Presentation is loading. Please wait.

Presentation is loading. Please wait.

United States v. Nosal. The Nosal Fact Pattern Korn/Ferry computer Confidential information and trade secrets Authorized access by users logging in with.

Published byFay Little Modified over 9 years ago

Similar presentations

Presentation on theme: "United States v. Nosal. The Nosal Fact Pattern Korn/Ferry computer Confidential information and trade secrets Authorized access by users logging in with."— Presentation transcript:

1 United States v. Nosal

2 The Nosal Fact Pattern Korn/Ferry computer Confidential information and trade secrets Authorized access by users logging in with their credentials Transfer to a competitor with intent to defraud Does this exceed authorization?

3 Types of Unauthorized Access Access with credentials Guessed Access without credentials No explicit, specific notice Stolen Explicit, specific notice Types of unauthorized access Vulnerability Cookie deletion Norm violation Backdoor By user in violation of contract or policy

4 The Government’s Claim Korn/Ferry computer Confidential information and trade secrets Authorized access by users logging in with their credentials Transfer to a competitor This is a crime, in addition to this

5 Information relevant to national security? NoYes 1030(a)(1) Intentionally & causing damage? Yes 1030(a)(5)(A) No Intent to defraud? Yes No 1030(a)(4) Obtaining information? YesNo 1030(a)(2) Governmental computer? YesNo Recklessly & causing damage? 1030(a)(3) YesNo 1030(a)(5)(B) Causing damage? YesNo 1030(a)(5)(C) A bit more Without or exceeds authorization Without authorization 1030(a)(3)

6 18 USC 1030(a)(4) Whoever “[1] knowingly and with intent to defraud, accesses a protected computer [2] without authorization, or exceeds authorized access, and [3] by means of such conduct furthers the intended fraud and obtains anything of value” commits a crime unless [4] the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period”. Everything is clearly fulfilled—except the “exceeds authorized access” condition.

7 The Definition The meaning of "exceeds authorized access" is:  "to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter." 18 U.S.C. 1030(e)(6). “The government reads ‘so’ to mean ‘in that manner,’ which it claims must refer to use restrictions.” The claim is that the use restrictions are given in the contract and the notice.

8 The Consequence The owner of a computer or network can criminalize accessing a computer by prohibiting certain uses of the information the accesser obtains. The court finds this objectionable.

9 The Court’s Concern “... the computer gives employees new ways to procrastinate, by g-chatting with friends, playing games, shopping or watching sports highlights. Such activities are routinely prohibited by many computer-use policies, although employees are seldom disciplined for occasional use of work computers for personal purposes. Nevertheless,...such minor dalliances would become federal crimes.”

10 Types of Unauthorized Access Access with credentials Guessed Access without credentials No explicit, specific notice Stolen Explicit, specific notice Types of unauthorized access Vulnerability Cookie deletion Norm violation Backdoor By user in violation of contract or policy Not a crime, but trespass?

11 A More Borderline Example Sally runs a free social networking site in which users must register and obtain an account. The Terms of Use agreement allows only one account per user, and prohibits commercial activity. Joe signs up for an account and uses the site to sell his products. In response to complaints about this commercial use, Sally bans Joe’s account. Joe opens new account with a new name, and he then uses the new account to sell his products. This time, however, Joe acts in ways that keep complaints to a minimum, and Sally is never notified that Joe is back using the site. A crime? Or just breach of contract?

12 The Nosal Court’s Objections “Employer-employee and company-consumer relationships are traditionally governed by tort and contract law; the government's proposed interpretation of the CFAA allows private parties to manipulate their computer-use and personnel policies so as to turn these relationships into ones policed by the criminal law.”

13 The Nosal Court’s Objections “Significant notice problems arise if we allow criminal liability to turn on the vagaries of private polices that are lengthy, opaque, subject to change and seldom read. Consider the typical corporate policy that computers can be used only for business purposes.”

14 The Nosal Court’s Objections “What exactly is a "nonbusiness purpose"? If you use the computer to check the weather report for a business trip? For the company softball game? For your vacation to Hawaii? And if minor personal uses are tolerated, how can an employee be on notice of what constitutes a violation sufficient to trigger criminal liability?”

