Robert Milligan Quoted in Law360
"CFAA's Criminal Reach Unsettled After Nosal Ruling"

Seyfarth Shaw partner Robert Milligan was quoted in Law360 on May 6 in an article which discussed a recent ruling regarding the Computer Fraud and Abuse Act (CFAA), and whether workers can be held criminally liable for violating their employers' policies on computer use and access.

The decision reversed a district court ruling and reinstated previously dismissed CFAA counts in a criminal case against David Nosal, who allegedly engaged employees from his previous employer in obtaining information for him from their company's computer system, and Nosal had left that company in order to start a competing business.

"The panel majority meant for its decision to apply only to the section of the CFAA squarely before it, and expected the requirements in Section 1030(a)(4)—which requires fraudulent intent and the obtaining of something of value for there to be a violation—to serve as a check against the potential criminalization of innocuous worker conduct that may violate company policy," Robert said. The issue hinged on the CFAA language, "exceeds authorized access," which appears twice in Section 1030, and it does not contain the same language requiring "fraudulent intent and the obtaining of something of value."

The Nosal ruling said that the language contained in CFAA Section 1030(a)(4) did not make criminals out of workers who violate computer use policies for personal but innocuous purposes (i.e. checking personal email, the weather, sports scores, etc.).
 
"There's going to have to be some sort of reconciliation between what the majority decision says and what the rest of the statute says," Robert stated.