United States v. Nosal

On April 10, 2012, Chief Judge Alex Kozinski, writing for the Ninth Circuit Court of Appeals (en banc), issued a final decision in the case United States v. Nosal, narrowly interpreting the scope of the Computer Fraud and Abuse Act (CFAA). Chief Judge Kozinski’s opinion made clear his unwillingness to expand the reach of the CFAA for fear of criminalizing a wide range of seemingly innocuous behavior that Congress did not intend.

The particular facts of this case are not nearly as significant as the question of law and statutory interpretation presented, but briefly, the United States government brought charges against defendant David Nosal and his alleged accomplices for violations of the CFAA. Nosal was a former employee of executive search firm, Korn/Ferry International, while his suspected co-conspirators were current employees of the firm. The twenty-count superseding indictment alleged that current Korn/Ferry employees transferred confidential and proprietary information to Nosal from a confidential database of executives and companies, which was developed and maintained by Korn/Ferry and considered to be of great value to the company as against competitors.

The legal question presented was whether the employees “exceeded [their] authorized access” to the company computer system, within the meaning of the CFAA, when they transmitted confidential Korn/Ferry information to Nosal in violation of their employer’s computer use restrictions. The district court denied Nosal’s motion to dismiss the indictment at first, but later dismissed most of the counts against him after granting his motion to reconsider in light of the holding in LVRC Holdings LLC v. Brekka, 581 F.3d 1127 (9th Cir. 2009). However, a 2-1 panel decision of the Court of Appeals for the Ninth Circuit reversed the district court and reinstated counts of the indictment. The majority found factual distinctions from the present case to Brekka and held that “under the CFAA, an employee accesses a computer in excess of his or her authorization when that access violates the employer’s access restrictions.” 642 F.3d at 789.

On October 27, 2011, the Ninth Circuit Court of Appeals granted Nosal’s petition for rehearing en banc, clarifying that the previous three-judge panel decision would hold no precedential value. Oral arguments were heard on December 15, 2011, and despite the circuit split now created over the scope of the CFAA, the en banc court affirmed the district court’s dismissal of several counts of the indictment. The April 10, 2012 decision held that “exceeds authorized access” in the CFAA pertains to violations of restrictions on access to information, and not restrictions on its use.

Leave a Reply

Your email address will not be published.