Not a Lexis Advance subscriber? Try it out for free.

United States v. Nosal

United States Court of Appeals for the Ninth Circuit

December 15, 2011, Argued and Submitted, San Francisco, California; April 10, 2012, Filed

No. 10-10038


 [*856]  KOZINSKI, Chief Judge:

Computers have become an indispensable part of our daily lives. We use them for work; we use them for play. Sometimes we use them for play at work. Many employers have adopted policies prohibiting the use of work computers for nonbusiness purposes. Does an employee who violates such a policy commit a federal crime? How about someone who violates the terms of service of a social networking website? This depends on how broadly we read the Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030.


David Nosal used to work for Korn/Ferry, an executive search firm. Shortly after he left the company, he convinced some  [**3] of his former colleagues who were still working for Korn/Ferry to help him start a competing business. The employees used their log-in credentials to download source lists, names and contact information from a confidential database on the company's computer, and then transferred that information to Nosal. The employees were authorized to access the database, but Korn/Ferry had a policy that forbade disclosing confidential information.1 The government indicted Nosal on twenty counts, including trade secret theft, mail fraud, conspiracy and violations of the CFAA. The CFAA counts charged Nosal with violations of 18 U.S.C. § 1030(a)(4), for aiding and abetting the Korn/Ferry employees in "exceed[ing their] authorized access" with intent to defraud.

Nosal filed a motion to dismiss the CFAA counts, arguing that the statute targets only hackers, not individuals who access a computer with authorization but then misuse information they obtain by means of such access. The district court initially rejected Nosal's argument, holding that  [**4] when a person accesses a computer "knowingly and with the intent to defraud . . . [it] renders the access unauthorized or in excess of authorization." Shortly afterwards, however, we decided LVRC Holdings LLC v. Brekka, 581 F.3d 1127 (9th Cir. 2009), which construed narrowly the phrases "without authorization" and "exceeds authorized access" in the CFAA. Nosal filed a motion for reconsideration and a second motion to dismiss.

The district court reversed field and followed Brekka's guidance that ] "[t]here is simply no way to read [the definition of 'exceeds authorized access'] to incorporate corporate policies governing use of information unless the word alter is interpreted to mean misappropriate," as "[s]uch an interpretation would defy the plain meaning of the word alter, as well as common sense." Accordingly, the district court dismissed counts 2 and 4-7 for failure to state an offense. The government appeals. We have jurisdiction over this interlocutory appeal. 18 U.S.C. § 3731; United States v. Russell, 804 F.2d 571, 573 (9th Cir. 1986). We review de novo. United States v. Boren, 278 F.3d 911, 913 (9th Cir. 2002).

Read The Full CaseNot a Lexis Advance subscriber? Try it out for free.

Full case includes Shepard's, Headnotes, Legal Analytics from Lex Machina, and more.

676 F.3d 854 *; 2012 U.S. App. LEXIS 7151 **; 36 I.E.R. Cas. (BNA) 865

UNITED STATES OF AMERICA, Plaintiff-Appellant, v. DAVID NOSAL, Defendant-Appellee.

Subsequent History: Motion granted by, in part, Motion denied by, in part United States v. Nosal, 2013 U.S. Dist. LEXIS 28582 (N.D. Cal., Mar. 1, 2013)

Prior History:  [**1] Appeal from the United States District Court for the Northern District of California. D.C. No. 3:08-cr-00237-MHP-1. Marilyn H. Patel, Senior District Judge, Presiding.

United States v. Nosal, 2010 U.S. Dist. LEXIS 24359 (N.D. Cal., Jan. 5, 2010)United States v. Nosal, 642 F.3d 781, 2011 U.S. App. LEXIS 8660 (9th Cir. Cal., 2011)

Disposition: AFFIRMED.


exceeds, authorization, accesses, violations, employees, intent to defraud, database, unauthorized, policies, terms, term of service, exceeded, knowingly, notice, use restriction, district court, misappropriation, purposes, hacking, visited, counts, criminal liability, federal crime, co-conspirators, indictment, Internet, hackers, website, courts, eBay

Computer & Internet Law, Criminal Offenses, Computer Fraud & Abuse Act, Criminal Law & Procedure, Fraud, Computer Fraud, General Overview, Elements, Evidence, Inferences & Presumptions, Presumptions, Governments, Courts, Common Law, Federal Government, US Congress, Legislation, Interpretation, Interpretation, Rule of Lenity