Computer Crime Control Act Does Not Exclude Whistleblowers | #itsecurity | #infosec


Until recently, multiple logons to Facebook on a work computer not only dismissed the worker, but in theory up to 10 years if charged under the Computer Fraud and Abuse Act (“CFAA”). I was put in jail. Workers who push the boundaries of doing personal business with company assets are relieved to hear that employers may penalize illegal activities but will not be prosecuted under CFAA. To do. On June 3, 2021, the Supreme Court ruled 6 to 3 and received $ 5,000 instead of searching the Georgia Crime Information Center database to see if there were any exotic dancers. Former Georgia police officer Overturned the CFAA conviction of Nathan Van Buren. Masked police officer. Van Buren vs. United States, 141 S.Ct. 1648 (2021). Van Buren’s receipt of bribes for misusing authorized computer access was a serious breach of public trust and was separately charged as an honest service transfer fraud, but banned from accepting bribes. His conviction under the criminal law was overturned for another reason. In this case, the court may prosecute the same condemnation under the CFAA, such as “decorating an online dating profile” or “using a pseudonym on Facebook”, which is commonplace on the employer’s computer. He acknowledged that it poses a serious risk to the average American in business. , “Or” Check your sports score or pay an invoice. ” Id.. At 1661-62.

The court did not mention it, but the threat of proceedings under CFAA, and even the threat of prosecution, is for whistleblowers and other potential claimants to prove that the employer was involved in the fraud. It has been used as a tool to prevent the collection of necessary documents and information. Infringed their rights. The court’s refusal to apply the CFAA’s widespread application prompted by the government reassures employers that they will have a much harder time using CFAA to cool whistleblower activity. must.

Circuit division related to the Computer Crime Control Law

The CFAA, enacted in 1986, is commonly used by the government to prosecute hacking attempts. This is the most obvious form of unauthorized access, and in this respect the law is successful and useful. However, some CFAAs are intended for individuals who “access a computer without permission and use such access to obtain or change information in the computer that the accessor is not entitled to obtain or change.” 18 USC § 1030 (e) (6). Circuit splitting occurred when an individual “exceeded allowed access” was determined in a way that triggered CFAA. The 1st, 5th, 7th, and 11th Circuit Courts have determined that they will access the computer with permission, but for improper purposes (for example, a police officer conducting a background check on his daughter’s boyfriend). If yes) is a CFAA violation. The 2nd, 4th, and 9th Circuits decided that the permit would only be exceeded if an individual accessed information that was prohibited, and chose a narrower interpretation (for example, the police). When an official borrows the credentials of a colleague to access the evidence log).

Supreme Court side with broader interpretation of computer crime control law

In a majority opinion written by Judge Amy Coney Barrett, the Supreme Court supports the Second, Fourth, and Ninth Circuits and advocates opposition to a broader interpretation. The court said that including the word “so” in the statutory definition of “beyond permitted access” means that the phrase “not eligible to obtain” is read to refer to information that a person is not eligible to obtain. I decided that it means that is the best. He is using a computer that he is authorized to access. ” Van Buren, 141 S.Ct. At 1654-55 (analysis of the word “so”).

After omitting the government’s allegations regarding the definitions of “righted” and “yes,” the court found that the criminalization of a wide range of common computer activities illegal under the government’s interpretation was “validity” of that interpretation. Emphasize. ” Van Buren, 141 S.Ct. At 1661-62. The CFAA is not intended to criminalize acts such as checking personal emails on a company’s computer, and allowing prosecution for improper use of authorized access would result in improper use of the company’s computer. Even with heavy use, these normal uses can be criminalized. In disagreement, Judge Clarence Thomas, with the addition of Judge John Roberts and Judge Samuel Alito, focused on the definition of “qualified,” and CFAA’s plain language describes these mundane computer activities. We conclude that it is wide enough to include. Van Buren, 141 S.Ct. 1664 (Thomas, J. Opposite). Judge Thomas further commented that the shock to the amount of criminalized acts did not give the court the right to rewrite the legislation. Id. at 1668-69 (Thomas, J. Opposition).

The ruling protects whistleblowers who collect evidence of claims against their employers

This decision not only protects the average American from enthusiastic prosecutors and convicted employers, but also protects whistleblowers and other employees who make claims against their employers. To make any kind of claim (discrimination, retaliation, or unpaid wages) against an employer, the employee must collect evidence to support the claim and submit SEC tips under the Fraudulent Claims Act. Or the whistleblower must file a proceeding. Get evidence to prove the fraud they report. Whistleblowers, especially those reporting fraud, are well established to have access to the documents necessary to prove and claim fraud from their employer. See, for example, Former US Relations Yesdian vs Howard University, 153 F.3d 731, 740 (DCCir. 1998) (citing plaintiffs collecting evidence and documents as an FCA-protected activity), but too much information to obtain. I had an open question. For example, JDS Uniphase Corp.v. See Jennings., 473 F. Supp.2d 697, 703-704 (EDVa. 2007) (California law applies) (SOX claims that it is not a license to steal documents and break contracts, and copying and sending documents is SOX The situation to be protected under the law, and showing that the document would have been destroyed would demonstrate rationality); Xyngular Corporation v. Schenkel, 200 F. Supp.3d 1273, 1318 (D. Utah 2016) (Defendant’s “Intentional and improper acquisition of documents supporting his allegations in the expected proceedings is not exempt from separate whistleblower activities.” I found that).

Before the decision Van Buren, In addition to relying on trade secrets, employers file counterclaims against whistleblower plaintiffs under the CFAA, claiming that whistleblowers “exceeded permitted access” when obtaining documents. There is a possibility. Siebertv. See GeneSecurityNetwork, Inc., 2013 WL 5645309 (ND Cal. October 16, 2013) (Quote United States vs. nose, 676 F.3d 854 (2012 9th Circuit Court of Appeals) and dismissal of counterclaim for exceeding permitted access); Erhartv. BofiHolding, Inc., 387 F.Supp.3d 1046 (SDCal. 2019) (Ask if employees are allowed access); Ahlersv. See also CFMOTOPowersports, Inc., 2014 WL 2574747 (D. Minn. June 9, 2014); Direct Supply, Inc.v. Pedersen, 2011 WL 1131092 (ED Wis. March 28, 2011). By threatening or filing a CFAA counterclaim, the whistleblower not only lost his job due to protected activities, but was also liable to collect sufficient evidence to prove her allegations. Employers can cool whistleblowers because they can face them.

The ruling puts restrictions on counterclaims against whistleblowers

Van Buren Remove CFAA from the retaliatory employer’s tool belt. Trade secrets law still provides employers with strong protection against employees who attempt to misuse their former employer’s proprietary information for personal financial gain, while trade secrets law states that CFAA’s ” It applies in much narrower situations than the “Beyond Allowed Access” part.No restrictions imposed by Van BurenA whistleblower who mistakenly took documents unrelated to her allegations said that her employer had taken the documents for “inappropriate” purposes, even though she granted access to those documents. You may be held liable because you may make a claim. Whistleblowers are involved in unexpected proceedings related to evidence-gathering efforts by limiting CFAA to situations where employees do not have authorized access to documents (such as borrowing a colleague’s login information). The risk is greatly reduced. ..

What whistleblowers need to know when collecting evidence of criminal activity

because Van Buren The ruling applies to both criminal and civil proceedings, and not only protects whistleblowers in the private sector, but also fears being prosecuted for obtaining government documents and exposing government fraud. Also useful for whistleblowers. The government is not plagued by its ability to prosecute illegal and whistleblower-free acts. The government is against transfer fraud and sincere service fraud Van Buren case. This means that the government can still prosecute government officials who have abused authorized government access for personal gain.

Potential whistleblowers, or anyone seeking to file a claim against their employer, should be aware of the following: Van Buren You can prevent an employer from accusing an employee of improper use of authorized access, but due to such improper use, especially if the employer violates the company’s prescribed policies. It does not prevent employees from being dismissed. Even if the dismissal proves to be an illegal and discriminatory reason, if the employer learns that she has used the company’s assets improperly after the employee has been torted, “after acquisition” The “evidence of evidence” principle may limit employee recovery against tort claims. And if it knew of her misconduct, you could prove that it would have fired her for that reason. look McKennon vs Nashville Banner Pub.Ltd, 513 US 352 (1995)..

Employees making claims against their employers still face obstacles in carrying out their claims without the risk of employer counterclaims, Van Buren It ensures the justice of those whose rights have been violated and eliminates major barriers to combating fraud against investors, governments, and the general public.



Original Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

6 + three =