The Georgia Supreme Court recently concluded that Georgia’s equivalent of the CFAA should be viewed narrowly, similar to the US Supreme Court’s recent, similar decision in Van Buren. In Kinslow v. State, the Georgia Supreme Court held that even if there is unauthorized use of a computer or computer network, there must be enough evidence to prove that the defendant used the computer network knowingly without authority and with the intention of obstructing or interfering with the use of data.
The court acknowledged that in the case at hand, the defendant lacked authority when he altered his employer’s computer network settings in such a way that his supervisor’s emails were forwarded to defendant’s personal email address. However, there was not enough evidence to prove that the defendant had the intention to obstruct or interfere with the flow of data in the form of emails, as the supervisor still received emails that were intended for him. The court went through a deep analysis of each of the elements of the statute. Applying the canons of construction, it found that there must be evidence of the intention to obstruct and interfere, which was lacking in this case. As a result, the court overturned the defendant’s felony conviction under Georgia’s computer trespass law.
Putting It Into Practice: This case shows that the scope of state computer trespass/fraud statutes may be narrowed, similar to the narrowed scope of CFAA. As we noted following the Van Buren decision, companies should think about regularly auditing and updating access rights to their IT systems.