Executive ‘Hacking’ Case Ends in Conviction

     SAN FRANCISCO (CN) – With overt hacking charges gutted from the indictment of an executive headhunter accused of swiping trade secrets, a federal jury convicted him Wednesday on all remaining counts.
     David Nosal had been charged in 2008 after he apparently convinced former co-workers at the executive-search firm Korn/Ferry to log onto a confidential database and mine it for new clients for his competing business.
     Though the grand jury initially charged Nosal with trade secret theft, mail fraud and conspiracy, superseding indictments later included counts of computer intrusion – hacking – under the Computer Fraud and Abuse Act (CFAA).
     U.S. District Judge Marilyn Patel had thrown out the CFAA charges in 2010, and an en banc panel of the 9th Circuit ultimately agreed that the Justice Department’s reading of the anti-hacking law had been overbroad. It said the statute was meant to punish hacking and not the misappropriation of trade secrets.
     To find otherwise would “criminalize any unauthorized use of information obtained from a computer” and “make criminals of large groups of people who would have little reason to suspect they are committing a federal crime,” Chief Judge Alex Kozinski wrote last year.
     A narrower view of the law was deemed more appropriate since the government’s interpretation could create a world in which frittering away work time on the Internet becomes a federal crime, according to the ruling.
     “Minds have wandered since the beginning of time and the computer gives employees new ways to procrastinate, by g-chatting with friends, playing games, shopping or watching sports highlights,” Kozinski wrote. “Such activities are routinely prohibited by many computer-use policies, although employees are seldom disciplined for occasional use of work computers for personal purposes. Nevertheless, under the broad interpretation of the CFAA, such minor dalliances would become federal crimes. While it’s unlikely that you’ll be prosecuted for watching Reason.TV on your work computer, you could be. Employers wanting to rid themselves of troublesome employees without following proper procedures could threaten to report them to the FBI unless they quit. Ubiquitous, seldom-prosecuted crimes invite arbitrary and discriminatory enforcement.”
     Because some of Nosal’s accomplices had permission to access the company database as Korn/Ferry employees, they did not “exceed authorized access” under the CFAA, the panel found.
     “The government assures us that, whatever the scope of the CFAA, it won’t prosecute minor violations,” Kosinski added. “But we shouldn’t have to live at the mercy of our local prosecutor.”
     On remand, federal prosecutors pared down the indictment of Nosal to just six charges – one count of conspiracy, three counts of unauthorized access to a computer used in interstate or foreign commerce or communication, one count of unauthorized downloading and copying of trade secrets, and one count of unauthorized receipt or possession of stolen trade secrets.
     After a two-week trial and two days of deliberations, a federal jury convicted 55-year-old Nosal of all six charges after just two days of deliberations. He faces five years in prison and a $250,000 fine on the conspiracy and unauthorized access charges, and 10 years and the same fine for the trade secrets charges.
     U.S. District Judge Edward Chen scheduled sentencing for Sept. 4. Nosal’s lawyers promised a return to the 9th Circuit to appeal their client’s convictions.
     “I am extremely optimistic that all the counts will be overturned,” attorney Steven Gruel told The Recorder.
     Dennis Riordan, of the firm Riordan & Horgan, agreed and indicated that the Justice Department’s case still contained too much of an anti-hacking element even after the 9th Circuit gutted it.
     “This is a very legally complicated case,” Riordan told The Recorder. “We’re as much convinced as we ever were that under the law these were not trade secrets, that under the law this was not computer hacking under the CFAA.”

%d bloggers like this: