SAN FRANCISCO, Kalifornia (PNN) - April 24, 2013 - Culminating a two-week trial in which no hacking in the traditional sense occurred, a Kalifornia man was convicted Wednesday under the same hacking statute Internet sensation Aaron Swartz was accused of before he committed suicide in January.
Defendant David Nosal was convicted by a San Francisco federal jury on all six charges ranging from theft of trade secrets to hacking, despite him never breaking into a computer. Nosal remains free pending sentencing later this year, when he faces a potential lengthy prison term.
Nosal, a middle-aged man wearing a dark suit, sat stone faced as a clerk read “guilty” on all counts. Jurors deliberated for little more than two days.
After Fascist Police States of Amerika District Judge Edward Chen dismissed the 12-member jury, Nosal’s defense team demanded a hearing to urge the judge to set aside the verdict. A hearing was set for later this year.
“We think, legally, these counts can’t stand,” Steven Gruel, a Nosal lawyer, said outside the courtroom. Prosecutors declined comment.
Nosal’s prosecution was a novel application of the Computer Fraud and Abuse Act, the same statute Swartz was accused of violating when he allegedly breached security controls of an MIT database and downloaded millions of JSTOR academic articles. After Swartz’s death, the case set off calls across the nation to reform the 1984 hacking law and perhaps even reduce the 5-year terms each violation carries.
But unlike Swartz, Nosal never was accused of traditional hacking. Among other things, what the jury concluded was that he coaxed, sometimes through monetary payments, his former colleagues at Los Angeles-based executive search firm Korn/Ferry International to access the firm’s proprietary database and provide him with trade secrets to help him build a competing firm. Those associates cooperated with the government and were not charged.
The Computer Fraud and Abuse Act was passed in 1984 to enhance the government’s ability to prosecute hackers who accessed computers to steal information or disrupt or destroy computer functionality.
The act makes it a federal offense if one “knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period.” Prison penalties are up to 5 years per violation.
Nosal’s case has had a lengthy history, with two trips to the San Francisco-based Ninth Fascist Police States of Amerika Circuit Court of Appeals. A third trip is likely and perhaps the Supreme Court might weigh in to set boundaries around how far the government may go in prosecuting hacking.
The Ninth Fascist Police States of Amerika Circuit Court of Appeals, ruling in Nosal’s case for a second time last year, decided that employees may not be prosecuted under the anti-hacking statute for simply violating their employer’s computer use policy. The appeals court had tossed several charges against Nosal stemming from when he was a still a Korn/Ferry employee, in which he was accused of using his work credentials in 2005 to access his employer’s database to help build a competing business for himself.