Cybersecurity, moral panics and the law of confidential information

Abstract

This paper is about the trend to criminalisation of the protection of confidential information, and its justifications. In New Zealand as elsewhere, fears of foreign hackers and of breaches of national cybersecurity have been used to create a form of moral panic, justifying the extension of electronic surveillance by national security services. These same fears have also been used to justify the extension of the criminal law to the protection of confidential information and trade secrets. In the United States and in New Zealand, criminal offences have been creating prohibiting the taking of trade secrets, along with criminal offences relating to computer misuse. However, United States cases have involved United States employees, and in New Zealand these provisions have not led to prosecutions of foreign hackers, and such prosecutions would raise practical difficulties in any event. Employees and ex-employees appear to be much more likely defendants. This paper discusses selected recent cases of theft of information by employees in knowledge-based industries in the United States, focusing particularly on cases involving scientists. New Zealand has as yet had few cases, but the paper discusses a recent case raising similar issues in a New Zealand context. The paper argues that the availability of the criminal law in these cases creates excessive risks for individual employees and more broadly for employee mobility and the sharing of information, particularly in the science-based industries.