Analysis: Critics assail 1980s-era hacking law as out of step
By Grant McCool
NEW YORK (Reuters) - A 1984 U.S. anti-hacking law passed when computer crime was in its infancy is under fire for potentially going too far in criminalizing the actions of employees who violate workplace policies.
Judges across the country are divided on how the 28-year-old law, the U.S. Computer Fraud and Abuse Act, can be applied. At the same time, the Justice Department has signaled it wants to ramp up prosecutions under the law, even as it has lost some cases.
Civil liberties advocates and some lawyers and judges are questioning whether the CFAA, intended to punish hackers and other trespassers who damage computer systems or steal customer information, can be used to prosecute people inside a company who download sensitive data without their employers' approval.
The debate is centered around a key phrase in the law: that it is illegal to "intentionally access a computer without authorization or exceed authorized access." Critics argue this language is too broad and vague and could turn ordinary people into criminals for things many do routinely, such as dabble in online shopping or scan an online matchmaking site at work.
"This statute has the potential to affect millions of Americans in the workplace who work at or use a computer to do their job," said Brent Cossrow, a partner at law firm Fisher & Phillips in Radnor, Pennsylvania, which specializes in computer breach cases. "Hopefully, it gets cleared up soon."
BOUND FOR SUPREME COURT?
A split decision in April by the 9th U.S. Circuit Court of Appeals in San Francisco could be the case that forces the U.S. Supreme Court to examine the law's reach.
In a 9-2 ruling, the appeals court threw out criminal charges brought under the law against David Nosal, a former managing director at executive search firm Korn/Ferry International. Nosal was indicted in 2008 for allegedly persuading colleagues to download confidential source lists and contact information from the firm to use at his new business. Continued...