The Consumer Fraud and Abuse Act, 18 U.S.C. §1030 (CFAA) is a federal statute that imposes criminal penalties and provides for a civil cause of action against individuals who obtain information from a computer by intentionally accessing the computer without authorization or by exceeding authorized access. The statute has been used to criminally prosecute and bring civil actions for damages and losses against employees who have misappropriated their employers’ trade secrets or other confidential information. Those damages and losses may include attorneys’ fees expended by the employer to investigate violations of the statute. In its recent opinion in Van Buren v. United States, the United States Supreme Court resolved a disagreement among the lower federal courts over the scope of the CFAA’s “exceeds authorized access” clause. Does an employee with authorized access to his employer’s computers “exceed authorized access” only when accessing specific computer files the employee has not been authorized to access, or does the employee also “exceed authorized access” when accessing files for which the employee has authorization, but uses the information for an unauthorized purpose? In Van Buren, the Supreme Court ruled in favor of the more limited scope of the “exceeds authorized access” clause. Background When employed as a police officer in Georgia, Nathan Van Buren was the target of an...
Tagged: Computer Fraud and Abuse Act
Every now and then, a court issues a decision that is as interesting for its facts as it is for the import of its legal holding. The Second Circuit Court of Appeals recently issued such a decision involving application of the respective statutes of limitation for private claims made under the Stored Communications Act (“SCA”) and the Computer Fraud and Abuse Act (“CFAA”).
Trade Secrets Theft by Former Employee Results in a Criminal Conviction Under the Federal Computer Fraud and Abuse Act but Still Leaves Uncertainty Over the Scope of the Act
In United States v. Nosal, a federal jury in California convicted a former employee of Korn/Ferry for violating the Computer Fraud and Abuse Act (“CFAA”). The evidence showed that the defendant directed his co-conspirators within the firm to use a borrowed password to gain access to trade secrets to be used in establishing their own business. The use of the borrowed password was critical to the successful prosecution under the CFAA because earlier in the case the Ninth Circuit Court of Appeals issued an opinion that narrowly interpreted the statute to prohibit only “unauthorized procurement or alteration of information, not its misuse or misappropriation.” The significant aspect of the Ninth Circuit’s interpretation of the CFAA in Nosal is the Court’s conclusion that a violation of the statute does not occur merely because an employee initially uses his authorized access to obtain his employer’s proprietary information even if he does so with the intent to misappropriate it. Presumably, had Nosal’s co-conspirators who accessed the computerized information in question been able to do so using their own passwords, there would have been no “unauthorized procurement” in violation of the CFAA.
A Federal District Court recently refused to dismiss a complaint for lack of subject matter jurisdiction because, among several state law claims, the plaintiff – the individual defendant’s former employer – also asserted a claim under the Federal Computer Fraud and Abuse Act (CFAA). In NouvEON Tech. Partners, Inc. v. McClure, No. 3:12-CV-633-FDW-DCK, 2013 U.S. Dist. LEXIS 29208 (March 5, 2013), a North Carolina Federal District Court denied defendants’ Rule 12(b)(1) motion to dismiss, for lack of subject matter jurisdiction, a myriad of state law claims filed by NouvEON against its former employee (McClure) and her new employer (Smarter Systems).
Taking Over Former Employee’s LinkedIn Account Not a Violation of Federal Law, According to Pennsylvania District Court
A Pennsylvania Federal District Court has decided that an employer did not violate the Federal Computer Fraud and Abuse Act (“CFAA”) or the Federal Lanham Act, when it took control of a departed employee’s LinkedIn account. The Court ruled that (1) the CFAA, which in part prohibits unauthorized access to a computer with the intent to defraud, did not come into play and (2) no trademark infringement in violation of the Lanham Act had occurred.
The Computer Fraud and Abuse Act (“CFAA”) is a federal law that, in part, makes it a crime to access a computer in an unauthorized manner. In the employment context, the statute has proven valuable in protecting confidential and proprietary information that employees can access on their employers’ electronic systems. Recent decisions by the United States Courts of Appeals for the Ninth and Third Circuits emphasize the breadth of the CFAA’s application to the workplace.