What is Considered ‘Unauthorized Access' to Information?By: Beau Woods
A recent federal court ruling in Pennsylvania has brought this question back into discussion amongst many security, technology and legal professionals. InHealthcare Advocates Inc. v. Harding Earley Follmer & Frailey, the court ruled that it is not considered unauthorized (and therefore illegal) access if the information in question was gathered from publicly archived or cached data. This means if your company's data has been cached by search engines such as Google or Internet Archive that data whether sensitive or not can be legally accessed by anyone.
From thearticleposted by Law.com:
"A law firm did not violate copyright and computer anti-hacking laws when it used a Web archive search tool to recover old Web pages of its client's adversary, says a federal judge.
They did not "pick the lock" and avoid or bypass the protective measure, because there was no lock to pick, Kelly wrote inHealthcare Advocates Inc. v. Harding Earley Follmer & Frailey, No. 05-3524. Nor did the Harding firm steal passwords to get around a protective barrier. The Harding firm could not "avoid" or "bypass" a digital wall that was not there."
Several other blogs have also weighed in on the court's decision in the context of the larger what is considered unauthorized access question:
If you don't secure your data, it's not unauthorized access
Obligation to Secure
Robots.txt and the DMCA
Thanks for letting me circumvent