Skip to main content

Court: Disloyal Employees Not Hackers

Good news for disgruntled employees wanting to hack into the company database and steal all the information for personal use. According to Ninth U.S. Circuit Court of Appeals, the Computer Fraud and Abuse Act cannot be used to prosecute ex-employees-- those who were once authorized to access company computers--for using company information after quitting the job. This means that ex-employees are now off the hook even if their intent with the "stolen" data was to open a competing business.

According to Ars Technica, the decision came after LVRC Holdings filed a lawsuit against a former employee, his wife, and their independent consulting business. The company claims that the ex-employee used the company computers "without authorization" to email to himself LVRC client files for use in his business once he left the company. The judge disagreed with the "unauthorized access," saying that he had permission as an employee.

Unfortunately, today's ruling contradicts a 2006 decision made by the Seventh U.S. Circuit Court of Appeals in Chicago, saying that employees lose authorization to company computers if the motives are disloyal. but on Wednesday the court said that there is no language in the 1984 statute that supports the argument that "authorization to use a computer ceases when an employee resolves to use the computer contrary to the employer’s interests."

Because of the contradiction, Wednesday's decision may end up in the U.S. Supreme Court for a possible review.

  • JohnnyLucky
    Huh? Another really bizarre situation. Truth stranger than fiction.
    Reply
  • blackened144
    Hacking is getting electronic access to anything that you are not supposed to access. Once you are terminated, you loose said access. Anything after the fact should still be considered "hacking". Even if you sent yourself items before your termination, doing anything with them after you have been terminated, is still use without access, which is still "hacking". I dont see how the fact that you had legal access at one point in time somehow makes it not "hacking" when you do it after your access is rescinded.
    Reply
  • rcmaniac25
    I think that if they had previous access the company would need to change all passwords, encription, etc. because the ex-employee knows them. If they don't want to do that than they need to expect data to be copyied. What the ex-employee cannot do is use it to start a business or sell the data. A business has to start some where but it shouldn't be started from someone else's work unless they sold the rights or business to the new company.
    Reply
  • rcmaniac25
    Forgot, but even if they had access and the company expects data to be copied it shouldn't be allowed because it is unauthorized access.
    Reply
  • People overestimate the worth of data, unless we're talking about names, birthdays and SSNs and other things that can be used to commit fraud. Otherwise, most of it really isn't worth that much, I've never had a manager who was actually capable of generating and/or collecting useful data, they should feel flattered if somebody actually cared enough to steal it.
    Reply
  • virtualban
    Passwords and other protection is against unknown threats, those that are hard to track, but whoever steals information, current or ex-employee, if found out who did that, should be persecuted. The general idea was that hackers were hard to track down, so the 'wife' (hope she's former wife by now, not just former employee) is still committing fraud despite not being a hacker. And should be punished accordingly.
    Reply
  • skine
    To analogize it, imagine you invite a person into your house, but after some time they overstay their welcome and you ask them to leave. They leave in a timely fashion, but, on the way out, they grab something that they can carry out easily.

    Of course, you bring the matter to the authorities and they charge the person. Of course they wouldn't charge them breaking & entering or trespassing, since they didn't break in, and left in a timely manner after your request. But that doesn't change the fact that there was a crime committed.
    Reply
  • neiroatopelcc
    blackened144Even if you sent yourself items before your termination, doing anything with them after you have been terminated, is still use without access, which is still "hacking". No it is not. It's merely unauthorized use of someone elses property. You can still drag someone to court for that, but it isn't hacking.
    Reply
  • jabliese
    @skine

    What the article is talking about equates to the breaking and entering charges the authorities in your analogy do not file.
    Reply
  • jellico
    neiroatopelccNo it is not. It's merely unauthorized use of someone elses property. You can still drag someone to court for that, but it isn't hacking.I agree, this is NOT hacking and should not be subject to criminal prosecution. This is more like breach of contract. Your employment to an organization is a contract between you and your employer. The data that you have authorized access to is a tool of that arrangement. This should be left to civil court.
    Reply