This is a huge deal. If your company has an acceptable use policy then you could be convicted of a felony for something as benign as checking Facebook or Twittering. That is insane.
You might say "my company has no official policy, so it can't happen to me." Wrong. Accroding to this ruling, you are a felon for doing anything on any computer, unless you were expressly authorized to perform that action on that computer. From the article:
'He added that the city had never actually disseminated a policy regarding internet usage to tell workers what was inappropriate.
'"They had crafted one but they hadn’t published it," he said. "So there was in effect no policy and no protections on the computer--no password protection or filtering of any kind--so basically anybody could access anything on the internet through the city’s computer."'
Realistically, as mynameishere points out below, they were able to get a jury to convict him because he was doing some genuinely nasty things -- things no half-sane person would do at work, including soliciting prostitutes. It looks like a terrible injustice when you carry it to the logical conclusion, but realistically you would not be able to get a jury to convict someone for twittering at work, nor would a prosecutor ruin his career by pursuing a case like that.
This is just another example of, "Okay, we found a bad guy, now what laws can we use to nail him?" I don't think it's especially uncommon, and it is one reason juries are so important: they're the first line of defense against the unreasonable application of unreasonable laws.
The problem is that for the set of "generally nasty things" which are not "illegal things" one shouldn't get a felony on their record. Fired, sure. Bitched out? You betcha. But not a felony.
Because, see, letting people decide that things they think are nasty should be felonies and convicting people based on laws they've fished out to abuse for those purposes is ungood. You don't want that in a free society.
On the other hand, you don't want people violently breaking the social norms in a structured environment like a work place. That's why there's a whole range of appropriate remedies that do not involve the courts.
That's a good discussion to have, and I tend to agree with you, but my point remains: nobody is going to get locked up for checking the weather at work. There's nothing to justify the Redditesque hysteria being eagerly upvoted on this page.
I think this resonates with some because the line is unclear. I've had boobs show up on my work machine before when I followed innocent seeming links. Heck, last week one of my new twitter followers was porn spam that had a full frontal nude as a profile pic.
Where I live prostitution is legal (though I personally find it rather icky). I don't know what my response would be to co-workers looking up info on a brothel at work, but it wouldn't be to call the police.
When I worked at SAP of all places, on their list of entertainment venues in the area of the headquarters, one of the links on the intranet wiki was to a gay club that has dark rooms. If an SAP employee in the contested jurisdiction clicked on that link, would they be a felon?
This guy was clearly over the line, but I'd find it hard to say exactly where it is. If what he did made him a felon, I'd be hard pressed to say where the line is between him and the cases above. Since only one of the "nasty" activities that he committed was illegal (and that not even universally in the US) it is chilling that the legal system was rigged to find a way to convict him on a serious count that was put in place for entirely different reasons.
The guy was slammed with 3 counts: for soliciting prostitution (misdemeanor), stealing time from work (felony), and 'unauthorized computer/network' use (ie, 'hacking', also felony). They thoroughly nailed him with a misdemeanor and a felony which are arguably reasonable, hence there's no need to apply a computer hacking law in a plainly unreasonable way.
As applied here it means that any use of a computer "beyond the scope of the express consent" is a felony. Twitter and ebay use at work could be felonies under the same reasoning. I understand juries are a safeguard against unreasonable laws (go founding fathers), but I'd sooner have reasonable laws to begin with.
Our higher courts have long been skeptical of the idea of Congress being able to delegate portions of its lawmaking power to other entities, and there's a decent body of case law around it. So that's how I'd expect a half-decent Constitutional lawyer to attack this.
That depends on whether the law is constitutional or not. If not, then it could be overturned judicially or more likely returned to the legislature for revision.
But if you read the text of the law in question, it covers a variety of offences including computer breakins. Your perception is that hacking is the focus of the law and it's been misinterpreted to include this other activity, but in fact hacking is only one of several things covered by it.
It's Ohio revised code 2913.04.b: 'Unauthorized use of property - computer, cable, or telecommunication property' and is available here: http://codes.ohio.gov/orc/2913.04
Am I the only person here who took the trouble go and read it?
