The facts of the case are interesting - the defendant was involved in a dispute over his salary with the school district he worked for. While surfing the internet in the computer room, he accidentally bumped the mouse of a computer next to him and the screen came alive to reveal an open Yahoo! Inbox. It happened to be one of the members of the education association that he was in dispute with. There were two emails that clearly pertained to his dispute, so he clicked on them to read them. They were not flattering to the education association, so at the next meeting, the defendant distributed the emails as evidence of failing to bargain in good faith. The emails included conversations between multiple members of the association, and accordingly they all filed suit for various charges; of importance here was a cause of action under N.J.S.A. 2A:156A-27, which reads in pertinent part:
A person is guilty . . . if he (1) knowingly accesses without authorization a facility through which an electronic communication service is provided or exceeds an authorization to access that facility, and (2) thereby obtains, alters, or prevents authorized access to a wire or [an] electronic communication while that communication is in electronic storage.The court initially found that the defendant did not access the facility without authorization because the previous user who had logged in was actually the one to access the facility. So the question for the jury turned on exceeding authorized access. The court framed the case in that regard as follows: "the question for this court is whether the undisputed facts precluded a finding that Wayne [the defendant], the non-moving party, knew Marcus [the inbox owner] had not consented to — stated differently, had not impliedly or tacitly authorized — access to the contents of the e-mails that she left accessible to all by failing to close her inbox and log off her account."
The court reviewed the jury's finding, noting that the Judge below had been careful in crafting his instructions regarding the statutory requirements:
In fact, the judge in this case submitted questions to the jurors that were carefully crafted to ascertain whether Wayne [the defendant] knew he lacked authorization or knew he exceeded his authorization. Their answers demonstrate that they found he did not know. All seven of the deliberating jurors found that he "knowingly accessed" the facility providing the service and that he obtained an electronic communication in electronic storage, but six of the seven found that he had not "exceeded an authorization to access that facility," and seven found that Wayne had "tacit authorization" to do so.The court declined to overturn such a verdict, noting that a question of subjective intent was a question for a jury unless no reasonable fact-finder could reach such a conclusion, and the court did not ascribe to the latter notion.
In short, I do not agree with this decision. I agree that there is tacit authorization to skim all of the contents on the screen of the computer with the open inbox, but as soon as you click on an email and open it, I cannot understand how that does not violate the statute. I believe the court erred in dismissing the "knowingly accesses without authorization" leg of the test - yes, the first user knowingly accessed it, but that does not preclude a second user from knowingly accessing as well. More specifically, the knowingly accessed portion cannot be a one and done sort of query - the user who first logged in did so, but the defendant also did so when he committed an overt act to open an email of another person without their authorization. The court is conflating access with "logging in," which as an altogether way too narrow reading of the statute.
"Accesses" is being used as a verb in the statute above, and a quick look at the dictionary shows where the court went wrong:
Verb: Obtain, examine, or retrieve (data or a file).I access something, inter alia, when I log in, when I click on something, or when I make a query to a database. Accordingly, I knowingly access without authorization and obtain electronic communication in electronic storage when I click on somebody else's email in an inbox.
Leaving your inbox open is stupid and gives tacit authorization to view that which is in front of you - the inbox. It does not give you authorization to then click on anything within there.