The Supreme Court last week upheld a narrow reading of the chief federal computer crimes act used by businesses to punish employees who wrongfully access information held in company computers. US courts have disagreed for years on the scope of the CFAA. Some have used it to convict employees for stealing information from employers when they access information they are not supposed to access. Others have used it only in cases where the employee then misuses such information. The law is frequently wielded against insiders who have stolen confidential company information, often as they leave to start a competing job or as retaliation for a job termination.
Last week's case involved a Georgia police officer who impermissibly accessed a database to discover whether a civilian was actually an undercover officer. The Supreme Court sided with those courts that have read the CFAA narrowly (i.e., if information is actually accessible to an employee, improper access of it is not punishable under the CFAA).
The import of this decision remains to be seen. It does seem that deeming information "off limits" to certain employees will not be enough to trigger application of the CFAA if they break the rules and access it anyway. Instead, businesses will need to consider whether sensitive, confidential, or otherwise secret information should be protected with some form of security (passwords, encryption, etc.) against prying employees.
The decision was 6-3, with the majority evenly split between conservative and liberal justices.
/Passle/61f3627a0c51c3165820f0e7/MediaLibrary/Images/5ff4a070535488111cdbfec9/2024-01-17-18-25-18-859-65a81b8e3f5d760a89621ac7.png)
