{"title":"当断路器跳闸时:重置CFAA以打击流氓员工访问","authors":"Obie C. Okuh","doi":"10.2139/SSRN.1712950","DOIUrl":null,"url":null,"abstract":"This article focuses on the narrow question of whether the Computer Fraud & Abuse Act (18 U.S.C. § 1030 et. seq) should be available to a private-sector employer as a vehicle to litigate classic employee misappropriation cases when such employee’s conduct does not result in damage to the employer’s electronic system, computer's circuitry or programming, or interruption of service. The current circuit split regarding the construction and application of the CFAA’s access authorization provisions to employment cases has meant that an employer’s likely recovery under the statute depends in most instances upon factors external to the employee’s alleged conduct and more on whether and to what extent the court in a particular jurisdiction is willing to voyage into the subjective mindset of the employee during the alleged conduct.After examining legislative history of the CFAA, this article argues that the original intent of Congress was to target legislation against outside hackers, and employees of the company were not originally contemplated within the reach of the statute. However, as computer crimes became more sophisticated, Congress took steps to increase protection for owners of commercial information by factoring employee access into the CFAA provisions, albeit without crafting the amendments properly. Further, the article explains the theoretical underpinnings of the circuit split and argues that the split reflects divergent views on how to apply theories of contract, agency, and code-based approaches to the concept of “authorization” within the cyber security and computer information system context. While proffering a draft amendment to the statute, this article concludes by urging law makers or courts to 1) eliminate or exempt the “exceeding authorization” analysis when applying the statute to classic employee misappropriation cases; 2) end inquiries that focus on the employee’s subjective intent at the time of the access or the employee’s subsequent use of the information obtained; and 3) focus strictly on the unauthorized nature of the employee’s intrusion upon the employer’s protected computer information – this strict approach should render an employer’s inability to prove the employee’s breach of explicit contractual prohibition or a trespass of system code an automatic bar to recovery under the statute.","PeriodicalId":177971,"journal":{"name":"Economic Perspectives on Employment & Labor Law eJournal","volume":"7 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"When Circuit Breakers Trip: Resetting the CFAA to Combat Rogue Employee Access\",\"authors\":\"Obie C. Okuh\",\"doi\":\"10.2139/SSRN.1712950\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This article focuses on the narrow question of whether the Computer Fraud & Abuse Act (18 U.S.C. § 1030 et. seq) should be available to a private-sector employer as a vehicle to litigate classic employee misappropriation cases when such employee’s conduct does not result in damage to the employer’s electronic system, computer's circuitry or programming, or interruption of service. The current circuit split regarding the construction and application of the CFAA’s access authorization provisions to employment cases has meant that an employer’s likely recovery under the statute depends in most instances upon factors external to the employee’s alleged conduct and more on whether and to what extent the court in a particular jurisdiction is willing to voyage into the subjective mindset of the employee during the alleged conduct.After examining legislative history of the CFAA, this article argues that the original intent of Congress was to target legislation against outside hackers, and employees of the company were not originally contemplated within the reach of the statute. However, as computer crimes became more sophisticated, Congress took steps to increase protection for owners of commercial information by factoring employee access into the CFAA provisions, albeit without crafting the amendments properly. Further, the article explains the theoretical underpinnings of the circuit split and argues that the split reflects divergent views on how to apply theories of contract, agency, and code-based approaches to the concept of “authorization” within the cyber security and computer information system context. While proffering a draft amendment to the statute, this article concludes by urging law makers or courts to 1) eliminate or exempt the “exceeding authorization” analysis when applying the statute to classic employee misappropriation cases; 2) end inquiries that focus on the employee’s subjective intent at the time of the access or the employee’s subsequent use of the information obtained; and 3) focus strictly on the unauthorized nature of the employee’s intrusion upon the employer’s protected computer information – this strict approach should render an employer’s inability to prove the employee’s breach of explicit contractual prohibition or a trespass of system code an automatic bar to recovery under the statute.\",\"PeriodicalId\":177971,\"journal\":{\"name\":\"Economic Perspectives on Employment & Labor Law eJournal\",\"volume\":\"7 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-07-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Economic Perspectives on Employment & Labor Law eJournal\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.2139/SSRN.1712950\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Economic Perspectives on Employment & Labor Law eJournal","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.2139/SSRN.1712950","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
When Circuit Breakers Trip: Resetting the CFAA to Combat Rogue Employee Access
This article focuses on the narrow question of whether the Computer Fraud & Abuse Act (18 U.S.C. § 1030 et. seq) should be available to a private-sector employer as a vehicle to litigate classic employee misappropriation cases when such employee’s conduct does not result in damage to the employer’s electronic system, computer's circuitry or programming, or interruption of service. The current circuit split regarding the construction and application of the CFAA’s access authorization provisions to employment cases has meant that an employer’s likely recovery under the statute depends in most instances upon factors external to the employee’s alleged conduct and more on whether and to what extent the court in a particular jurisdiction is willing to voyage into the subjective mindset of the employee during the alleged conduct.After examining legislative history of the CFAA, this article argues that the original intent of Congress was to target legislation against outside hackers, and employees of the company were not originally contemplated within the reach of the statute. However, as computer crimes became more sophisticated, Congress took steps to increase protection for owners of commercial information by factoring employee access into the CFAA provisions, albeit without crafting the amendments properly. Further, the article explains the theoretical underpinnings of the circuit split and argues that the split reflects divergent views on how to apply theories of contract, agency, and code-based approaches to the concept of “authorization” within the cyber security and computer information system context. While proffering a draft amendment to the statute, this article concludes by urging law makers or courts to 1) eliminate or exempt the “exceeding authorization” analysis when applying the statute to classic employee misappropriation cases; 2) end inquiries that focus on the employee’s subjective intent at the time of the access or the employee’s subsequent use of the information obtained; and 3) focus strictly on the unauthorized nature of the employee’s intrusion upon the employer’s protected computer information – this strict approach should render an employer’s inability to prove the employee’s breach of explicit contractual prohibition or a trespass of system code an automatic bar to recovery under the statute.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
