Could checking your Facebook page at work become illegal?
Logging into Facebook, perusing eBay and surfing to other decidedly non-work related sites may not just upset your boss; it could also be a federal offense.
That's according to two Boston College professors who recently authored a paper on how a broad interpretation of the 1986 Computer Fraud and Abuse Act (CFAA) could criminalize the routine behavior of every employee who uses a workplace computer in their job.
As the First, Fifth, Seventh and Eleventh Circuit Courts of Appeal interpret it, a breach of a company's computer policy for example a ban on accessing dating sites and social media for example, also constitutes a violation of the CFAA.
The law was originally written to punish and deter criminal hacking, but as technology experts point out, innovation in technology has outpaced the laws that govern it.
The CFAA, a 1986 law that predates HTTP and the Web as we know it, makes it a crime to "access a computer without authorization or exceed authorized access ... from [a] protected computer." Based on the law's own definitions, a "protected computer" is virtually any device with a microprocessor and a network connection. Today, virtually everyone "accesses" one when they point their browser to any webpage.
Since the law allows private right of action, companies could, in theory, successfully sue their employees for any computer policy violation, even something as benign as sending your spouse an email about being late for dinner.
In their paper, published in the American Business Law Journal, Professors Stephanie Greene and Christine Neylon O'Brien also discuss United States v. Nosal, in which the former employee of an executive recruiting firm was prosecuted under the CFAA after he conspired with then-current employees to give him the company's proprietary information with the intention of setting up a competing business.
"If you spend time at work checking Facebook or shopping online you might be violating your employer’s computer policy. But you might also be committing a federal crime. For the past decade or so, courts have disagreed over the scope of the Computer Fraud and Abuse Act. Some courts have found that an employee who violates a workplace policy, breaches a contract, or breaches a duty of loyalty to his employer may be both civilly and criminally liable under this Act. Computers provide new opportunities for distraction at work; they also provide opportunities for dishonest behavior. While some behavior is clearly criminal, it is not always clear what type of behavior should be criminal under the Act, particularly as social norms about workplace habits and computer use are constantly evolving.
This article focuses on the variety of ways courts construe the Computer Fraud and Abuse Act which criminalizes some types of access to computers, detailing how courts continue to struggle with an accepted interpretation of what is, and what is not, criminal. A recent highly anticipated case, the Ninth Circuit’s en banc United States v. Nosal decision, reflects this discord. In a 9-2 decision, the court held that the ambiguous criminal statute should be given limited applicability because its general purpose is to punish hacking rather than acts such as misappropriation of confidential information. The decision expresses concern that a broad interpretation of the statute would criminalize a range of acts we all engage in on employer networks. The Ninth Circuit’s interpretation creates a notable split of opinion with the First, Fifth, Seventh and Eleventh circuit courts of appeal. More recently, the Fourth Circuit followed the reasoning of the Ninth Circuit’s narrow interpretation theory thereby furthering the division of opinion on this issue."
http://www.technewsdaily.com/15861-cfaa-prosecute-routine-behavior.html?