Use a computer, go to jail: how a federal law can be used to prosecute almost anyone who visits a website.

• Author: Sullum, Jacob
• Position: Columns

IF YOU ARE reading this column online at work, you may be committing a federal crime. Or so says the Justice Department, which reads the Computer Fraud and Abuse Act (CFAA) broadly enough to encompass personal use of company computers as well as violations of website rules that people routinely ignore.

In April the U.S. Court of Appeals for the 9th Circuit rightly rejected this view of the CFAA, which Chief Judge Alex Kozinski noted could conceivably make a criminal out of "everyone who uses a computer." Unfortunately, other appeals courts have been more receptive to the Justice Department's interpretation, which gives U.S. attorneys the power to prosecute just about anyone who offends or annoys them.

Congress passed the original version of the CFAA in 1984, when the Internet was in its infancy and the World Wide Web did not exist, to protect government computer systems and financial databases from hackers. As a result of amendments and technological developments, George Washington University law professor Orin Kerr explains in a 2010 Minnesota Law Review article, "the law that began as narrow and specific has become breathtakingly broad."

The 9th Circuit case involved David Nosal, who left the executive search firm Korn/Ferry International in 2004 and allegedly enlisted two former colleagues to feed him proprietary client information with an eye toward starting a competing business. Nosal was charged with conspiracy, mail fraud, trade secret theft, and violating the CFAA, which criminalizes unauthorized computer access in various circumstances.

Although Nosal's confederates were authorized to use Korn/Ferry's database, prosecutors argued that improperly sharing information with him rendered their access unauthorized. As Judge Kozinski noted, "the government's construction of the statute would expand its scope far beyond computer hacking to criminalize any unauthorized use of information obtained from a computer."

The felony Nosal was accused of committing involves unauthorized access "with intent to defraud" But the CFAA also makes someone guilty of a misdemeanor, punishable by up to a year in jail, if he "intentionally accesses a computer without authorization or exceeds authorized access" and "thereby...