s ruling will begin in October.
Brave New Worlds
Jamie Williams, a lawyer at the Electronic Frontier Foundation, says people no longer live in the world in which CFAA was written.
“It didn’t even envision the type of world we live in today, where we use other people’s computers all the time,” Williams said. “Every time I check my e-mail, I’m logging into Gmail’s computer. Every time I log onto Facebook, I’m logging into Facebook’s computer. We live in this very connected world, and the CFAA is so vague.”
Laws, Laws, and More Laws
Williams says ambiguous laws and over-criminalization violate the Constitution.
“Our Constitution requires that the criminal laws give everybody notice of what’s being criminalized, so we know what we can do, what’s right and what’s wrong. That’s what our Constitution requires,” Williams said.
Michael Seibler, a legal fellow at The Heritage Foundation’s Edwin Meese III Center for Legal and Judicial Studies, says CFAA is an example of over-criminalization.
“It was originally designed to prevent hackers from going into computer networks maintained by the federal government or taking the confidential information maintained on federal computers,” Seibler said. “Since 1986, Congress has amended this several times, of course, and each time they’ve amended it, the scope has gotten a lot bigger. If a federal prosecutor brings you in their crosshairs, it’s only a matter of time and investment of resources before you’re found guilty of a crime. If they want you to be guilty of something, chances are they can substantiate that claim.”
