Feeds

Judge: Checking Facebook at work is not a crime

'Sometimes we use computers for ... play'

SANS - Survey on application security programs

Checking your personal email on a work computer is not a federal crime, a judge in San Francisco has ruled (PDF), despite the US government trying to argue otherwise.

Judging on the case of US v Nosal, maverick San Fran judge* Alex Kozinski concluded that doing non-work things on work facilities was not criminal, though he accepted that it could breach the terms of employment.

Kozinski booted out computer abuse charges against a IT worker, David Nosal, who filched company information from confidential databases and used it to help start his own business. Nosal was indicted on several accounts, which included theft of trade secrets and a breach of the Computer Fraud and Abuse Act (1984). It was the Computer Abuse charges that were at issue in the appeal that came before Kozinski in the US Ninth Court of Appeals in San Francisco.

The ruling yesterday clears Nosal of the Computer Fraud and Abuse charges and at the same time redefines the law on computer abuse. Kozinski said that extending the notion of what entails abuse in the Computer Fraud and Abuse Act – which was aimed at criminalising hacking – was dangerous as it could then be extended to faffing around on the internet while in the office:

The government’s construction of the statute would expand its scope far beyond computer hacking to criminalize any unauthorized use of information obtained from a computer. This would make criminals of large groups of people who would have little reason to suspect they are committing a federal crime.

At its most extreme, a ruling in favour of the government would mean that anyone using a work facility (such as a computer) for an non-work purpose (such as Facebook) could be committing a federal crime. The ruling said:

Minds have wandered since the beginning of time and the computer gives employees new ways to procrastinate, by gchatting with friends, playing games, shopping or watching sports highlights. Such activities are routinely prohibited by many computer-use policies, although employees are seldom disciplined for occasional use of work computers for personal purposes. Nevertheless, under the broad interpretation of the CFAA, such minor dalliances would become federal crimes. While it’s unlikely that you’ll be prosecuted for watching Reason.TV on your work computer, you could be.

Kozinski's judgment wades into wide-ranging questions of whether downloading an app on a work phone or giving misleading information on a dating site could be construed as computer abuse. He concludes that criminalising a broad range of day-to-day activities would be undesirable and could lead to discriminatory enforcement. ®

Bootnote

*Judge Kozinski has appeared on The Register's radar before, and consulting our archives, we see that he, of all the federal judges, might be expected to understand the nature of play on the computer. Alex Kozinski was caught hosting and sharing a substantial quantity of porn on his personal website back in 2008. He recused himself from the case he had been hearing and was cleared of any judicial wrongdoing by the Judicial Council of the Third Circuit (PDF). ®

Judge Kozinski's Opinion on Nosal v US Gov

3 Big data security analytics techniques

More from The Register

next story
From corporate bod to startup star: The 10-month gig that changed everything
What I learned as a techie in my time away from globo firms
Facebook snubbed Google's Silicon Valley wage-strangle pact, Sheryl Sandberg claims
Report details letter COO wrote to court addressing 'no-compete deal' lawsuit
Another day, another nasty Android vuln
Memory corruption mess can brick your mobe
Barclays warns freelance techies of DOUBLE DIGIT rate cut
'IT was a car crash before, so this isn't going to get any better' - sources
VMware announces compulsory bi-ennial VCP recertification
Downside: more time and money; Upside: VMware hints at two-yearly release cycle
Sysadmins and devs: Do these job descriptions make any sense?
Industry lobby group defines skills used in 25 common IT jobs
Who earns '$7k a month' but can't even legally drink? A tech intern!
Glassdoor reveals astonishing salaries of Silicon Valley undergrads
Your CIO is now a venture capitalist and you work at their startup
This just happened without you changing job, by the way
Turnover at the top in Oz telco-land as AAPT, Huawei, Optus, lose top brass
Move along, nothing to see here but orderly transitions
prev story

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.