David Nosal was convicted of hacking. That’s not an altogether rare occurrence, but there’s a catch: He never broke into a computer.
Nosal was charged under the same statute that Aaron Swartz was facing when he took his life, 1984’s Computer Fraud and Abuse Act (CFAA). Swartz used MIT’s access to JSTOR to download millions of academic papers and other documents.
Nosal’s two-week trial ended after two days of deliberation with a conviction on all counts, despite the fact that he had hacked nothing whatsoever.
Wired’s David Kravets explained that the jury found Nosal “coaxed, sometimes through monetary payments, his former colleagues at Los Angeles-based executive search firm Korn/Ferry International to access the firm’s proprietary database and provide him with trade secrets to help him build a competing firm. Those associates cooperated with the government and were not charged.”
Nosal is culpable under section A4 of the act and is subject to a sentence of up to five years in prison for each count.
“Whoever… knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value.”
The CFAA is notorious for its vague and out-of-date language and for the prosecutions that have taken place because of it.
Under its tenets, Andrew Auernheimer, known online as “Weev,” received a three-and-a-half-year sentence for “hacking,” despite having maintained he discovered the email addresses he was alleged to have stolen from Apple were publicly available online. Reuters former social media editor Matthew Keys was charged under the act with three counts for providing members of the hacking collective anonymous with login credentials for a news station server.
Nosal’s attorneys believe the way the act has been applied is legally faulty and have filed a motion asking the judge to drop the charges on that basis. He has a hearing on that movement in May.
H/T Wired | Illustration by Jason Reed