United States v. Nosal, No. 14-10037 (9th Cir. 2016)
Annotate this CaseDefendant conspired with former Korn/Ferry employees whose user accounts had been terminated, but who nonetheless accessed trade secrets in a proprietary database through the back door when the front door had been firmly closed. The court concluded that defendant knowingly and with intent to defraud Korn/Ferry blatantly circumvented the affirmative revocation of his computer system access. This access falls squarely within the Computer Fraud and Abuse Act's (CFAA), 18 U.S.C. 1030, prohibition on access “without authorization.” The court concluded that “without authorization” is an unambiguous, non-technical term that, given its plain and ordinary meaning, means accessing a protected computer without permission. Therefore, the court affirmed defendant’s conviction for violations of section 1030(a)(4) of the CFAA. The court also affirmed defendant's convictions under the Economic Espionage Act (EEA), 18 U.S.C. 1832(a)(2) -(a)(4), for downloading, receiving and possessing trade secrets in the form of source lists from the former employer's database. The court vacated in part and remanded the restitution order for reconsideration of the reasonableness of the attorneys’ fees award.
Court Description: Criminal Law. The panel affirmed convictions for knowingly and with intent to defraud accessing a protected computer “without authorization,” in violation of the Computer Fraud and Abuse Act (CFAA), and for trade secret theft, in violation of the Economic Espionage Act (EEA); and vacated in part and remanded the restitution order for reconsideration of the reasonableness of the attorneys’ fees award. The panel held that the defendant, a former employee whose computer access credentials were revoked, acted “without authorization” in violation of the CFAA when he or his former employee co-conspirators used the login credentials of a current employee to gain access to computer data owned by the former employer and to circumvent the revocation of access. The panel rejected the defendant’s contentions regarding jury instructions and sufficiency of the evidence in connection with the CFAA counts, as well as his sufficiency-of-the-evidence, instructional, and evidentiary challenges to his EEA convictions for trade secret theft. The panel determined that the restitution order was within the bounds of the statutory framework set forth in the Mandatory Victim Restitution Act, rejecting the defendant’s contention that the award is invalid because it exceeds the actual loss that the district court determined for purposes of the Sentencing Guidelines. Reviewing for abuse of discretion UNITED STATES V. NOSAL 3 the district court’s decision to award nearly $1 million, the panel remanded for the district court to reconsider the reasonableness of the award with respect to the defendant’s former employer’s attorneys’ fees. Dissenting, Judge Reinhardt wrote that this case is about password sharing, and that in his view, the CFAA does not make the millions of people who engage in this ubiquitous, useful, and generally harmless conduct into unwitting federal criminals.
Some case metadata and case summaries were written with the help of AI, which can produce inaccuracies. You should read the full case before relying on it for legal research purposes.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.