Quite interesting facts and legal issue of defining what is "without authorisation". In the US, an employee used his employer's computer to access personal information that he then deleted. The seventh circuit court found it was hacking but the ninth circuit court rejected the interpretation. I quote from TechDirt:
"In declining to adopt the Seventh Circuit's interpretation of "without authorization," the court held that a "person uses a computer 'without authorization'... [only] [1] when the person has not received permission to use the computer for any purpose (such as when a hacker accesses someone's computer without any permission), or [2] when the employer has rescinded to access the computer and the defendant uses the computer anyway."... The Ninth Circuit declined to hold that the "defendant's authorization to obtain information stored in a company computer is 'exceeded' if the defendant breaches a state law duty of loyalty to an employer" because no such language was found in the CFAA.... The Ninth Circuit noted that because the CFAA was "primarily a criminal statute," and because there was ambiguity as to the meaning of the phrase "without authorization," it would construe any ambiguity against the government.... "
Compared with the UK, I thought of the Brown case where two police officers accessed the database (vehicle registration) for personal purposes, and then the Alison case in similar fashion: originally, the courts found there was no hacking; but the HL in Alison considered that "without authorisation" meant that without authorisation for the purpose involved.
Applied to the UK, the comment would meant that the HL got it wrong? I would disagree
"Courts Stretching Computer Hacking Law In Dangerous Ways" TechDirt, 18 March 2010
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment