The trouble is just starting for the ex-Twitter contractor who deleted President Donald Trump’s account

President Donald Trump speaks before signing bills in the Diplomatic Reception Room at the White House, Friday, June 2, 2017, in Washington. Robert Muller, the special counsel investigating possible ties between President Donald Trump’s campaign and Russia’s government has taken over a separate criminal probe involving former Trump campaign chairman Paul Manafort, and may expand his inquiry to investigate the roles of the attorney general and deputy attorney general in the firing of FBI Director James Comey, The Associated Press has learned. (AP Photo/Alex Brandon)

Despite some onlookers calling him — or her — a hero, the anonymous Twitter employee who pulled the plug on President Donald Trump’s Twitter account Thursday night before leaving the company may want to lawyer up, according to experts on computer law.

Videos by Rare

Whether or not Twitter pursues legal action against its former worker, federal officials could be motivated to prosecute — if only to deter future cases, analysts say.

“If I were this employee, I’d be hiring a good criminal defense lawyer who knows something about the CFAA,” said Paul Ohm, a law professor at Georgetown University.

RELATED: Twitter deletes Trump’s account — but it’s not gone yet

The CFAA — short for the Computer Fraud and Abuse Act — is the federal government’s premiere anti-hacking law. It’s been used, controversially, to go after information activists such as Aaron Swartz as well as former Reuters journalist Matthew Keys. And it gives the government wide latitude to pursue those who have allegedly accessed a computer “without authorization” or in ways that exceed the level of authorization they’ve been given.

“If this was beyond what the employee was authorized to do, one could argue he ‘exceeded authorized access,’ ” said Chris Calabrese, vice president of policy at the Center for Democracy and Technology. He added: “[That’s] a phrase we’ve critiqued, because it empowers private actors to exercise criminal penalties over what are essentially contractual/civil disputes.”

How much legal risk does Twitter’s former employee really face in light of this law? That depends on a number of factors, chief among them being how difficult Twitter makes it for employees to deactivate user accounts.
Under one theory, the worker may not have violated the CFAA if Twitter’s internal policies on the matter were lax or nonexistent. But the employee could be in much greater jeopardy if Twitter’s policies were much more strict.

“If they have layer after layer of training and passwords and signs on the wall that say, ‘Do not delete accounts without permission or out of spite,’ ” said Ohm, “if they have anything like that, it becomes a much more prosecutable offense.”

Some reports suggest that while Twitter has some safeguards against employer misuse, the policies are not as robust as they could be. According to BuzzFeed, hundreds of Twitter employees have been given the permissions to unilaterally deactivate accounts, while still more workers can independently suspend accounts. Additional measures — perhaps requiring multiple people to sign off on the deletion of an account — were contemplated at one point, but were never put in place, BuzzFeed said, citing a former senior Twitter employee.’

Benjamin Wittes, an expert on surveillance and law enforcement policy who runs the Lawfare blog in coordination with the Brookings Institution, said he agrees with many information security practitioners – the former Twitter employee is not safe.

At the very least, it seems like it could be a close call.

What do you think?

A trio of Houston Astros appeared on “Saturday Night Live” last night during a hilarious segment

There’s a really sad statistic about shooting deaths, influenced by Chicago