Unlawful Access to a Computer

network_server_1.jpgSome of you old timers here in Orlando have never heard of the crime “unlawful access to a computer”, or even its distant cousin “unlawful taking of confidential or trade secret data”–but get ready–these crimes are exploding onto the scene. Let’s face it: data can be worth far more than gold. The theft of data can have grave consequences for the company that has been victimized. And, while most of these crimes are part of Hollywood blockbuster movies, there’s some real life action happening here in Florida. So, without further delay, let’s delve into the recent case of Willoughby v. State of Florida, 84 So.3d 1210 (Fla. 3rd DCA 2012).

Willoughby was employed as a financial specialist, and signed a confidentiality agreement with her employer. When her work computer became too slow and bogged down, her office allowed her to access the company’s computer system via her personal laptop. This enabled her to work from home, and that’s always a good thing. But, a nosy supervisor became suspicious of Willoughby’s computer activities, so the supervisor requested permission to search her computer. Willoughby allowed the search, but became uncomfortable when she noticed the supervisor was going thru her personal files as well. Willoughby took back her laptop, resigned on the spot, and left the premises.

As you would expect, it doesn’t stop there. Somebody always has to get the police involved, don’t they? No exception here. The supervisor went to the police, and a warrant to search Willoughby’s home was conducted. The laptop was seized as part of the search. Upon examination, the police found that Willoughby had saved the employers entire client trust fund master list onto the laptop. She was then arrested for unlawfully accessing a computer database (Florida Statute 815.06(1)), and obtaining trade secrets or confidential data (Florida Statute 815.04(3)(b)). The jury convicted on both counts, and Willoughby appealed.

First, the appeals court tackled count one, unlawful access of a computer database. This conviction sounds silly doesn’t it–given the fact that Willoughby was an employee, and thus authorized to access the corporate computers? The appeals court agreed, reasoning that the “evidence demonstrated that Willoughby’s supervisor authorized Willoughby to access” the computer network. Yep, easy reversal on that one. What about count two, which prohibits the willful taking of data without authorization which is a trade secret or is confidential?

The court upheld the conviction on count two, on a technicality. Basically, do you recall that Willoughby was authorized to “use” her personal laptop to log into work? True enough, but according to her employer, she never had authorization to “download” any data from her employer’s computer system to her personal laptop. The problem is, any computer expert would conclude that all of Willoughby’s work from home on the corporate network involved “downloading data”. How else would the information arrive to the home computer, but for downloading it? I suppose the real crime was not the “downloading”, but rather the “saving” of the master list permanently to her laptop. Oops.

One other issue worth noting here is that the State never really proved Willoughby’s malicious intent. And, the appeals court was ok with that, holding that the statute does not require malicious intent. Bad intentions used to be more important than they are today, and many new crimes are moving in the direction of strict liability–where the simple act of doing it gets you in trouble–no excuses or explanations allowed. These types of laws are popular in countries like China, Iran, North Korea, and Florida. I’m just saying.