• LinkedIn
  • YouTube
  • Twitter
  • Facebook
  • Google+

Backdoor computer access is a federal crime!

Get PDF file

by on
in HR Management,Human Resources

Remind employees that attempting to access computer records after they terminate employment may land them in prison—even if they do so with the willing assistance of a current employee.

The 9th Circuit Court of Appeals has ruled that accessing computer files using a current employee’s username and password violates federal criminal law.

Recent case: David worked for Korn/Ferry International, an executive search firm. While employed, he had access to a database containing the names and data on executives who might be good matches for job openings.

When David decided to set up his own competing executive search firm, he first allegedly tried using his own username and password to access information from the database, presumably to use in his new business.

Then, once he left the company, he enlisted insider help to get more information from the database. A Korn/Ferry employee gave him his username and password to use to access the database.

David was arrested and charged with violating the federal Computer Fraud and Abuse Act. The U.S. attorney charged him with two counts: One for using his own computer access before leaving the company and one for using his accomplice’s computer credentials.

The case worked its way up to the 9th Circuit Court of Appeals, which concluded that using his own access while employed—even for the purpose of misusing the information—wasn’t a crime under the CFAA. However, using the current employee’s credentials was.

In addition, the court found that David’s actions violated the federal Economic Espionage Act. It concluded that a list of customers could qualify for trade secret protection, especially if it contained additional information such as contact data, employment history, resumes and other differentiating information. (United States v. Nosal, No. 14-10037, 9th Cir., 2016)

Leave a Comment