A prominent attorney for cybersecurity issues has this advice to the unnamed Twitter worker said to have pulled the plug on President Trump's Twitter account: "Don't say anything and get a lawyer."
Tor Ekeland told The Hill that while the facts of the case are still unclear and the primary law used to prosecute hackers is murky and unevenly applied, there is a reasonable chance the Twitter worker violated the Computer Fraud and Abuse Act.
Twitter announced Thursday evening that "a Twitter customer support employee ... on the employee’s last day" intentionally cut off service to President Trump's Twitter account. Service was restored in 11 minutes.
On Friday, The New Yor Times reported that the worker was a hired contractor.
The outage of Trump tweets was met with celebration and disgust from either side of the partisan divide.
The legislation states that unauthorized use of a "protected" computer system is against the law. The definition of protected is very broad and in practice could refer to any computer.
"If this happened in California, where Twitter is headquartered if they were no longer an employee at the time — particularly if their employment had been terminated — or if they had not been authorized to suspend or delete accounts, they could have broken the law," said Ekeland.
The Computer Fraud and Abuse Act is widely considered to be, as Ekeland explained it, "a mess."
Various courts around the country have come up with seemingly contradictory rulings on what unauthorized access actually means. Ekeland said the Ninth Circuit, covering the state of California, has itself issued rulings at odds with itself that would have an impact on the Trump twitter account fiasco as a potential case.
The Ninth Circuit ruled that employees do not violate the law if they exceed their workplace computer policies. It has also ruled that employees who have been told they do not have permission to access a system cannot legally access it. Depending on which ruling a court leans on the hardest, a current Twitter employee without permission to shutter accounts may have violated the law by nixing Trump's account.
An employee who was tasked with monitoring accounts and given the ability to suspend them would have a good case that no law was broken, said Ekeland. An employee whose time at the company had technically ended would have the least to argue with.
"The employee could be in a lot of trouble. This was not just unauthorized access, but damage," said Ekeland, noting that causing $5,000 worth of damage could carry a 10-year prison sentence. With the amount of traffic Trump's tweets garner for Twitter's business, that could be fairly easy to prove.
The Computer Fraud and Abuse Act is both a criminal and civil statute, which could also open up the contractor for a potential lawsuit.
But there are a lot of questions still to answer before anyone could make a thorough analysis of what laws were broken. Even with the facts, the conflicting Ninth Circuit opinions can make the analysis difficult.
"You will probably see this as a law school exam question this year," said Ekeland.
- This report was updated at 2:26 p.m.