Slashdot Mirror

← Back to Stories (view on slashdot.org)

Court Rules Workers Did Not Overstep On Stealing Data

Posted by samzenpus on from the no-harm-no-foul dept.

MikeatWired writes "In a somewhat startling decision, the U.S. Court of Appeals for the Ninth Circuit has ruled that several employees at an executive recruitment firm did not exceed their authorized access to their company's database when they logged into the system and stole confidential data from it. The appellate court's decision affirms a previous ruling made by the U.S. District Court for the Northern District of California. The government must now decide if it wants to take the case all the way to the U.S. Supreme Court. The judge wrote that the Computer Fraud and Abuse Act, under which they were charged, applies primarily to unauthorized access involving external hackers. The definition of 'exceeds authorized access' under the CFAA applies mainly to people who have no authorized access to the computer at all, the judge wrote. The term would also apply to insiders who might have legitimate access to a system but not to specific information or files on the system Applying the language in the CFAA any other way would turn it into a 'sweeping Internet-policing mandate,' he wrote."

1 of 88 comments (clear)

  1. Re:Good news everyone... by Richard_at_work · · Score: 1, Redundant

    Not really, because it junks the entire concept of limited authorisation within a corporation - if 'exceeds authorized access' doesn't apply when your authorisation is limited just because you are a legitimate employee of that company, then a significant portion of the point of limited authorisation is thrown out.

    Your employees can attack from within with impunity.