United States v. Nosal, 2013 WL 4504652 (ND Ca. Aug. 15, 2013) (9th Cir)
This is another Order in the saga of Nosal cases, this time an Order Denying Defendant’s Motions for a New Trial and for Acquittal.Nosal is a former high-level employee of Korn/Ferry International (KFI), an executive search firm with offices aroundthe world. Nosal worked there from April 1996 until October 2004 when he resigned his employment and entered into a Separation and General Release Agreement and and Independent Contractor Agreement with KFI in which he agreed to continue performing services for KFI until October 15, 2005 and not to perform executive search or related services for any other entity during the term of this contract. The agreements also limited Nosal’s access to and use of confidential and proprietary information belonging to KFI.While still working as an independent contractor, Nosal began to set up his own rival search firm with the assistance of three others who continued to be employed by KFI for various lengths of time after Nosal resigned his employment and became an independent contractor in October 2004. Nosal’s former assistant (who still worked there) gave her password to the KFI proprietary system to the former employees to access KFI’s system. The former employees then used the password to access KFI’s proprietary database and download information including source lists of candidates, which they then emailed to Nosal.Nosal did not directly commit the access of KFI’s computer database; therefore, he was charged with three counts of conspiracy to violate the Computer Fraud and Abuse Act and was convicted at trial on all three counts.
In denying Nosal’s Motion, the court made the following rulings: (1) nowhere does the Ninth Circuit’s Nosal II opinion hold that the § 1030 (a)(4) requires the allegation that a defendant circumvented technological access barriers; (2) a password holder (i.e., Nosal’s former assistant) cannot grant authorization to permit someone to access whom the employer forbids – the employer (i.e., authority over the computer) must be the one to authorize the person in question to access the computer; (3) in determining who the employer authorizes or prohibits from having access to the computer, relevant information includes password sharing policies, computer login screens, timing of termination of e-mail and voicemail access, disabling of employee access credentials, prohibitions limiting access to specific database; and customary employee practices regarding access to protected the databases; (4) even if Nosal had been permitted to have access to the information the surreptitiously obtained through the computer, that did not authorize him to have access to the computer to obtain the information; and (5) violations of the CFAA could well be found to be acts foreseeability contemplated and hence within the scope of a conspiracy to steal trade secrets.
This Order provides excellent insight into the kind of evidence that is customarily presented and relevant to these types of employment related cases involving the Computer Fraud and Abuse Act.