A few months ago, you may remember, I blogged about two U.S. court rulings concerning the applicability of several different federal software-related-theft laws. The first involved the 2008 indictment of David Nosal on (among other charges) violations of the Computer Fraud and Abuse Act (CFAA). Nosal was charged in part for convincing his colleagues to use “their log-in credentials to download source lists, names and contact information from a confidential database” belonging to his former employer allegedly for the purposes of aiding the start-up of a new competing company Nosal had created.
A 9 to 2 ruling (pdf) from the United States Court of Appeals for the Ninth Circuit, which was preceded by some epic legal wrangling, essentially said that the language in the CFAA was aimed at “the circumvention of technological access barriers” protecting an IT system rather than for the misappropriation of information residing there by someone who had permission to use the system. As a result, Nosal’s indictment under the CFAA was thrown out. The Appeals Court suspended its ruling until 8 August in order to give the U.S. Department of Justice (DoJ) time to file an appeal to the U.S. Supreme Court.
Last week, the DoJ decided that it would not appeal the decision, reports a CNBC story. One reason may be, as a story in Wired argues, that the U.S. military is prosecuting Pfc. Bradley Manning for the Wikileaks leaks under the CFAA. The Wired story states that the Ninth Circuit ruling “conflicts with at least three other circuit courts of appeal nationwide. Had the government appealed, the Supreme Court likely would have taken the case to clear up the conflicts.” Since the Ninth Circuit court ruling only affects federal case proceedings in Alaska, Arizona, California, Hawaii, Idaho, Montana, Nevada, Oregon and Washington, and Manning is being tried in Maryland, the U.S. government may not have wanted to risk having a portion of its Wikileaks case thrown out by a Supreme Court ruling supporting the Ninth Circuit’s ruling.
The DoJ may also have wanted to avoid impacting the hundreds of other civil and criminal CFAA-related cases that have been brought in the past five years.
Nosal still faces other charges related to his actions, however, the CNBC story states.
The second court ruling I wrote about involved Sergey Aleynikov, who was found guilty under the National Stolen Property Act (NSPA) (pdf) and the Economic Espionage Act (EEA) of 1996 for stealing and transferring some proprietary computer source code from his former employer, Goldman Sachs. The Second Circuit Court of Appeals unanimously overturned (pdf) Aleynikov's conviction, in essence stating that neither act was applicable for the crime he was alleged to have committed.
At the time I wrote: “As far as I know, Aleynikov is not being pursued by Goldman Sachs or anyone else on any other civil or criminal offenses.”
Well, late last week Sergey Aleynikov was brought up on Class E felony charges by the Manhattan Dstrict Attorney, Cyrus R. Vance Jr. Accompanying the announcement of the indictment under New York State’s laws against the Unlawful Use of Secret Scientific Material and the Unlawful Duplication of Computer Related Material was a press release explaining that, “This [Goldman Sachs] code is so highly confidential that it is known in the industry as the firm’s ‘secret sauce’. Employees who exploit their access to sensitive information should expect to face criminal prosecution in New York State in appropriate cases.”
Aleynikov’s lawyer cried foul over the new indictment, saying, "the new prosecution… violated the double jeopardy clause,” reported the New York Times. The Times also reported that Aleynikov’s lawyer informed the judge in the case that, in arguing against the charges, he was “preparing to file malicious prosecution lawsuits against Goldman Sachs and the federal government” for the original indictment and conviction that was tossed out by the Second Circuit Court. However, legal experts quoted in the Times didn’t think that Aleynikov’s lawyer stood much of a chance of making the double jeopardy argument stick.
If Aleynikov is convicted under these New York State charges, he can receive up to four years in jail, reports a Bloomberg Businessweek story.
Robert N. Charette is a Contributing Editor to IEEE Spectrum and an acknowledged international authority on information technology and systems risk management. A self-described “risk ecologist,” he is interested in the intersections of business, political, technological, and societal risks. Charette is an award-winning author of multiple books and numerous articles on the subjects of risk management, project and program management, innovation, and entrepreneurship. A Life Senior Member of the IEEE, Charette was a recipient of the IEEE Computer Society’s Golden Core Award in 2008.