United States v. Nosal
| United States of America v. David Nosal | |
|---|---|
| Court | United States Court of Appeals for the Ninth Circuit |
| Full case name | United States of America v. David Nosal |
| Argued | February 14th 2011 |
| Decided | April 28th 2011 |
| Holding | |
| The court held that employees who violate the computer use policies of their employers have not "exceeded their authorization" for the purposes of prosecution under the Computer Fraud and Abuse Act ("CFAA"), 18 U.S.C. § 1030. | |
| Court membership | |
| Judges sitting | Diarmuid F. O'Scannlain, Stephen S. Trott, and Tena Campbell |
| Case opinions | |
| Majority | Judge O'Scannlain, Judge Trott |
| Dissent | Judge Campbell |
| Laws applied | |
| Computer Fraud and Abuse Act ("CFAA"), 18 U.S.C. § 1030 | |
United States v. Nosal, 676 F.3d 854 (9th Cir. 2012) was a United States Court of Appeals for the Ninth Circuit decision dealing with the scope of criminal prosecutions of former employees under the Computer Fraud and Abuse Act (CFAA). The Ninth Circuit's first ruling (Nosal I) established that employees have not "exceeded authorization" for the purposes of the CFAA if they access a computer in a manner that violates the company's computer use policies—if they are authorized to access the computer and do not circumvent any protection mechanisms.
On April 24, 2013, U.S. Attorney Melinda Haag announced that Nosal was convicted by a federal jury of all charges contained in a six-count indictment. Nosal appealed his conviction to the Ninth Circuit. On July 5, 2016, a three-judge panel held 2-1 that Nosal had acted "without authorization" and affirmed his conviction. In this second decision (Nosal II), the Ninth Circuit attempted to clarify the meaning of "without authorization" in the context of the CFAA.