Please create an account to participate in the Slashdot moderation system


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

Businesses Privacy The Courts Your Rights Online

Court Rules Workers Did Not Overstep On Stealing Data 88

Posted by samzenpus
from the no-harm-no-foul dept.
MikeatWired writes "In a somewhat startling decision, the U.S. Court of Appeals for the Ninth Circuit has ruled that several employees at an executive recruitment firm did not exceed their authorized access to their company's database when they logged into the system and stole confidential data from it. The appellate court's decision affirms a previous ruling made by the U.S. District Court for the Northern District of California. The government must now decide if it wants to take the case all the way to the U.S. Supreme Court. The judge wrote that the Computer Fraud and Abuse Act, under which they were charged, applies primarily to unauthorized access involving external hackers. The definition of 'exceeds authorized access' under the CFAA applies mainly to people who have no authorized access to the computer at all, the judge wrote. The term would also apply to insiders who might have legitimate access to a system but not to specific information or files on the system Applying the language in the CFAA any other way would turn it into a 'sweeping Internet-policing mandate,' he wrote."
This discussion has been archived. No new comments can be posted.

Court Rules Workers Did Not Overstep On Stealing Data

Comments Filter:
  • by Anonymous Coward on Friday April 20, 2012 @08:32AM (#39744573)

    >The ruling is equivalent to "if you have a logon, you should have root".

    Except that the defendants were authorised to access the data in question. The alternative is to allow the company to retroactively deny authorisation, which opens up the CFAA to criminalise any data access at all.

"Mach was the greatest intellectual fraud in the last ten years." "What about X?" "I said `intellectual'." ;login, 9/1990