Employee Misuse of Computer Access Ruled Not a Crime
Mary Pat Gallagher reports:
Using a password-accessed workplace computer in violation of company rules or policies may get you disciplined, but it’s not enough to be prosecuted in New Jersey, says a Mercer County judge in a published case of first impression.
Superior Court Judge Mitchel Ostrer threw out an indictment against Princeton Borough police sergeant Kenneth Riley, for viewing a digitally stored video of a January 2008 motor vehicle stop by other officers in his department.
Riley had a password allowing him to access videos of motor stops, but department policy only allowed him to view them for training purposes.[…] [The judge] found that “unauthorized access under sections 25(a) and 31(a) does not encompass entry into a computer database by an insider with a current password.” He threw out the official misconduct counts, too, because they were predicated on the computer offenses.
The computer crime statute is too ambiguous to support the indictment, he said. It does not define what it means by “in excess of authorization” and even the meanings of “access” and “without authorization” were uncertain.
Read more about the case, State v. Riley, and legal analysis from the New Jersey Law Journal.