Third Circuit Signals Pro-Defendant Interpretation of the Computer Fraud and Abuse Act’s “Authorized Access” Provisions

On April 11th, the Third Circuit Court of Appeals reversed the conviction and 41-month prison sentence of a Computer Fraud and Abuse Act (CFAA) defendant, holding that he was tried and convicted in an improper venue.  U.S. v. Auernheimer, No. 13-1816 (3rd Cir. Apr. 11, 2014).  Though we usually do not post on procedural issues like these, we certainly post on substantive CFAA developments.

In footnote 5 of its opinion, the court said that the government failed to prove that defendant accessed the network “without authorization, or in excess of authorization” under New Jersey’s state computer-crime law.  That is the same language in the CFAA over which federal courts have been split for the last several years regarding employee liability for misuse of company files.  The Third Circuit’s footnote indicates that it is leaning toward the narrower, pro-employee / pro-defendant interpretation, espoused by the Fourth and Ninth Circuits, which prohibits CFAA liability for employees who merely abuse their otherwise legitimate access to company files.

To read this blog post click here