The same hacking statute internet sensation Aaron Swartz was being prosecuted under until his January suicide is quietly being tested in a San Francisco federal courtroom — to little fanfare in a case devoid of hacking in the traditional sense.
Swartz’s case and his untimely death set off a firestorm across the internet to reform the hacking law known as the Computer Fraud and Abuse Act — a statute many suggested the government was abusing. The Swartz prosecution prompted Attorney General Eric Holder to enter the fray, saying it was a “good use of prosecutorial discretion.”
But none of that drama associated with the Swartz case and its aftermath is present in the San Francisco courtroom of U.S. District Judge Edward Chen. It’s where one of the most bizarre applications of the anti-hacking law is playing itself out to a virtually empty gallery.
Beginning today, jurors will begin deliberating their first full day in the two-week hacking prosecution of David Nosal, whose case has had a tortured legal history with two trips to a federal appeals court.
Nosal’s crime, prosecutors say, is this: His former colleagues at Los Angeles-based executive search firm Korn/Ferry International, where he had worked, gave him their passwords to access a proprietary database that the authorities claim helped Nosal build a competing executive search firm.
“This is a stretch of the law,” Steven Gruel said in a brief interview during a recent recess in the case.
Before the case went to the jury Friday, Nosal’s defense team unsuccessfully urged the judge to toss the charges, arguing that the alleged crime doesn’t fit the statute.
The Computer Fraud and Abuse Act was passed in 1984 to enhance the government’s ability to prosecute hackers who accessed computers to steal information or to disrupt or destroy computer functionality.
The act makes it a federal offense if one “knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period.” Prison penalties are up to 5 years per violation.