X

Police blotter: Was union official hacking?

A federal judge weighs allegations of computer hacking in a nasty dispute between two labor unions.

Declan McCullagh Former Senior Writer
Declan McCullagh is the chief political correspondent for CNET. You can e-mail him or follow him on Twitter as declanm. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.
See full bio
Declan McCullagh
2 min read
"Police blotter" is a weekly report on the intersection of technology and the law. This episode: Computer hacking allegations flare in a bitter dispute between flight attendants' unions.

What: A local treasurer of a flight attendants' union is accused of misusing her account to access the union's membership list on behalf of a rival.

When: Case decided Sept. 16 by the U.S. District Court in Maryland.

Outcome: Judge ruled that no unlawful computer access took place.

What happened: When Bonnie Werner-Masuda was the secretary of a local lodge that's part of the International Association of Machinists and Aerospace Workers, she allegedly performed more than 10,000 searches on the union's password-protected "VLodge" Web site.

Those searches, according to the IAM, were attempts to glean members' contact information on behalf of a rival union that was hoping to represent Continental and ExpressJet flight attendants. Werner-Masuda is now interim president of that rival group, called the Union of Independent Flight Attendants.

Bonnie Werner-Masuda
Credit: UIFA
Bonnie Werner-Masuda
Interim president, UIFA

IAM said that after it discovered that Werner-Masuda's account was being used, it filed a lawsuit naming her and the Union of Independent Flight Attendants as defendants. The suit alleged that she violated the Stored Wire and Electronic Communications and Transactional Records Access Act (18 U.S.C. 2701) and the Computer Fraud and Abuse Act (18 U.S.C. 1030).

Both federal laws, however, prohibit only activity involving unauthorized access--so Werner-Masuda naturally argued that she was fully authorized to view the union's membership list. The IAM, on the other hand, argued that all union officers signed an agreement "not to use the information provided through VLodge for any purpose that would be contrary to the policies and procedures established by the (IAM) Constitution."

U.S. District Judge Deborah Chasanow sided with Werner-Masuda, noting that a similar case in 2000 involving access to Kmart's databases also found no violation of federal law. The reason, Chasanow ruled, is that the two laws at issue prohibit only unauthorized access--not authorized access to the database, no matter how malicious or larcenous the reason.

As a result, Chasanow dismissed the computer-hacking claims and closed the case.

Excerpt from the judge's opinion: "Plaintiff does not allege, nor could it, that Werner-Masuda was a 'hacker' or 'outsider' who, without authorization, gained access to the information contained in VLodge. The complaint explicitly states that Werner-Masuda was authorized to access not only VLodge, but the membership list contained therein...It is undisputed (that) Werner-Masuda was authorized to access VLodge and to use such access to obtain the information on the membership list. Thus, under the plain language of the statute, she did not exceed her authorized access by accessing and/or obtaining plaintiff's membership information."