After the theft was discovered, Nosal was indicted on 20 counts, including mail fraud, trade secret theft and violations of the CFAA. He was accused under CFAA of aiding and abetting his former colleagues to exceed their authorized access on the Korn/Ferry system. Nosal appealed the CFAA charges, contending that the law applied only to external hackers and not to individuals who misused data after obtaining it in an authorized fashion.

His appeal was originally dismissed by the district court. The court held than individuals who accessed a computing with the intention to defraud were in fact exceeding their authorized access to the system.

Nosal filed a second appeal seeking to dismiss the CFAA charges after a Ninth Circuit decision in a separate case involving similar unauthorized access charges. That case involved an individual named Christopher Brekka, who was accused by his employer LVRC Holdings, LLC of accessing the company's computers without proper authorization, both while he was an employee and later after he had left the firm. The appellate court ruled that Brekka did not violate CFAA provisions through his actions, even when he accessed LVRC's computers and emailed confidential documents to himself and his wife just prior to leaving the company.

The court held that Brekka had been authorized to use the computer and had been entitled to access the documents and therefore could not be charged of exceeding his access rights.

The district court upheld Nosal's second motion to dismiss the CFAA charges, after the Brekka ruling. The government filed an appeal following that decision. Kozinski last week offered the same rational used in the Brekka case to dismiss the government's appeal.