If your company has an acceptable use policy then you could be convicted of a felony for something as benign as checking Facebook or Twittering.
I'm technically breaking our never-enforced acceptable use policy right now by posting on News.YC.
I wonder if it only takes an over-zealous DA or if the company has to be complicit. Ok I'm aware I'm not using complicit appropriately - it's intentional. This is crazy. This guy had some REALLY bad judgment, but this amounts to the government being thought police.
Don't agree. The law is interpreted, not compiled; this is one possible interpretation of what I admit is a farily broad statute.
But let's be realistic here, if you twitter your other half with 'working late, will eat from freezer xxx snookums' no jury is going to hold that against you. Uploading >700 porn pictures at work, even of your own sexy self, is asking for trouble. You're laying your employer open to all kinds of liability, to say nothing of it not being anything like what they pay you for unless you're in the porn business.
The guy is irresponsible, lacks common sense, and is trying to wriggle off the hook on a technicality. Let's not make a hero out of him, and let's not extrapolate the worst possible future from a single case, because the likelihood of anyone going to jail for checking the sports results or reading Google news on the office computer during lunch hour is vanishingly low.
It's this kind of stupid 'but nobody told me I shouldn't' bullshit that leads to the imposition of idiotic HR policies in the first place.
Back in late 90s I knew a guy who hated his job so much that instead of programming enterprise apps in Java he started running his own porn site on company servers.
When IT finally discovered this, they shot it down immediately and reported the incident to HR. The dude, however, was so ignorant that he called internal (!) IT support and complained that one of his servers in company data center wasn't responding.
He got fired.
That allowed him to work full time on his new business and he advanced to moving to California and opening his own production studio. Here's another entrepreneurial story for you all.
"one count of unauthorized access to a computer,
with a specification that the value of the property or services stolen was more than $500
and less than $5000, in violation of R.C. 2913.04(B), a fifth degree felony;"
I'm not sure how they calculate the 'value of property or services stolen'. One could buy a laptop for under $500 and surf the web, no?
The appeal also quotes the law he supposedly broke, R.C. §2913.04:
"No person shall knowingly use or operate the property of another without the consent of the owner or person authorized to give consent." and
"No person, in any manner and by any means (...) shall knowingly gain access to (...) any computer, computer system, computer network, (...) without the consent of, or beyond the scope of the express or
implied consent of, the owner of the computer, computer system, computer network (...)"
As briansmith points out, you could be a felon for twittering from a work computer based on this law plus the wacky damage assessment.
Of course, the reason this guy was nailed so hard is because he was using Adult Friend Finder. If he'd been on a cross stitching site or on ebay, he would not have been prosecuted this hard or convicted of hacking by a jury.
I'm not sure how they calculate the 'value of property or services stolen'. One could buy a laptop for under $500 and surf the web, no?
The services stolen in this case are the employee's paid for time. By surfing porn on city time he was depriving the city of $500-$5,000 worth ($2400, it looks like) of their employee's time. Ridiculous, I know.
From the article: "...theft of services in office (essentially for depriving the city of his paid services while he conducted the unauthorized activities on a city computer on city time)"
And if you have your own computer then they will soon argue that you used the network in an un-authorised way. So you need a handheld with 3G network, but they'll probably not let that in the door. ;)
No, seriously. This gets at the whole point of encryption. When this guy went into court, they showed the jury all of this bdsm porno, pictures of the guy naked, showed that he was committing other crimes like solicitation, etc, and that's why he's going to jail. A bunch of random bits don't have the same impact, especially if the defense implies that he was checking up on his ebay auctions.
You might say "my company has no official policy, so it can't happen to me." Wrong. Accroding to this ruling, you are a felon for doing anything on any computer, unless you were expressly authorized to perform that action on that computer. From the article:
'He added that the city had never actually disseminated a policy regarding internet usage to tell workers what was inappropriate.
'"They had crafted one but they hadn’t published it," he said. "So there was in effect no policy and no protections on the computer--no password protection or filtering of any kind--so basically anybody could access anything on the internet through the city’s computer."'