3 Questions in Determining Liability in #Twittergate
Does Twitter Have Legal Claims for the Hacking and Posting Confidential
In an interesting development for Twitter, French hacker "Hacker Croll"
recently compromised confidential information of the Silicon Valley
microblogging phenomenon's top executives. The security breach didn't end
there, in fact after the hacker used simple techniques to gain access to the
execs' Google accounts, he then retrieved more than 300 private documents stored
on Google Docs and emailed the same to various tech news outlets. TechCrunch,
one of the highly-trafficked sites that was emailed, has
already started posting some of the documents online.
In an increasingly online and web-casting world, questions of liability for
invasion of privacy are becoming more prevalent. This recent 'virtual break-in'
also highlights the unique security issues surrounding 'cloud computing'--or the
increasingly popular practice of using online apps to create, share, and
simultaneously allow access to information. With cloud computing, hacking a
single password can also allow access to various other information such as
photos, documents, and social media accounts.
What are the important questions that Twitter attorneys are mulling these
days...and that you might be wondering about for your own online privacy?
- Federal or State Law? Computer crimes such as hacking
violate the Computer Fraud
and Abuse Act (CFAA), a decidedly federal law. There may be state
equivalents or local laws that a hacker may be tried for as well. The CFAA was
introduced as a criminal statute created to protected classified government
information, but has evolved to include civil ramifications and has expanded
protect all computers used in interstate commerce. It was under the CFAA that
former-Governor Palin's hacker was indicted by a federal grand jury for intentionally accessing her
Yahoo account without authorization. If convicted, he could face five years in
prison and a $250,000 fine.
Similarly, if it is proven that Hacker Croll
""in furtherance of the commission of a criminal act... intentionally and without
authorization accessed a protected computer by means of an interstate
communication and thereby obtained information, and did aid and abet the same"
he, just as Sarah Palin's hacker, will be liable
under the CFAA.
- Misdemeanor or Felony? To bring forward felony charges
instead of simple misdemeanor charges, the government must assert that the
unauthorized web access was "committed in furtherance of any criminal or
tortious act in violation of the Constitution or laws of the United States or of
any State". Similar to the Palin-hacker case, this bar is a basic one
considering the various civil and criminal charges that can be implicated in an
unauthorized reach for confidential information and the potential monetary
damage that could implicated for a fast-growing company such as
- How Far Does the Liability Extend? The online community is
abuzz, or atwitter,
with musings on whether TechCrunch could be held liable for posting the information
online. Though federal law is rather specific and severe in punishing hackers,
the law is rather vague about publishers of the information. In fact, as
evidenced by the federal case that ended an indictment of Sarah Palin's hacker,
news organizations were not penalized for posting the illegally-obtained
information. In fact, the law protects news organizations in publishing legally-obtained
information--regardless of how the information was gotten.
With increasing attention on legal issues of online privacy, the government
may take a closer look at liability and how far it extends--so as to protect not
only the Twitters of the world but also the Cyber Joes and Online Janes.