Despite objections from privacy advocates, the U.S. Supreme Court has rejected an appeal by a Bay Area business executive who was convicted of fraud for getting onetime co-workers to download confidential information from the company computer that he then used to start his own firm.
A federal jury convicted David Nosal, former regional manager of Korn/Ferry International in Redwood City, a prominent executive search firm, in 2013 of six felony charges, including computer fraud, theft of trade secrets and conspiracy.
He was sentenced to a year in prison and fined $60,000.
Nosal left Korn/Ferry in 2004, after being passed over for promotion, and took two co-workers with him. Prosecutors said those two persuaded a third employee, Nosal's former executive assistant, to provide her computer password, which they used to obtain customer lists and other information from a company database that Nosal used in his new business, Nosal Partners.
Before the trial, the Ninth U.S. Circuit Court of Appeals in San Francisco had thrown out an additional charge that Nosal, by gaining entry to his former employer's computer, had exceeded his "authorized access" with intent to defraud. That law applied only to hackers, the court said.
But the court upheld the jury verdict last year, saying Nosal had been properly convicted of using his former colleagues to access the database "without authorization" for fraudulent purposes.
In a 2-1 ruling, Judge Margaret McKeown said Nosal had not merely exceeded the access he once had to Korn/Ferry's database, but had tapped into a system he had been forbidden to enter after he left the company.
Nosal and his co-conspirators "acted without authorization" when they "used the log-in credentials of a current employee to gain access to computer data owned by the former employer," said McKeown, joined by Chief Judge Sidney Thomas.
In dissent, Judge Stephen Reinhardt said Nosal's conduct was "unscrupulous" but did not amount to computer fraud, and warned that the ruling could have unintended consequences.
Reinhardt said Nosal and his cohorts had merely persuaded their former co-worker to share her password, the same type of "innocuous conduct engaged in by ordinary citizens -- for example, a husband who shared his bank account password with his wife to help her pay a bill."
Nosal's Supreme Court appeal drew support from the San Francisco privacy-rights group Electronic Frontier Foundation, which argued that the law against accessing a computer "without authorization" for illicit purposes applies only to hacking.
The appeals court's contrary interpretation would "criminalize or otherwise penalize somewhat routine behavior, the sharing of a password with permission of someone who had that password," said Andrew Crocker, a lawyer for the San Francisco foundation.
But the high court denied review of the case Tuesday without comment.
___ (c)2017 the San Francisco Chronicle Visit the San Francisco Chronicle at www.sfgate.com Distributed by Tribune Content Agency, LLC.