Authorization – Jersey Style
One of my favorite Traveling Wilburys songs is Tweeter and the Monkey Man:
And it contains one of my all time favorite lyrics: “in Jersey everything’s legal as long as you don’t get caught.” A recent case from New Jersey sort of makes that point. The case involves a New Jersey Teacher named Wayne Rogers (presumably not the guy who played Trapper John on MASH). Here are the facts as relayed by the court:
The dispute arose while Wayne was using one of several computers that the district makes available to teachers in a central location in the school. Although the school’s policy limits use to matters related to work, the teachers customarily use them to check their personal email accounts as well as messages sent through the district’s system.
One morning before school started, Wayne went to the computer room to check his work emails and took a beverage with him. As he placed that drink between the computer he was using and the one next to it, he bumped the mouse of the adjacent computer. The resulting movement of the mouse revealed the open inbox of a Yahoo email account that Wayne later learned belonged to Linda Marcus. Someone other than Wayne, presumably Marcus in the absence of any evidence to the contrary, has accessed and neglected to log out of that email account.
At the time, Wayne was dissatisfied with the step of the salary scale on which he had been placed under the association’s new contract with the district, and he had been dealing with Marcus and other officials of the association in order to pursue that matter by grievance. He noticed that one of the subject lines for the emails in Marcus’s inbox read “Wayne Update” and another read “We Did it.” Each included a chain of correspondence between Marcus and various plaintiffs in this action. Wayne read them and then printed them.
New Jersey law prohibits the following conduct:
A person is guilty … if he (1) knowingly accesses without authorization a facility through which an electronic communication service is provided or exceeds an authorization to access that facility, and (2) thereby obtains, alters, or prevents authorized access to a wire or [an] electronic communication while that communication is in electronic storage.
Marcus, the person whose e-mail was hacked, asked the court to rule in her favor as a matter of law. The court declined. The court found that in order to prevail, Marcus would need to establish that “Wayne knowingly exceeded his authorization, as a viewer of the retrieved and displayed index, to click on and pull from electronic storage the content of the e-mails.” Apparently, because the e-mail index was displayed and the contents of the various e-mails were accessible without use of a password or a code, a jury could conclude that Rogers’ access to the e-mails was “authorized.” So if I inadvertently leave my keys in the car, anyone might think they are “authorized” to go for a joyride? I can’t see the difference here. Can you?