About two years ago, my partner Steve Riden and I wrote a blog post on my old blog (the Trade Secrets / Noncompete Blog) entitled, Back to the Basics… The Computer Fraud and Abuse Act. The post was a brief summary of the Computer Fraud and Abuse Act (18 U.S.C. § 1030), which was really designed to protect against computer hackers (a la War Games), but which has begun to be used with more frequency in trade secret cases.
About the same time, one of my former colleagues, Jeff Kopp, discussed a split among federal courts concerning the scope of the Computer Fraud and Abuse Act, specifically, whether it applies to employees who exceed the scope of their authorization to use their employer’s (or former employer’s) computers. See Federal Courts Split on Computer Fraud and Abuse Act. Others have raised concerns that the statute could make it illegal for someone surfing the Internet to exceed the terms of service of websites they visit.
On September 15, 2011, the Senate Judiciary Committee considered a bill that would limit the scope of the Computer Fraud and Abuse Act so that it would not apply to exceeding the scope of website terms of service. See Bill Tweaked in Senate: Terms of Service no Longer Terms of Felony.
On November 15, 2011, Richard Downing, Deputy Chief of the Computer Crime and Intellectual Property Section, Criminal Division, provided testimony before the House Committee on Judiciary, Subcommittee on Crime, Terrorism, and National Security. His testimony is reflected in “Cybersecurity: Protecting America’s New Frontier” and advocates expanding (or at least not curtailing) the scope of the statute and is very similar to that provided by James A. Baker, Associate Deputy Attorney General, presented on September 7: here.
In short, Deputy Chief Downing suggested several specific ways to clarify to the statute (which, as noted in my prior blog post, is not the picture of clarity) and enhance the protections afforded by the statute. While his suggestions largely focused on the criminal side of the statute, he did also advocate for a broad civil interpretation of the bill, i.e., having it reach employees who exceed their authorized use of their employer’s computers and as well as Internet users who exceed the scope of the terms of service of websites they visit.
Time will tell whether, and if so how, the statute will be amended. I am predicting that it will be amended and that – at least on the criminal side – it will not be limited.