You may want to tell your boss to take your job and shove it, but if you’re thinking of logging on one last time to wreak some havoc or raid the company’s trade secrets then think again.
Over the summer, a federal court of appeals interpreted California law in a way that makes it a crime for you to access your employer’s computer systems and take, copy, or use the data without permission. Although the federal court’s interpretation doesn’t bind the state’s courts, it may influence them until the state’s supreme court says otherwise.
The appeal was brought by six defendants after their convictions for racketeering and illegal wiretapping. The defendants were convicted of running, working for, or doing business with a private-investigations agency that provided illegal services. The agency bribed local police officers to access confidential law-enforcement databases, and it bribed phone-company employees to illegally wiretap people and record their calls. The government called it a criminal enterprise under the Racketeer Influenced and Corrupt Organizations (“RICO”) statute, and the jury agreed. See 18 U.S.C. §§ 1961-68.
The defendants lost most of their arguments on appeal, but one stuck.
The defendants argued that some of their convictions couldn’t stand because they were based on violations of a federal anti-hacking statute, and the defendants hadn’t hacked into any computers. See 18 U.S.C. § 1030.
That part was true. Three years ago, the same court that heard their appeal had construed section 1030 to punish unauthorized access to information (like hacking into a computer) but not unauthorized use of that information by someone who had authorized access. In that case, the court reversed the conviction of a man who raided his employer’s data in order to start a competing business. See United States v. Nosal, 676 F.3d 854 (9th Cir. 2012) (en banc). He may have been guilty of other charges, the court had held, but he couldn’t be guilty of violating section 1030. So here, too, the court reversed those convictions.
Other convictions, however, were based on violations of state law, and that was different. See Cal. Pen. Code § 502. The court held that section 502 doesn’t just punish people for hacking into or harming computers, networks, or data. It also punishes knowingly accessing such systems and then taking, copying, or using data without permission. See id. § 502(c)(2). So the focus is not just hacking but theft or misappropriation as well.
The court noted that California law was not settled on that point. Compare Chrisman v. City of L.A. (2007) 155 Cal. App. 4th 29, 34-37 (finding that section 502 was primarily an anti-hacking statute) with Gilbert v. City of Sunnyvale (2005) 130 Cal. App. 4th 1264, 1281 (interpreting section 502(c)(2) to restrict use and not just access) and People v. Hawkins (2002) 98 Cal. App. 4th 1428, 1440-43 (same).
But until the California Supreme Court decides otherwise, California prosecutors may well charge you criminally for misusing your computer access at work.
So don’t get it twisted, sister. But more on that next week.