In April 2012, the Ninth Circuit Court of Appeals issued an important decision that disloyal employees who access workplace computers in violation of corporate policy do not break federal anti-hacking law.
In United States v. Nosal, an ex-employee of an executive recruiting firm was prosecuted on the theory that he induced current company employees to use their legitimate credentials to access the company's proprietary database and provide him with information in violation of corporate computer-use policy. The government claimed that the violation of this private policy was a violation of the Computer Fraud and Abuse Act (CFAA). Following a decision issued in 2009 by the Ninth Circuit, the district court ruled that violations of corporate policy are not equivalent to violations of federal computer crime law.
The government appealed to the Ninth Circuit, where EFF argued in an amicus brief that turning mere violations of company policies into computer crimes could potentially create a massive expansion of the CFAA turning millions of law-abiding workers into criminals. In April 2011 a three-judge panel ruled that an employee violates the CFAA when she uses a computer in way that violates an employer's restrictions, but the Ninth Circuit later agreed to rehear the case. On April 10, 2012, the en banc court ruled 9-2 that running afoul of a corporate computer use restriction does not violate the CFAA.