Police blotter: Was union official hacking?
A federal judge weighs allegations of computer hacking in a nasty dispute between two labor unions.
What: A local treasurer of a flight attendants' union is accused of misusing her account to access the union's membership list on behalf of a rival.
When: Case decided Sept. 16 by the U.S. District Court in Maryland.
Outcome: Judge ruled that no unlawful computer access took place.
What happened: When Bonnie Werner-Masuda was the secretary of a local lodge that's part of the International Association of Machinists and Aerospace Workers, she allegedly performed more than 10,000 searches on the union's password-protected "VLodge" Web site.
Those searches, according to the IAM, were attempts to glean members' contact information on behalf of a rival union that was hoping to represent Continental and ExpressJet flight attendants. Werner-Masuda is now interim president of that rival group, called the Union of Independent Flight Attendants.
Interim president, UIFA
IAM said that after it discovered that Werner-Masuda's account was being used, it filed a lawsuit naming her and the Union of Independent Flight Attendants as defendants. The suit alleged that she violated the Stored Wire and Electronic Communications and Transactional Records Access Act (18 U.S.C. 2701) and the Computer Fraud and Abuse Act (18 U.S.C. 1030).
Both federal laws, however, prohibit only activity involving unauthorized access--so Werner-Masuda naturally argued that she was fully authorized to view the union's membership list. The IAM, on the other hand, argued that all union officers signed an agreement "not to use the information provided through VLodge for any purpose that would be contrary to the policies and procedures established by the (IAM) Constitution."
U.S. District Judge Deborah Chasanow sided with Werner-Masuda, noting that a similar case in 2000 involving access to Kmart's databases also found no violation of federal law. The reason, Chasanow ruled, is that the two laws at issue prohibit only unauthorized access--not authorized access to the database, no matter how malicious or larcenous the reason.
As a result, Chasanow dismissed the computer-hacking claims and closed the case.
Excerpt from the judge's opinion: "Plaintiff does not allege, nor could it, that Werner-Masuda was a 'hacker' or 'outsider' who, without authorization, gained access to the information contained in VLodge. The complaint explicitly states that Werner-Masuda was authorized to access not only VLodge, but the membership list contained therein...It is undisputed (that) Werner-Masuda was authorized to access VLodge and to use such access to obtain the information on the membership list. Thus, under the plain language of the statute, she did not exceed her authorized access by accessing and/or obtaining plaintiff's membership information."