Employers usually have computer usage policies, which detail that employees can only use computers for work-related purposes. In other words, employees cannot access social networking websites or other unrelated websites. In my practice, I have observed employers monitor and track employees’ computer usage.
A new wrinkle to the computer usage scenario has popped into the Circuit courts. United States v. Nosal, 10-cv-10038 (9th Cir. 2012), examined the issue of criminalization of improper computer usage by an employee. The issues presented at the court where as follows:
Does an employee who violates such a policy commit a federal crime? How about someone who violates the terms of service of a social networking website?
In summary, the Ninth Circuit held that under a strict scrutiny read of the Computer Fraud and Abuse Act, 18 USC 1030, Congress did not intend to criminalize computer use exceeding authorized access. The Ninth Circuit agreed with the district court that “[t]here is simply no way to read [the definition of ‘exceeds authorized access’] to incorporate corporate policies governing the use of information.” In other words, the CFAA, the anti-hacking statute, is not an expansive misappropriation statute.