Ninth Circuit Won’t Rehear Two Computer Fraud Cases

Keep up with the latest developments and legal issues in the telecommunications and emerging technology sectors, with exclusive access to a comprehensive collection of telecommunications law news,...

By Alexis Kramer

Dec. 9 — The U.S. Court of Appeals for the Ninth Circuit won’t reconsider two earlier decisions shedding light on what constitutes unauthorized access under a federal computer fraud law.

The Ninth Circuit held in United States v. Nosal that the use of a past colleague’s password to access a former employer’s computers violates the Computer Fraud and Abuse Act (CFAA) ( United States v. Nosal , 2016 BL 409354, 9th Cir., No. 14-10275, petition for rehearing denied 12/8/16 ( Nosal II)). It held in Facebook Inc. v. Power Ventures Inc. that a social media aggregator violated the statute for accessing Facebook Inc.'s user data without permission from the social media giant ( Facebook Inc v. Power Ventures Inc. , 9th Cir., No. 13-17102, petition for rehearing denied 12/9/16 ).

The scope of the CFAA has been widely debated, particularly because it was originally designed to criminalize computer hacking. Critics have argued that the Ninth Circuit’s decisions create confusion over whether the law would now criminalize password sharing.

The Ninth Circuit rebuffed that criticism in a Dec. 8 amended opinion in Nosal II, saying a critical element of the CFAA is the requirement that the access be “knowingly and with intent to defraud.” This element “targets knowing and specific conduct and does not embrace the parade of hypotheticals generated by Nosal and amici,” the court said.

The Ninth Circuit tried to make clear that its decision wouldn’t apply in all situations, Jamie Lee Williams, staff attorney at the Electronic Frontier Foundation, told Bloomberg BNA Dec. 9. The court didn’t, however, go back and change the analysis that led to the potential confusion, she said.

Access Expressly Revoked

The appeals court held in Nosal II that defendant David Nosal accessed his former employer’s computers “without authorization” within the meaning of the statute. The court said that once the employer explicitly revoked Nosal’s computer access credentials, Nosal couldn’t “sidestep the statute by going through the back door and accessing the computer through a third party.”

Judge Stephen Reinhardt, dissenting in the case, said that the opinion lost sight of the purpose of the CFAA and could have the effect of criminalizing consensual password sharing.

Nosal asked for a full appellate court rehearing last August. He posed a number of hypotheticals of third parties accessing a computer with a legitimate account holder’s permission but without the computer owner’s, such as a mother accessing her son’s Facebook account to monitor social media usage. Nosal asked the Ninth Circuit for guidance on what conduct would be a crime under the law.

The Ninth Circuit said in its amended opinion that the decision applies to scenarios involving express revocation of access by the computer owner.

“One can certainly pose hypotheticals in which a less stark revocation is followed by more sympathetic access through an authorized third party,” the court said. “But the facts before us—in which Nosal received particularized notice of his revoked access following a prolonged negotiation—present no such difficulties, which can be reserved for another day.”

The Ninth Circuit expressed a similar view in an added footnote to its Power Ventures opinion. It said that although other fact patterns can be imagined, such as where automatic revocation follows a website’s terms of use violation, the court “need not address or resolve such questions on the stark facts before us.”

To contact the reporter on this story: Alexis Kramer in Washington at aKramer@bna.com

To contact the editor responsible for this story: Keith Perine at kperine@bna.com

For More Information

Full text of the Nosal II amended opinion at http://src.bna.com/kEW.Full text of the Power Ventures amended opinion at http://src.bna.com/kFL.

Copyright © 2016 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Tech & Telecom on Bloomberg Law