Does Twitter Have Legal Claims for the Hacking and Posting Confidential Company Documents?
In an interesting development for Twitter, French hacker "Hacker Croll" recently compromised confidential information of the Silicon Valley microblogging phenomenon's top executives. The security breach didn't end there, in fact after the hacker used simple techniques to gain access to the execs' Google accounts, he then retrieved more than 300 private documents stored on Google Docs and emailed the same to various tech news outlets. TechCrunch, one of the highly-trafficked sites that was emailed, has already started posting some of the documents online.
In an increasingly online and web-casting world, questions of liability for invasion of privacy are becoming more prevalent. This recent 'virtual break-in' also highlights the unique security issues surrounding 'cloud computing'--or the increasingly popular practice of using online apps to create, share, and simultaneously allow access to information. With cloud computing, hacking a single password can also allow access to various other information such as photos, documents, and social media accounts.
What are the important questions that Twitter attorneys are mulling these days...and that you might be wondering about for your own online privacy?
- Federal or State Law? Computer crimes such as hacking
violate the Computer Fraud
and Abuse Act (CFAA), a decidedly federal law. There may be state
equivalents or local laws that a hacker may be tried for as well. The CFAA was
introduced as a criminal statute created to protected classified government
information, but has evolved to include civil ramifications and has expanded
protect all computers used in interstate commerce. It was under the CFAA that
former-Governor Palin's hacker was indicted by a federal grand jury for intentionally accessing her
Yahoo account without authorization. If convicted, he could face five years in
prison and a $250,000 fine.
Similarly, if it is proven that Hacker Croll ""in furtherance of the commission of a criminal act... intentionally and without authorization accessed a protected computer by means of an interstate communication and thereby obtained information, and did aid and abet the same" he, just as Sarah Palin's hacker, will be liable under the CFAA. - Misdemeanor or Felony? To bring forward felony charges instead of simple misdemeanor charges, the government must assert that the unauthorized web access was "committed in furtherance of any criminal or tortious act in violation of the Constitution or laws of the United States or of any State". Similar to the Palin-hacker case, this bar is a basic one considering the various civil and criminal charges that can be implicated in an unauthorized reach for confidential information and the potential monetary damage that could implicated for a fast-growing company such as Twitter.
- How Far Does the Liability Extend? The online community is abuzz, or atwitter, with musings on whether TechCrunch could be held liable for posting the information online. Though federal law is rather specific and severe in punishing hackers, the law is rather vague about publishers of the information. In fact, as evidenced by the federal case that ended an indictment of Sarah Palin's hacker, news organizations were not penalized for posting the illegally-obtained information. In fact, the law protects news organizations in publishing legally-obtained information--regardless of how the information was gotten.
With increasing attention on legal issues of online privacy, the government may take a closer look at liability and how far it extends--so as to protect not only the Twitters of the world but also the Cyber Joes and Online Janes.
Related Resources:
- Twitter's Private Docs Become Public (MediaPost)
- Hacked Twitter secrets begin making rounds (South Florida Business Journal)
- Twitter Hack Raises Flags on Security (New York Times)
- Does the Indictment of the Alleged Palin Email Hacker Hold Water? (FindLaw Writ)
- Computer Law (FindLaw)
- "The Cloud" Explained, Part 1 of 2 (FindLaw Technology Center)
- "The Cloud" Explained, Part 2 of 2 (FindLaw Technology Center)
