Employees may be prosecuted under a federal antihacking statute for taking computer files that they were authorized to access and using them in a manner prohibited by the company, a federal appeals court has ruled.

The case decided 2-1 Thursday by the 9th U.S. Circuit Court of Appeals concerned the Computer Fraud and Abuse Act. Congress adopted the CFAA in 1986 to enhance the government’s ability to prosecute hackers who accessed computers to steal information or to disrupt or destroy computer functionality.

“As long as the employee has knowledge of the employer’s limitations on that authorization, the employee ‘exceeds authorized access’ when the employee violates those limitations. It is as simple as that,” Judge Stephen Trott wrote in an opinion (.pdf) joined by Judge Diarmuid O’Scannlain.

A federal judge who presided over the prosecution tossed the guilty verdicts in July 2009, and the government declined to appeal.

So now, even borrowing your colleague’s jump drive could get you prosecuted.

 

Comments