Related Practices and Jurisdictions

The Georgia Supreme Court recently concluded that Georgia’s CFAA equivalent should be viewed closely, much like the recent, similar ruling by the US Supreme Court in the Van Buren case. In the Kinslow v. State, the Georgia Supreme Court ruled that even if there is unauthorized use of a computer or computer network, there must be sufficient evidence to prove that the accused knowingly used the computer network without authority and with the intention of obstructing or interfering with its use of data.

The court acknowledged that in the present case, the defendant had no authority to change his employer’s computer network settings so that his manager’s emails were forwarded to the defendant’s personal email address. However, there was insufficient evidence of the defendant’s intention to obstruct or hinder the flow of data in the form of e-mails, since the manager continued to receive e-mails that were intended for him. The court went through an in-depth analysis of all elements of the law. Using the building code, it determined that the intention to hinder and interfere, which was missing in the present case, must be demonstrated. As a result, the court overturned the defendant’s conviction of a crime under Georgia’s Unauthorized Computer Access Act.

Putting it into practice: This case shows that the scope of the Unauthorized Access to Computers / Fraud laws can be narrowed, similar to the restricted scope of the CFAA. As we found out after the Van Buren decision, companies should think about regularly checking and updating the access rights to their IT systems.

Copyright © 2021, Sheppard Mullin Richter & Hampton LLP.National Law Review, Volume XI, Number 190