During recent months I’ve been reading a large number of lawsuits related to industrial espionage, sabotage, misappropriation, and theft. Most of these cases involve a current or former employee or some third party stealing valuable financial or other information.
In several recent decisions, courts have ruled that they lack criminal jurisdiction over theft of information by an employee who had access to a company’s data base. The courts essentially held that the misappropriation in question did not violate the National Stolen Property Act, the Economic Espionage Act, or the Computer Fraud and Abuse Act (CFAA).
In the case of US v. Nosal, Judge Kozinski, known for his left-of-center opinions, engaged in a display of semantic gymnastics to rule that the Computer Fraud and Abuse Act was nothing more than an anti-hacking statute and doesn’t apply to misappropriation. Essentially, he argued that employees who wasted time on Farmville, Facebook, New York Times, daily Sudoku, etc. would be in violation of the Act, which is too broad for the government to enforce. If you want to see some feathers fly in a scorching dissent, read the case.
Bottom line: Make sure to buy Cyber Liability insurance; it looks like you’re going to have a hard time getting protection from the courts, especially if you happen to be in the Ninth Circuit.