As unbelievable as it may sound, a court has ruled that it is OK for employees to hack their employer’s computer, even if it is for disloyal purposes. The court went on to say that employees do not lose or exceed that access under the Computer Fraud and Abuse Act, even when they steal data in order to open a competing business. Apparently the 1984 law doesn’t cover employees who are authorized to use the computers, even if the employees steal data.
According to one article it also stated that:
In July, for example, a Los Angeles federal judge tossed the guilty verdicts against Lori Drew, who was charged criminally of participating in a MySpace cyberbullying scheme against a 13-year-old Missouri girl who later committed suicide. The case against the 50-year-old Drew hinged on the government’s novel argument that violating MySpace’s terms of service was the legal equivalent of computer hacking and a violation of the CFAA.
The appellate court’s decision Wednesday, meanwhile, sets the stage for possible review by the U.S. Supreme Court. The ruling conflicts with a 2006 decision by the Chicago-based 7th U.S. Circuit Court of Appeals that said employees lose “authorization” to company computers if their motives are disloyal.
Congress adopted the CFAA to enhance the government’s ability to prosecute hackers who accessed computers to steal information or to disrupt or destroy computer functionality. The CFAA prohibits a number of computer crimes, but the majority focus on accessing computers without authorization or in excess of authorization.
At issue before both appellate courts was the area of the law granting the public the right to sue for damages.
In both cases, the employers maintained the employees forfeited their “authorized access” when using a company computer to acquire confidential information to further their personal interests rather than the company’s interests.
The San Francisco court ruled that, if a company has provided employees authorization to access internal materials, workers couldn’t be sued under the anti-hacking statute unless they encroach into files in which they were not given permission.
Sounds like the laws need to be changed to cover this type of employee theft.