Terms of service violations not a crime, appeals court rules

Violating an employer's computer use policy or a website's terms of service is not a hacking crime covered by US statutes, a federal appeals court ruled. The US Ninth Circuit Court of Appeals made the determination in a criminal case filed against a former employee of an executive search firm who convinced some of his former colleagues to use their login credentials to download names and contact data from the company's confidential database.

Federal prosecutors indicted him on charges involving trade-secret theft, mail fraud, and conspiracy, in addition to violations of the 1984 Computer Fraud and Abuse Act (CFAA), which outlaws computer use that "exceeds authorized access." A lower court judge dismissed the CFAA charges on grounds that employees were legally authorized to access the database and only violated the employer's restriction on the way the information could be used. A majority of judges hearing an appeal of that dismissal upheld the decision, arguing that to hold otherwise would criminalize even casual terms of service violations imposed by social networking services, online retailers, and search engines.