2012)[1] was a United States Court of Appeals for the Ninth Circuit decision dealing with the scope of criminal prosecutions of former employees under the Computer Fraud and Abuse Act (CFAA).

Before leaving the company, the employees downloaded a large volume of "highly confidential and proprietary" data from Korn/Ferry's computers, including source lists, names, and contact information for executives.

[1] On June 26, 2008, Nosal and the three employees were indicted by the federal government on twenty counts of violations of the Computer Fraud and Abuse Act.

Nosal appealed the indictment, claiming that the CFAA was "aimed primarily at computer hackers" and that it "does not cover employees who misappropriate information or who violate contractual confidentiality agreements".

They decided that, as a logical extension of this finding, the question of whether an employee "exceeds authorized access" is likewise determined by the employer's actions, including (but not limited to) the promulgation of computer use restrictions.

Judge Campbell dissented, arguing that the court's decision renders the CFAA's provisions unconstitutionally vague, since computer use policies are not written "with the definiteness or precision that would be required for a criminal statute" and they can be changed without notice.

[9][10] The court defended its ruling, noting that such benign behaviors lack the requisite conditions of "intent to defraud" and "furthering fraud by obtaining something of value" as required for prosecution under CFAA Section (a)(4).