PogoWasRight.org

Menu
  • About
  • Privacy
Menu

EFF Says Violating Company Policies Is Not a Computer Crime

Posted on September 15, 2010July 3, 2025 by Dissent

Marcia Hofmann of EFF writes:

The Electronic Frontier Foundation (EFF) urged a federal appeals court Tuesday to dismiss charges that would turn any employee use of company computers in violation of corporate policy into a federal crime.

In U.S. v. Nosal, an ex-employee is being prosecuted on the claim that he induced current company employees to use their legitimate credentials to access the company’s proprietary database and provide him with information, in violation of corporate computer-use policy. The government claims that the violation of this private policy constitutes a violation of the Computer Fraud and Abuse Act (CFAA). Following a decision issued just last year by the U.S. Court of Appeals for the 9th Circuit, the District Court ruled against the government, holding that violations of corporate policy are not equivalent to violations of federal computer crime law. The government appealed to the 9th Circuit.

In an amicus brief filed in the case on Tuesday, EFF argues that turning mere violations of company policies into computer crimes could potentially create a massive expansion of the CFAA, turning millions of law-abiding workers into criminals.

“Companies’ policies often prohibit personal use of company computers. The government’s argument here would potentially turn employees into criminals if they check the baseball scores or update their Facebook statuses at an office where such a policy is in place,” said EFF Senior Staff Attorney Marcia Hofmann. “Company policies aren’t written with the care and precision that we require in a criminal statute. Instead, they are often vague, arbitrary, confusing and contradictory. It’s not fair or reasonable to turn any violation of company policy into a crime.”

The extension of the CFAA into company policies is only one of the places where EFF has been combating overbroad use of the statute to criminalize what are essentially breaches of contract. Over the last several months, EFF has filed amicus briefs in two other cases where the government attempted to use computer crime laws to turn a violation of a website’s terms of service into a criminally punishable act.

“A district court has already made the correct decision here, and ruled that these indictments are contrary to law,” said Hofmann. “We’re urging the appeals court to affirm that important decision, and reject this dangerous expansion of the CFAA.”

For the full amicus brief:
http://www.eff.org/files/filenode/us_v_nosal/NosalAmicusFinal091410.pdf

Related posts:

  • Is EFF defending corporations from people whose lives have been RUINED, like attorney Carrie Goldberg claims? Part 2 (EFF’s Response)
Category: CourtWorkplace

Post navigation

← Gun turned up after hands went up and pants fell down – Court upholds cop’s decision to pull up a suspect’s baggy jeans
Internet Founder Tim Berners-Lee Details 4 Concerns About Future of Mobile Web →

Now more than ever

Search

Contact Me

Email: info@pogowasright.org

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

Categories

Recent Posts

  • Navigating Privacy Gaps and New Legal Requirements for Companies Processing Genetic Data
  • Germany’s top court holds that police can only use spyware to investigate serious crimes
  • Flightradar24 receives reprimand for violating aircraft data privacy rights
  • Nebraska Attorney General Sues GM and OnStar Over Alleged Privacy Violations
  • Federal Court Allows Privacy Related Claims to Proceed in a Proposed Class Action Lawsuit Against Motorola
  • Italian Garante Adopts Statement on Health Data and AI
  • Trump administration is launching a new private health tracking system with Big Tech’s help

RSS Recent Posts on DataBreaches.net

  • Updating: Two Telegram channels and two accounts banned, one bounty offered, and BreachForums goes down
  • North Korean Kimsuky Hackers Suffer Data Breach as Insiders Leak Information Online
  • Hackers post stolen St. Paul data online as efforts to reset city employee passwords surge forward
  • Justice Department Announces Coordinated Disruption Actions Against BlackSuit (Royal) Ransomware Operations
  • NL: Hackers breach cancer screening data of almost 500,000 women
©2025 PogoWasRight.org. All rights reserved.
Menu
  • About
  • Privacy