3rd Circuit: Cfaa Does Not Turn Workplace Policy Infractions Into Federal Crimes [pdf]

Posted3 months agoActive3 months ago

ivl

8 points

3 comments

www2.ca3.uscourts.govTechstory

calmpositive

Debate

20/100

CfaaCybersecurity LawWorkplace Policy

Key topics

Cfaa

Cybersecurity Law

Workplace Policy

The 3rd Circuit Court of Appeals has ruled that the Computer Fraud and Abuse Act (CFAA) does not turn workplace policy infractions into federal crimes, a decision that may have implications for cybersecurity law and workplace policy.

Snapshot generated from the HN discussion

Discussion Activity

Light discussion

First comment

N/A

Peak period

0-1h

Avg / period

Key moments

01Story posted
Oct 8, 2025 at 12:43 PM EDT
3 months ago
Step 01
02First comment
Oct 8, 2025 at 12:43 PM EDT
0s after posting
Step 02
03Peak activity
3 comments in 0-1h
Hottest window of the conversation
Step 03
04Latest activity
Oct 8, 2025 at 12:50 PM EDT
3 months ago
Step 04

Generating AI Summary...

Analyzing up to 500 comments to identify key contributors and discussion patterns

Discussion (3 comments)

Showing 3 comments

duxup

3 months ago

SCOTUS addressed this in some form already in Van Buren v. United States:

https://en.wikipedia.org/wiki/Van_Buren_v._United_States

The 3rd Circuit ruling here does reference the SCOTUS ruling a number of times so that makes sense.

----------

The quote in the ruling also fits the SCOTUS ruling's spirit:

"In the wrong hands, the law becomes a hammer in search of a nail. This is one such case."

In the case you had someone saving workplace passwords in a spreadsheet against policy (as well as some other activity on a computer that could be deemed against workplace policy).

The idea that workplace policy about password usage, or document access would trigger CFAA and make these people eligible for being prosecuted for federal crimes is ABSURD and the court here saw that as well.

mikece

3 months ago

I regret that I can only upvote this one once!

ivlAuthor

3 months ago

Apologies for the PDF link. The opinion is amusing, and has some benefits. If it's appealed and this decisions is upheld, the blast zone around the CFAA will be diminished.

The key point is rather simple.

> In doing so, we hold for the first time that, (a) by its text and purpose, the Computer Fraud and Abuse Act, 18 U.S.C. § 1030, does not turn these workplace-policy infractions into federal crimes, and (b) passwords that protect proprietary business information are not themselves trade secrets under federal or Pennsylvania law.

Footnote 2 is also amusing: "To the dismay of IT professionals everywhere, the document was titled "My Passwords.xlsx." App. 2770"

View full discussion on Hacker News

ID: 45518098Type: storyLast synced: 11/17/2025, 11:10:30 AM

Want the full context?

Jump to the original sources

Read the primary article or dive into the live Hacker News thread when you're ready.

Open link View on HN