SAN FRANCISCO — Nearly eight years passed from the time FBI agents raided corporate recruiter David Nosal’s office in 2005 to the start of his criminal trial this month in San Francisco federal court.
After deliberating for just over two days, the jury on Wednesday found Nosal, 55, guilty of conspiracy, stealing trade secrets and violating the Computer Fraud and Abuse Act — handing the U.S. attorney’s office a complete trial victory in a high-profile and challenging white-collar prosecution.
The verdict in the case before U.S. District Judge Edward Chen comes a year after the U.S. Court of Appeals for the Ninth Circuit sided with Nosal’s defense lawyers in a pivotal en banc decision that junked six additional computer hacking charges against the former Korn/Ferry International executive.
But Assistant U.S. Attorneys Kyle Waldinger and Matthew Parrella salvaged their case, albeit on narrower charges, persuading the jury that on at least three occasions in 2005 Nosal directed accomplices to sneak into Korn/Ferry’s computer database with a borrowed password in violation of the Computer Fraud and Abuse Act, or CFAA.
That left a disappointed defense team to talk appeal. Dennis Riordan of Riordan & Horgan and S.F. solos Martha Boersch and Steven Gruel pledged to send the case back to the Ninth Circuit — and even started referring to last year’s en banc ruling in U.S. v. Nosal, 676 F.3d 854 as "Nosal I."
"I am extremely optimistic that all the counts will be overturned," said Gruel, Nosal’s longtime attorney who delivered the opening statement for the defense. A grim-faced Nosal slipped out of the courthouse quietly following the verdict. The U.S. attorney’s office declined to comment.
Prosecutors and defense lawyers agreed on most of the facts that gave rise to the charges. Nosal worked for the executive search firm Korn/Ferry from 1996 to 2004 and rose to oversee operations for the central and northwest United States. In 2004 Nosal decided to leave Korn/Ferry and start his own headhunting business. Nosal agreed to work as an independent contractor for Korn/Ferry for one year and pledged in a formal separation agreement not to engage in a competing business.
However, Nosal was secretly working with confederates inside and outside Korn/Ferry to start his new business, Nosal Partners. On three occasions, individuals working with Nosal, including his former girlfriend, borrowed a password from a current Korn/Ferry employee and used it to retrieve lists of executive job candidates from Korn/Ferry’s database known as Searcher.
When word of those activities reached the company’s general counsel, Peter Dunn, the firm launched an investigation that resulted in civil litigation and a referral to the FBI.
The primary disputes between prosecutors and defense lawyers came over key legal concepts, such as what constitutes a trade secret and the standard for "unauthorized access" to a computer.
To secure conviction, Waldinger and Parrella had to convince jurors Nosal did not have Korn/Ferry’s permission to access its computer system for any purpose. They pointed to evidence that Korn/Ferry cut off Nosal’s username and password in December 2004 and also relied on corporate policies prohibiting employees from sharing passwords.
Nosal’s lawyers did not call any witnesses. Instead, they cast the prosecution as a witch hunt led by Korn/Ferry to thwart a rival. Defense attorneys insisted Nosal had authorization to use Searcher for his work as an independent contractor and argued the material Nosal allegedly took from Korn/Ferry would not qualify for trade secret protection.
None of the jurors would discuss the group’s deliberations.
Riordan said the case turns on legal questions and does not involve much dispute over the facts. That, Riordan said, makes the jury’s verdict far from the final word. Chen has not yet ruled on a motion for acquittal filed last week by the defense.
"This is a very legally complicated case," Riordan said. "We’re as much convinced as we ever were that under the law these were not trade secrets, that under the law this was not computer hacking under the CFAA."
Still, Wednesday’s verdict was met with interest by two groups of lawyers. Critics of the CFAA considered the federal prosecution a wrongful application of an anti-hacking statute to a dispute between an employer and a former employee. Meanwhile, civil attorneys who represent employers insist the law should protect their clients from being robbed of valuable data.
Paul Hastings partner Bradford Newman, chair of the firm’s employment practice, said the verdict delivered the message that using a misappropriated password to gain access to a company’s computer system is unauthorized access under the CFAA.
"The jury employed common sense," Newman said. "For those of us who spend our careers trying to protect data, this was the correct result."
Contact the reporter at email@example.com.