15 The Nosal Court’s Objections “website owners retain the right to change the terms at any time and without notice. Accordingly, behavior that wasn't criminal yesterday can become criminal today without an act of Congress, and without any notice whatsoever.”

Download ppt "United States v. Nosal. The Nosal Fact Pattern Korn/Ferry computer Confidential information and trade secrets Authorized access by users logging in with."

Similar presentations

Technology: Unethical Behavior and Its Consequences Prepared by Tami Genry March 2004.

Technology: Unethical Behavior and Its Consequences Prepared by Tami Genry March 2004.
Acceptable Use of Computer and Network Resources Jim Conroy Acting Director, Academic Computing Services September 9, 2013.

Acceptable Use of Computer and Network Resources Jim Conroy Acting Director, Academic Computing Services September 9, 2013.
Confidentiality and HIPAA

Confidentiality and HIPAA
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) 252-9321; Victoria Nemerson.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
1 Social Media: Strategy and Implementation Are you protected? Amy D. Cubbage & Cynthia L. Effinger.

1 Social Media: Strategy and Implementation Are you protected? Amy D. Cubbage & Cynthia L. Effinger.
1 ENFORCING SOCIAL MEDIA AND COMPUTER USAGE POLICIES Haley R. Van Loon BrownWinick 666 Grand Avenue, Suite 2000 Des Moines, IA 50309-2510 Telephone: 515-248-6625.

1 ENFORCING SOCIAL MEDIA AND COMPUTER USAGE POLICIES Haley R. Van Loon BrownWinick 666 Grand Avenue, Suite 2000 Des Moines, IA Telephone:
EXAMINING CYBER/COMPUTER LAW BUSINESS LAW. EXPLAIN CYBER LAW AND THE VARIOUS TYPES OF CYBER CRIMES.

EXAMINING CYBER/COMPUTER LAW BUSINESS LAW. EXPLAIN CYBER LAW AND THE VARIOUS TYPES OF CYBER CRIMES.
Risk Management a Case Study DATALAWS Information Technology Law Consultants Presented by F. F Akinsuyi (MSc, LLM)MBCS.

Risk Management a Case Study DATALAWS Information Technology Law Consultants Presented by F. F Akinsuyi (MSc, LLM)MBCS.
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
Access to Electronic Media Acceptable Use Policy August 8, 2011 Meece Middle School.

Access to Electronic Media Acceptable Use Policy August 8, 2011 Meece Middle School.
Chapter 10 White-Collar and Organized Crime. Introduction ► White-collar crimes – criminal offenses committed by people in upper socioeconomic strata.

Chapter 10 White-Collar and Organized Crime. Introduction ► White-collar crimes – criminal offenses committed by people in upper socioeconomic strata.
Nicholas Beckworth Annie Billings Steven Blair Nimmida Kulwattanasopon Thomas Wootten.

Nicholas Beckworth Annie Billings Steven Blair Nimmida Kulwattanasopon Thomas Wootten.
Class 13 Internet Privacy Law European Privacy.

Class 13 Internet Privacy Law European Privacy.
Yes No Yes No Yes No Yes No Yes No Yes No Yes No.

Yes No Yes No Yes No Yes No Yes No Yes No Yes No.
Hofstra University Zarb School of Business Department of Accounting, Taxation, and Legal Studies ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Assistant Professor Glen.

Hofstra University Zarb School of Business Department of Accounting, Taxation, and Legal Studies ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Assistant Professor Glen.
Four tips to mitigate Mobile fraud in the future.

Four tips to mitigate Mobile fraud in the future.
Presented By: Stephanie R. Taylor ESTATE PLANNING FOR DIGITAL ASSETS R ANDALL |D ANSKIN A Professional Service Corporation.

Presented By: Stephanie R. Taylor ESTATE PLANNING FOR DIGITAL ASSETS R ANDALL |D ANSKIN A Professional Service Corporation.
General Awareness Training

General Awareness Training
Security Policies University of Sunderland CSEM02 Harry R. Erwin, PhD.

Security Policies University of Sunderland CSEM02 Harry R. Erwin, PhD.

Similar presentations

Ads by Google