September 10, 2012

PC Advisor quotes Todd Horn about anti-hacking case

2 min

PC Advisor quoted Venable partner Todd Horn in an article on September 6, 2012 about a recent ruling by an appeals court determining that an employee who used his "valid computer access rights" to obtain data from his employer, WEC Carolina Energy Solutions, was not in violation of the Computer Fraud and Abuse Act (CFAA), a federal anti-hacking law. The article references two similar CFAA-related cases in which the accused employees were acquitted.

Horn commented on the anti-hacking cases, saying "The decisions make it much harder for companies in the jurisdictions of the two appellate courts to use the CFAA to prosecute rogue insiders. The rulings show why it is more important than ever for companies to ensure that their computer use and access policy is as robust as possible and not boilerplate." He suggested, however, that "The door isn't completely shut" and that "a company's policy could specifically make it illegal for an employee to access company data on behalf of outsiders. Any employee who violated such a policy would likely be on the hook under CFAA." He added that "companies should review their polices to close any loopholes that might allow rogue insiders to escape prosecution under CFAA."

Offering alternative methods for prosecuting rogue insiders, Horn concluded that "companies also have state and common law cases they can use to go after rogue insiders. Other appellate courts have allowed CFAA to be used in similar prosecutions against rogue insiders."